General Boards > Off Topic

Can bus now been hacked for vehicle theft

(1/4) > >>

yvesjv:
This on the geek channels, its quite a good read on how smart the crooks are evolving into
https://www.theregister.com/2023/04/06/can_injection_attack_car_theft

voids:
Quite smart actually.  but the reality is most car thieves our way are just opportunistic or break into houses and steel keys that are easily found.   

cant speak for the later Isuzus but the Ist gen Mux doesn't have canbus in the exterior lighting circuts.

Either way even if they do get my keys wont be starting mine too easy unless they know where the hidden switch is.   

mewgaf:
Not very surprising.
Car electronics are about as sophisticated as computers in the 70’s and 80’s.
I worked in IT security for a long time after being a motor mechanic.
The CAN Bus has no protection and getting added user function is more important.
Like I want to start my car and have it warm or remote open doors or wind down windows from any part of the world.

wj957:
Worse than that, most cars today, keyless or not, have a RF function within the key or fob.

Today sensitive devices can pick up the RF signal from your key/fob whilst parked in front of your house, and your keys sitting on the kitchen bench etc.

With that code they can transmit a signal to unlock your car and start it, all while you watch TV or sleep.

The answer, KEEP YOUR KEYS IN AN RFID POUCH! (about $15 on the web)

rockfall:
Not overly familiar with CAN bus protocols but did quick search, and as mewgaf said, it seems to lack security. There's a focus on integrity (i.e. messages sent within the vehicle have not been corrupted) rather than security (rejecting messages injected by an attacker). These types of attacks are probably rare enough that manufacturers can keep skimping.

I don't think RFID is needed. I'm sure modern keys (like garage door openers) use a different code each time they are used. That doesn't mean they are invulnerable, but more than just a simple record/playback would be needed.

If the car has keyless entry, maybe an attacker could send a signal pretending to be the car and try to capture what the key sends back in response, but again these codes are probably only used once. Sounds like a fairly sophisticated attack, if it's feasible at all.

Navigation

[0] Message Index

[#] Next page