Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Criminal. Show all posts

Emerging Technology Facilitating Increased Vehicle Thefts and Accidents by Criminals

 

The automotive industry is abuzz with discussions about the "Internet of vehicles" (IoV), which envisions a network of interconnected cars and other vehicles capable of sharing data via the Internet. The goal is to revolutionize transportation by enhancing its autonomy, safety, and efficiency.

IoV has the potential to empower vehicles to identify obstacles, traffic congestion, and pedestrians. It could also facilitate precise vehicle positioning, potentially leading to autonomous driving and streamlined fault diagnosis. This concept is already manifesting to some extent through smart motorways, where technology is deployed to optimize motorway traffic management.

However, the realization of a more advanced IoV necessitates the integration of additional sensors, software, and technology into vehicles and the surrounding road infrastructure. Modern cars are already equipped with an array of electronic systems, ranging from cameras and mobile connectivity to infotainment setups.

Nevertheless, the proliferation of these systems comes with security concerns. Certain vulnerabilities could render vehicles susceptible to theft and malicious attacks as criminals exploit weaknesses in this burgeoning technology. In fact, instances of such exploitation are already being observed.

A common security measure to guard against car theft is the use of smart keys. These keys possess a button that deactivates the vehicle's immobilizer—a device preventing unauthorized starting—enabling the car to be driven. However, thieves have discovered a method to bypass this security measure using a handheld relay tool. By collaborating, one person stands near the car while the other stays in proximity to the key, often near the owner's residence. 

The tool captures the key's signal and relays it to the car, tricking it into thinking the key is nearby. This kind of theft, which typically occurs at night, can be facilitated with relay equipment readily available online for a modest sum. Protective measures such as Faraday bags or cages are employed to counteract such attacks.

Now, a more advanced attack technique is emerging—referred to as a "CAN (Controller Area Network) injection attack." This approach involves establishing a direct connection to the vehicle's internal communication system, the CAN bus. Criminals attempt to access this system by manipulating the front lights of the vehicle, usually requiring the manipulation of the bumper to insert a CAN injector.

This enables the thieves to send fraudulent messages to the car, convincing it that they are from the legitimate smart key and subsequently disabling the immobilizer. Once access is gained, the thieves can start the engine and drive away with the vehicle.

To counteract the rising threat of vehicle theft, manufacturers are adopting innovative strategies. One such approach involves a "zero trust" philosophy, which involves scrutinizing and verifying all received messages. Hardware security modules are being incorporated into vehicles to generate cryptographic keys, enabling data encryption and decryption as well as digital signature verification.

While this mechanism is being increasingly integrated into new vehicles, retrofitting existing cars is impractical due to time and cost constraints, leaving many vehicles susceptible to CAN injection attacks.

Another security consideration is the vulnerability of the onboard computer system, often referred to as the "infotainment system." Attackers can potentially exploit this system using "remote code execution" to inject malicious code into the vehicle's computer. Such attacks can manipulate various car components, including the engine and wheels, with potentially catastrophic consequences.

Hence, it's crucial for vehicle owners with infotainment systems to grasp fundamental security mechanisms to shield themselves from potential hacking endeavours. 

The spectre of a surge in vehicle thefts and insurance claims stemming from CAN attacks underscores the need for a balanced approach between the advantages of IoV—such as enhanced safety and improved recovery of stolen vehicles—and the associated risks.