CAR HACKING: Hackers Driving Your Car.
Car hacking may sound like something out of the latest Die Hard or James Bond film, but it’s real and likely to happen much more regularly in the future. We will know about this emerging trend. For Security purpose not to teach you 😉 .
While car hacking may be headline news these days, the vulnerabilities associated with them go back by as much as half a decade. Now days automobiles being equipped with more and more technology, cyber-criminals can infiltrate virtually any electronic control unit and leverage this ability to completely circumvent a broad array of safety-critical systems.
Wirelessly unlocking your car is convenient, but it comes at a price. The increasing number of key less cars on the road has led to a new kind of crime — key fob hacks! a key fob’s signal is now easy for criminals to intercept or block & transmit. Imagine a thief opening your car and driving away with it without any alarms!
Relay Attack:
Always-on key fobs present a serious weakness in your car’s security. As long as your keys are in range, anyone can open the car and the system will think it’s you.
However, criminals can get relatively cheap relay boxes that capture key fob signals up to 300 feet away, and then transmit them to your car.
Here’s how this works. One thief stands near your car with a relay box while an accomplice scans your house with another one. When your key fob signal is picked up, it is transmitted to the box that’s closer to your car, prompting it to open.
Safety Tip:- Wrap your key fob in foil or use signal blocking pouse while not using the key fob.
Keyless Jamming:
In this scenario, the thief will block your signal so when you press lock button from your key fob, it won’t actually reach your car and your doors will remain unlocked. The thief can then have free access to your vehicle.
Safety Tip:- To prevent this from happening to you, always manually check / lock your car doors before stepping away.
Roll Jamming or Replay Attack:
Here an attacker follows this scenario [Jam+Listen(1), Jam+Listen(2), Replay(1)]. First he will block your "unlock request" from your car’s keyfob and intercept that rolling code(lets say Code-1), because of blocking your car doesn’t response & you will be pressing again unlock button to be unlocked your car’s door. But again attacker will be intercepting that code (Code-2), Now Attacker has two codes(Code-1 and 2) that you pressed earlier. After getting both code he will transmit Code-1 to your Car and it will response with door opened. Now attacker can use Code-2 in future or after sometimes to open your car’s door.
Safety Tip:- Don't use keyfob mainly in public places or less use of keyfob.
CAN-Bus Exploitation:
Did you know that virtually every car has an onboard diagnostics (OBD) port? This is an interface that allows mechanics to access your car’s data to read error codes, statistics and even program new keys.
Controller Area Network aka CAN is the central nervous system that enables communication between all/some parts of the car. CAN allows various electronic units in cars to communicate and share data with each other. The motive of CAN is that it allowed multiple ECU to be communicated with only a single wire. A modern car can have as much as 70 ECUs. In a car, you can have components like Engine Control Unit, Airbags, Transmission, Gear Unit, Anti-lock braking system or simply ABS, infotainment systems, climate control, Windows, doors, etc. It means if someone get into this he can control all of these system in car.
And in order to access CAN just we need to have access to the onboard diagnostic port[OBD]. This is located somewhere near the passenger’s seat or driver’s seat or downside of steering . And this should be accessible without the need of a screwdriver. Now an attacker can plug USB2CAN cable or ELM327 [bluetooth based device] into OBD-II port and their laptop in order to sniff CAN Packets. Once they have access into CAN they can do whatever in your car like stealing, controlling over doors, speed and so on. It's really very dangerous.
Safety Tip:- Pretty much every car uses CAN, this is mandated by law so CAN is not going anywhere soon. Also, CAN bus was not developed keeping modern security in mind. Always check OBD Port before starting your Car.
That's all for this time, Hope you guys are now aware about Car Hacking and protect yourself or your car from being stolen or controlled by someone else. Thanks!
Connect with me on Social Media:
Also Follow RESETHACKERS on Instagram.
