Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Keyless Cars. Show all posts

Thieves Use JBL Speakers to Hack Cars with Keyless Entry

Car theft has been an ongoing problem for decades, but now, thieves have found a new way to bypass modern car security systems using hacking tools disguised as JBL portable speakers. This emerging trend highlights the importance of cybersecurity in the automotive industry and the need for manufacturers to improve the security of their products.

According to a recent report by TechSpot, car thieves are using these hacking tools to gain access to vehicles equipped with keyless entry systems. They target the key fob's wireless communication system and use a device disguised as a JBL portable speaker to inject code into the car's system, allowing them to start the engine and drive away.

Kentindell, a cybersecurity researcher, revealed that this technique is possible due to a vulnerability in the communication protocol used by the key fob and the car. The vulnerability allows attackers to inject code into the system and bypass the security measures designed to prevent unauthorized access. Thieves have been using this technique to steal luxury cars such as BMWs and Mercedes, which are often targeted due to their high resale value. The devices used to execute these hacks can be purchased easily online for as little as $30, making it a low-cost and accessible method for criminals.

The use of hacking tools disguised as JBL portable speakers is just one example of the increasing threat of cyber attacks in the automotive industry. As cars become more connected and reliant on technology, the risk of cyber-attacks increases. This is particularly concerning in the case of autonomous vehicles, where a cyber attack could have severe consequences.

To address this issue, car manufacturers need to improve the security of their products and work with cybersecurity experts to identify vulnerabilities in their systems. Additionally, car owners should take steps to protect their vehicles, such as storing key fobs in a secure location and keeping their software and firmware up to date.




European Police Arrest a Group That Hacked Wireless Key Fobs to Steal Cars

 

Europe Police have arrested 31 people for alleged involvement in a sophisticated plot to steal connected vehicles. 

Police from France, Spain, and Latvia collaborated with Europol and the European judicial cooperation agency Eurojust to search 22 locations and seize more than €1 million in criminal assets. Car thieves targeted two unnamed French car manufacturers, replacing legitimate software loaded onto vehicles with a tool marketed as a "automotive diagnostic solution." 

According to Europol, this allowed them to open the doors and start the ignition without using the key fob. Other details are limited at this point, presumably to prevent copycat attacks. However, authorities arrested not only some of the suspected car thieves but also the suspected malware developers and resellers.

It's unclear whether the hacking tool was created by a single group and then used to steal cars, or if it was primarily sold to other criminal gangs.

The French Gendarmerie's Cybercrime Centre (C3N) launched the investigation, but Europol claimed to have been supporting the case since March 2022 with "extensive analysis and the dissemination of intelligence packages" to all affected countries. That would seem to imply that gangs from different jurisdictions used the same tools to gain access to and steal vehicles from the targeted manufacturers.

Europol also shared a screenshot of a domain seizure notice, which reads, "This service has been seized by the Gendarmerie Nationale cyberspace command under the authority of the French Paris Prosecutor's Office."

This implies that the hacking tool in question was being sold online to third parties. Although much research has been conducted in recent years on the potential threat to car safety from keyless entry attacks, there have been few notable real-life cases.

Honda Key Fob Flaw Allows Hackers to Start Car Remotely

 

Cybersecurity researchers have disclosed a security bug in Honda’s keyless entry system that could allow hackers to remotely unlock and start potentially all models of Honda cars. 

Over the weekend, researchers Kevin2600 and Wesley Li from Star-V Lab published a technical report and videos on a vulnerability, dubbed Rolling-PWN, in the rolling codes mechanism of the remote keyless system of Honda cars, which enabled them to open car doors without the key fob present. 

The vulnerability is tracked as CVE-2021-46145 (medium severity) and is described as an issue "related to a non-expiring rolling code and counter resynchronization" in the keyfob subsystem in Honda. 

The keyless entry system in modern cars depends on the rolling codes mechanism generated by a pseudorandom number generator (PRNG) algorithm, ensuring that unique strings are employed each time the keyfob button is pressed. 

“Vehicles have a counter that checks the chronology of the generated codes, increasing the count upon receiving a new code. Non-chronological codes are accepted, though, to cover situations of accidental presses of the keyfob, or when the vehicle is out of range,” researchers explained. 

The researchers identified that the counter in Honda vehicles is resynchronized when the car vehicle gets lock/unlock commands in a consecutive sequence, causing the car to accept codes from previous sessions that should have been invalidated. 

The hacker equipped with software-defined radio (SDR) equipment can capture a consecutive sequence of codes and replay them at a later time to unlock the vehicle and starts its engine. 

The vulnerability is believed to affect all Honda vehicles on the market, but the researchers examined the attack on the 10 most popular models of Honda of the last decade including Civic 2012, X-RV 2018, C-RV 2020, Accord 2020, Odyssey 2020, Inspire 2021, Fit 2022, Civic 2022, VE-1 2022, and Breeze 2022. 

“We can confirm researcher claims that it is possible to employ sophisticated tools and technical know-how to mimic Remote Keyless commands and gain access to certain vehicles or ours. However, while it is technically possible, we want to reassure our customers that this particular kind of attack, which requires continuous close-proximity signal capture of multiple sequential RF transmissions, cannot be used to drive the vehicle away. Furthermore, Honda regularly improves security features as new models are introduced that would thwart this and similar approaches,” Honda’s spokesperson stated.