car theft

teslas-can-still-be-stolen-with-a-cheap-radio-hack-despite-new-keyless-tech

Teslas can still be stolen with a cheap radio hack despite new keyless tech

car theft, Cars, model 3, relay attack, syndication, Tesl / /
New Tesla electric vehicles fill the car lot at the Tesla retail location on Route 347 in Smithtown, New York on July 5, 2023.

Enlarge / Tesla sold 1.2 million Model Y crossovers last year.

John Paraskevas/Newsday RM via Getty Images

For at least a decade, a car theft trick known as a “relay attack” has been the modern equivalent of hot-wiring: a cheap and relatively easy technique to steal hundreds of models of vehicles. A more recent upgrade to the radio protocol in cars’ keyless entry systems known as ultra-wideband communications, rolled out to some high-end cars including the latest Tesla Model 3, has been heralded as the fix for that ubiquitous form of grand theft auto. But when one group of Chinese researchers actually checked whether it’s still possible to perform relay attacks against the latest Tesla and a collection of other cars that support that next-gen radio protocol, they found that they’re as stealable as ever.

In a video shared with WIRED, researchers at the Beijing-based automotive cybersecurity firm GoGoByte demonstrated that they could carry out a relay attack against the latest Tesla Model 3 despite its upgrade to an ultra-wideband keyless entry system, instantly unlocking it with less than a hundred dollars worth of radio equipment. Since the Tesla 3’s keyless entry system also controls the car’s immobilizer feature designed to prevent its theft, that means a radio hacker could start the car and drive it away in seconds—unless the driver has enabled Tesla’s optional, off-by-default PIN-to-drive feature that requires the owner to enter a four-digit code before starting the car.

Jun Li, GoGoByte’s founder and a longtime car-hacking researcher, says that his team’s successful hack of the latest Model 3’s keyless entry system means Tesla owners need to turn on that PIN safeguard despite any rumor that Tesla’s radio upgrade would protect their vehicle. “It’s a warning for the mass public: Simply having ultra-wideband enabled doesn’t mean your vehicle won’t be stolen,” Li says. “Using relay attacks, it’s still just like the good old days for the thieves.”

Relay attacks work by tricking a car into detecting that an owner’s key fob—or, in the case of many Tesla owners, their smartphone with an unlocking app installed—is near the car and that it should therefore unlock. Instead, a hacker’s device near the car has, in fact, relayed the signal from the owner’s real key, which might be dozens or hundreds of feet away. Thieves can cross that distance by placing one radio device near the real key and another next to the target car, relaying the signal from one device to the other.

Thieves have used the relay technique to, for instance, pick up the signal of a car key inside a house where the owner is sleeping and transmit it to a car in the driveway. Or, as GoGoByte researcher Yuqiao Yang describes, the trick could even be carried out by the person behind you in line at a café where your car is parked outside. “They may be holding a relay device, and then your car may just be driven away,” Yang says. “That’s how fast it can happen, maybe just a couple seconds.” The attacks have become common enough that some car owners have taken to keeping their keys in Faraday bags that block radio signals—or in the freezer.

Teslas can still be stolen with a cheap radio hack despite new keyless tech Read More »

canada-declares-flipper-zero-public-enemy-no.-1-in-car-theft-crackdown

Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown

Biz & IT, Canada, car theft, Cars, flipper zero, hacking, Policy, radio, Security / /

FLIPPING YOUR LID —

How do you ban a device built with open source hardware and software anyway?

A Flipper Zero device

Enlarge / A Flipper Zero device

https://flipperzero.one/

Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1 in his new crackdown on car theft: the Flipper Zero, a $200 piece of open source hardware used to capture, analyze and interact with simple radio communications.

On Thursday, the Innovation, Science and Economic Development Canada agency said it will “pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.” A social media post by François-Philippe Champagne, the minister of that agency, said that as part of the push “we are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes.”

In remarks made the same day, Trudeau said the push will target similar tools that he said can be used to defeat anti-theft protections built into virtually all new cars.

“In reality, it has become too easy for criminals to obtain sophisticated electronic devices that make their jobs easier,” he said. “For example, to copy car keys. It is unacceptable that it is possible to buy tools that help car theft on major online shopping platforms.”

Presumably, such tools subject to the ban would include HackRF One and LimeSDR, which have become crucial for analyzing and testing the security of all kinds of electronic devices to find vulnerabilities before they’re exploited. None of the government officials identified any of these tools, but in an email, a representative of the Canadian government reiterated the use of the phrase “pursuing all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry.”

A humble hobbyist device

The push to ban any of these tools has been met with fierce criticism from hobbyists and security professionals. Their case has only been strengthened by Trudeau’s focus on Flipper Zero. This slim, lightweight device bearing the logo of an adorable dolphin acts as a Swiss Army knife for sending, receiving, and analyzing all kinds of wireless communications. It can interact with radio signals, including RFID, NFC, Bluetooth, Wi-Fi, or standard radio. People can use them to change the channels of a TV at a bar covertly, clone simple hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and, until Apple issued a patch, send iPhones into a never-ending DoS loop.

The price and ease of use make Flipper Zero ideal for beginners and hobbyists who want to understand how increasingly ubiquitous communications protocols such as NFC and Wi-Fi work. It bundles various open source hardware and software into a portable form factor that sells for an affordable price. Lost on the Canadian government, the device isn’t especially useful in stealing cars because it lacks the more advanced capabilities required to bypass anti-theft protections introduced in more than two decades.

One thing the Flipper Zero is exceedingly ill-equipped for is defeating modern antihack protections built into cars, smartcards, phones, and other electronic devices.

The most prevalent form of electronics-assisted car theft these days, for instance, uses what are known as signal amplification relay devices against keyless ignition and entry systems. This form of hack works by holding one device near a key fob and a second device near the vehicle the fob works with. In the most typical scenario, the fob is located on a shelf near a locked front door, and the car is several dozen feet away in a driveway. By placing one device near the front door and another one next to the car, the hack beams the radio signals necessary to unlock and start the device.

Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown Read More »