171 comments

[ 3.6 ms ] story [ 313 ms ] thread
curious if this is just against legacy car makers or whether it also works against tesla, rivian, lucid (or any other almost software first car company). presumably not?
What makes you think that software companies would do better?

Wasnt the mindset of computer security that "if they can access the hardware then it is over"?

I don't think he's assuming that Tesla (etc.) cars are more secure, just that they're different, and so would need different tools.
A quick Google suggests the Tesla S, X, 3, and Y all have multiple CAN buses (https://teslatap.com/modifications/extracting-internal-vehic...)
Nearly everything has multiple can busses because CAN is too slow for many/most usecases nowadays. Some car manufacturers you can even feel the random lag in everything from the accelerator to the brake lights due to the canbus being so full it adds a half second delay before updating everything.

Automotive ethernet is faster and might be back to a single bus...

iOS is pretty resilient these days, unless you happen to have a zeroday ready.
Because the kind of vulnerability being exploited here is basic "software engineering 101" that even a non-technical person should be able to figure out. It's the equivalent of putting something in a safe and then duct-taping the key to the safe itself.
i don't know anything about how cars work but the article says "At the moment, impacted vehicles are generally wide open to these sorts of attacks. The only proper fix would be to introduce cryptographic protections to CAN messages, Tindell told Motherboard in an email. This could be done via a software update, he added"

and i'm kinda expecting software first companies to already have this stuff in place? also stolen car media seems to focus on legacy autos being stolen not so much the newer ones, hence the question but maybe the theives target better build quality, who knows.

Technical crux:

``` the attack, called CAN (controller area network) injection, works by sending fake messages that look as if they come from the car’s smart key receiver, the research continues. The underlying issue is that vehicles trust these messages without verifying them. Once the thieves have accessed the necessary cables by removing the headlights, they can use their device to send these messages, it adds. ```

stone age in car security systems.
(comment deleted)
stone age in regulation.

I mean car manufacturers don't pay if a car is stolen, they benefit because someone needs a new car.

With license plate readers, it should be trivial for police to find and arrest thieves. Lack of law enforcement seems to be a problem as well.
How does that work when the car is driven only on a trip measured in minutes to the shop before it is even reported stolen, then is either disassembled in double-digit hours, or packed into a container headed for a 3rd-world country? The entire car is never seen in the country again.

Bonus, even if the car could report itself stolen in real-time and ubiquitous license plate readers were online so it became a significant problem for thieves, how would it defeat the simple measure of slapping on a valid plate with a magnet for the trip to the shop?

I did not think about the cars being stripped for parts quickly. I figured the fake license plates are harder to come by, but that could be an issue too.
Why does the lights need a can bus connector nearby? No serious company put an ethernet port outside the building or use a wifi without encryption. I wonder what lunatics are this car designers/manufacturers .
A car lamp will usually have a few different bulbs/LEDs (daylight running lights, headlights, high beam, indicators also the height adjustment motor), so it's less wiring to run a CAN pair and constant +12V to the fixture, than to wire each light type individually.

I think the light can also report a failed lightbulb to the dashboard.

Some are even more complicated. My car has lights that will track the road going round corners etc. I imagine there are other inputs it requires elsewhere in the car (cameras etc).
My car had that in ... 1987 ... and it was a 13 year old car at the time.
it tracks the road or the position of the steering wheel?
There are afaik already multiple CAN busses in your average car with different data rates, might as well have a separate one for all the risky stuff that's easily accessed? This is some basic security shit.
A problem with the CAN bus is that there is no way to tell what node sends what message on the bus, so you can't have something like a filter that only processes headlight-related messages coming from headlights. I guess you could actually do it, but it would require every node being able to sign their messages, which would add a lot of cost.
The simpler solution would be signed messages over CAN.

Any message sent to a security critical part of the car (eg. the door locks) would be signed by the ECU. The signature would use the current date/time as a nonce to prevent replay attacks. The signing certificate would be pre-programmed in at the factory.

Now anyone can say malicious things over the bus, yet still can never unlock the car.

How would you deal with spare parts, then? If every spare part you swap on your car is able to check and sign messages, then this defeats the purpose. If every spare part needed to be programmed with the private keys, this significantly increases the cost of maintenance and prohibits non-dealers from making such changes. Besides, are the private keys really private when dealers can access them?

ECUs are already tightly paired with immobilizers and dashboards, so they already need to be swapped together. Let's not do this with other parts which frequently break such as lights, locks and windows, please.

Easy, only an authorized dealer can make repairs to the vehicle. After a period of time the manufacturer may elect to no longer authorize any repairs, so as to incentivize the purchase of safer and cleaner automobiles.
Right to not repair
You could allow to pair the part to some central control unit, when the car is unlocked. I don't speak car or cryptographer so so I have no idea about how to go about it, but this seems like a workable solution.
You don't need to sign all messages. Only those coming from the critical component, like the key fob, and the only parts that need to check signatures are the critical ones from the perspective of theft.

Once you replace the key fob, you must reprogram your engine ignition.

What prevents a thief from reprogramming the engine ignition for some other key? The same thing that prevents the thief from starting ignition manually: it's buried in the car. Notice that in this case, thieves rely on CAN buses running in easily accessible places.

If the thief can access your car's ignition directly, you can't stop them anyway.

New spare parts can begin unprogrammed, and then program themselves on first use. This first use wouldn't be secure (it would be vulnerable to MITM attacks), but I believe that would be acceptable to the threat model of a thief attacking a parked car.

Reprogramming of 2nd hand components to a different vehicle might also be possible, but using some procedure which is hard to do from outside the car. For example, short two pins on the back of the lock.

How does that part know that it is being unprogrammed in the car and not in the thieves yard with cracked diagnostic tool?

So basically I need to pretend to be a new part to steal a car. Some common key as an attack vector.

Presumably, if you're able to replace the lock on a locked car with your own, you don't need to fool anything, you're already inside the car.

I guess the attack vector would rather be some unscrupulous mechanic replacing the part with a bogus one that would accept every unlock command, and the thief, in cahoots with said mechanic, would show up and unlock the car once the owner got it back from the shop.

Well the thing is that this is how cars with encrypted immobilizer gets stolen today (deffo not the case of RAV4)

- Open a hood

- Connect new, unprogrammed ECU (no immobilizer loaded)

- You can now start the car without chip in your key

As I see, people are reinventing wheel here, and are creating same problems as OEMs did 10-15 years ago.

Assuming they're willing to break a window or sacrifice the hood and related bodywork to pop it open without a key, is it really so easy to swap an ECU without having to take half the car apart?

My dad used to have a Citroën that would require taking out the whole front bumper assembly to change a freaking light, so it would be beyond stupid to have the ECU easily accessible...

Here Golf Mk7 - https://www.golfmk7.com/forums/index.php?threads/missing-eng...

ECU is on the right side in plastic cage next to a battery.

To get into the car thief will use a relay attack on your key, so no damage to the car will actually occur.

That ECU swap happens only if you have car with keys. If you have keyless car (start/stop button) then you can relay your way into starting engine.

So does a car with keys have somewhat better resistance to these attacks?

Of course, they seem harder and harder to come by for some reason...

That really depends on manufacturer. But in general it is more secure to use 2FA (Wireless link + mechanical token) than using 1FA (Wireless link and a button). Thief needs to jump through more obstacles, increasing the change of his failure.

However even mechanical token can be generalized as this video shows: https://www.youtube.com/watch?v=9NtDH-8z95M

So I think that in the end it probably does not matter. When somebody wants to steal your car, you have probably no chance to prevent it.

The ECU is in different places but they have pretty standardized plugs to connect to the wiring loom. You just unplug it and plug in a new one.
Yea, this attack doesn't make any sense as a threat model worth defending. If the thief is willing and able to replace substantial amounts of the car's electronics:

1. They're already in the car. So how you authenticate the ECU and door modules to each other is really irrelevant. They bypassed that already.

2. They can just go ahead and replace the ECU and all the door modules with their own. So, again, how auth works doesn't matter.

3. At some point, you have to ask: Am I replacing the electronics in the car, or am I replacing swapping all the non-electrical parts from one car to another?

This... seems like a relatively trivial problem to solve?

Each device that needs to sign messages (which probably should be only the ECU) is provisioned with a certificate signed by the carmaker. The device is also provisioned with a public-key pair, which is signed by the certificate (so you have chain of trust back to the manufacturer). The public key pair could be either programmed when the firmware is first flashed or generated at first boot.

A new door BCM accepts the first broadcasted public key from the ECU which is correctly signed. This would happen inside the factory for a new car, or when a new BCM is installed to replace a faulty one.

A used door BCM from a junk yard car could be programmed to accept a different (signed) public key by:

1. Being in the unlocked (and perhaps window-down) state; and 2. Pressing some combination of door buttons; and 3. Sending an appropriate command over the CANbus

It, of course, then verifies that the new key is correctly signed and reprograms itself to the new key.

CAN message usually has max 8 bytes, how would you sign it to actually transfer some useful data and without signature being laughably simple to crack?
You can send the command and signature split over multiple messages. It is already common to tunnel other data over CAN with this method.
That's a nice theory, now let's look into something called CAN bus load - i.e. there is limited amount of CAN messages which you can ram onto a bus. So adding multiple CAN messages to transfer same piece of information will drastically reduce throughput of the system and make it unusable.
Not a theory. This is used in vehicles today, for instance authentication for tachograph downloading. The key is of course you are not authenticating all the time, in this case it's enough to do when starting the vehicle when the CAN-bus typically is quite quiet.
If it is only on specific communication channel, then you just need to get a private signing key, i.e. by dumping same type of ECU. And we are back at the beginning.
I'm not sure whether you are confused or intentionally trying to be confusing but that doesn't make sense in the context of the discussed issue.

The signing key would of course be unique per ECU/keyfob that needs to sign stuff so dumping another ECU doesn't help you crack it.

That private key needs to be stored somewhere otherwise your singing scheme does not work. Generating signing key is not really an option as you won't get enough entropy on the ECU and generated private keys will be oscillating around small group of prime numbers.

Loading a new private key from the server? Well, thief's device can probably pretend to be a server and load a new private key into the control unit behaving as a master of immobilizer. Then the thief will get car and instantly new set of keys.

> Generating signing key is not really an option as you won't get enough entropy on the ECU and generated private keys will be oscillating around small group of prime numbers.

Erm... using the LSB of a network RX timer is common way to add entropy (and perfectly feasible here). You could also use the LSB of the +voltage rail sense or the thermometer that probably exists on your MCU.

Besides what others have mentioned:

Just use a simple rolling code, like a garage door opener, HOTP, or the key fob itself, and enforce a rate limit for bad codes. 3 bytes can hold 6 packed digits, which is plenty.

The threat model here is that the thief walks up to your car and tries to broadcast messages to the door controller. If they can't observe prior messages to the controller, the chance that they will correctly guess the next code is, literally, 1 in a million.

Let the door controller start rate limiting (ignoring messages) after 10 bad attempts, and then only listen to one code per second. The thief will have to stand here for a week for a 50% chance of correctly guessing a 6 digit code.

>Let the door controller start rate limiting (ignoring messages) after 10 bad attempts, and then only listen to one code per second.

Congratulations. Everyone is now potentially DDoS'ing everyone else's car, and all it takes is one a-hole with a gibberish screamer to lock everyone out of their cars within range.

You have solved nothing, and in fact, made plain old keys the more attractive alternative. I swear, people want to throw cryptography, radios, and security buzzwords at everything, but completely forget that the easiest way into the car will be taken. The tumbler lock. Once in there, hoods can be popped. Replace brain box. Move right along.

Funfact: that’s not a simple solution as it sounds at first. It start to become very complex and expansive when you start looking at it in detail. It starts with costly crypto support at the microcontroller. It goes with complex key agreement protocols. Then everything needs to be unique for each and every car. Because of you don’t do all of this, you can defeat everything very easily.
It doesn't have to be that complex. Enough HW crypto support exists in smaller and smaller MCUs. A good enough PSK programmed at the factory would probably be enough and that's the only thing that needs to be unique, everything else can be off-the-shelf vehicle-class components and open source.

Btw it's "fun fact" and it typically means there is something factual, not just guesswork.

Reading this I thought it was satire... but reading more comments, most of the folks were actually quite real.
Unfortunately, the answer is simply incentives: until this pendulum really goes hard toward blatant insecurity, the headlines have been somewhat tenable by the public, and few people, including in the tech community(!) choose their car based on security, let alone privacy.
A company may want an outdoor outlet and for some reason, end up putting it on the same circuit that powers the door locks. The building has backup power so there's no risk of the door becoming unlocked if the whole building goes down but what if that single circuit goes down (like from a wire jammed in the outdoor outlet)? The doors would lose power and the UPS wouldn't kick in so now the doors are all unlocked.
I wonder what the thieve does with the car after stealing. Will you always need that Nokia to start it or is there some kind if aftermarket for counterfeit keys?
why would you use a Nokia ? Raspberry could be a better option.
> why would you use a Nokia ? Raspberry could be a better option.

Deniability if searched by police.

Bottom of the Nokia in the video is very suspicious.
I guess the idea is more not to attract attention in case of a random search, rather than plausible deniability. The phone couldn't operate as a phone... (nor the speaker, as far as I understand it).
The thieves want plausible deniability if they are caught possessing it.

If a policeman suspects you of being a car thief and catches you with a Raspberry Pi, that looks pretty suspicious.

The same policeman wouldn't think anything suspicious about (what appears to be) a Nokia cell phone.

Well, nowadays a phone like that would be suspicious, because everyone has a smartphone. A BT speaker is a lot less suspicious, however.
> catches you with a Raspberry Pi, that looks pretty suspicious

Indeed, who did he have to kill to get one?!

> catches you with a Raspberry Pi, that looks pretty suspicious

I'll have to relay that to my dad who drives around with a small cluster of SBCs mounted into his vehicle

It's not a actually Nokia, it only looks like one. All the parts on the inside will be replaced with parts specific to this purpose.
I believe many of the cars are disassembled for parts and scrapped, most of its value needlessly destroyed. Some are exported to third world countries. Most thefts are not value-adding or preserving operations, literally doesn't pay(well).
Yep. A person I know had his Mercedes A45 AMG stolen, thanks to the tracker he was able to find it in the middle of a forest somewhere, went there with a police officer to find two guys in the middle of taking apart his car to pieces, their excuse was "officer we just found it like that". I don't know if they were able to pin the theft on them or not in the end, but the insurer ended up scrapping the car and paying for a new one because the main wiring loom was cut and Mercedes wanted an absurd amount of money for replacing it.

Apparently quite common with Teslas as well, there is no way you can sell a whole functional car to anyone(well, not in any developed country anyway), but stripping them to pieces and selling them elsewhere is relatively common.

Volvo took really aggressive steps basically making sure that every component in the car that has any kind of electronic chip inside it has to authenticate with the car's VIN or it won't work at all - really annoying for the 2nd hand parts market but hopefully also annoying for thieves.

Also really annoying for the hardware and software folks doing the work.
Typically the engineers building the thing use debug builds that don't have these checks.
Someone has to design and test this stuff though
The actual correct solution to this is to get the crime rate way down, so that blatant thefts and robberies are no significant issues.
> the main wiring loom was cut and Mercedes wanted an absurd amount of money for replacing it

Modern cars can contain over a mile of wire and some of the important wires are all laid out during early stages of manufacturing, making it difficult to get at them for maintenance. Some cars have better access than others, but if they were carelessly tearing the car down, there's a good chance you need to take off, rewire, and test every ECU in the car.

As far as I can find online, most repair shops ask for about $1700-$2500 just to replace the main wiring harness, including the cost of parts and labour. A luxury Mercedes will have more wires and more automated systems, so you'll easily end up in the higher end of that range.

With a car in such bad shape, I wouldn't want my company to try to repair that car either, not without a "this is a bad idea" surcharge anyway. You just know it'll never run as well as it used to and if you make it a standard practice, you know at least a portion of your customers will blame you for it because you put the "repaired" sticker on that car.

The profitability of the second hand used components market is a real problem. I don't want a future where you can't reuse the parts in a broken down car because of some hard-coded encryption key, but the theft situation is seriously out of hand. Sadly, I think the Volvo approach will be the norm in the future.

And yet, you do this to a phone and people scream "What about repairability?"
People aren't stealing phones to sell the charge port on the black market.
Unfortunately, they are - iPhones are absolutely sold for parts because a locked iPhone is unsellable otherwise.
The loom is sandwiched between the two sheets that make up the floor, it is amazing that they offered to replace it at all because as far as I know there is no way of doing this without serious damage to the vehicle.
Well I don't know if they quoted a specific number, but basically the insurer said that after consulting with Mercedes they established the repair would cost more than 50% of the value of the car so they are declaring it total loss. Maybe Mercedes just told them lol no, can't do this guys.
Yes, that's likely exactly what happened. Volvo pioneered that trick, it makes good sense as long as everything works but if it ever breaks you're done. The big plus is obviously that the loom is very well protected but insulation tends to lose its plasticity over time and in case it gets pinched anywhere you're in trouble. The only feasible option is probably to route an alternative loom through the cabin somehow and to leave the old one in place but non-functional. Even that would be a pretty tall order because there is simply no way to do this without fairly structural changes to the car in order to make room for the new loom in such a way that it is protected from mechanical wear.

On classic cars you can do this sort of thing easily enough, there the chassis was made first and then the wiring loom was put in place but on these modern vehicles you're sore out of luck. And EVs will likely be worse still, what with all the HV DC cabling to motors, batteries and charge ports.

It's counter intuitive but some vehicles are worth more as parts anyways. The market for used vehicles is only willing to pay so much for a vehicle. The market for people who happen to need a part and will pay for it is much larger.
https://kentindell.github.io/2023/04/03/can-injection/

>Ian’s sleuthing found that mostly these cars are destined for export, sent via shipping container to places in Africa

"These cars" might specifically mean things like the RAV4 and that other cars more reliant on good roads have less of a market in "places in Africa".

There must be a noticible flow of parts (eg headlights) to patch up damage caused by the theft. Likely the car manufacturers know, but it's not in their interests to talk about it.

Used for crime locally and dumped.

Or chopped up for parts.

Or shipped overseas complete in a container.

Once it's been started you get it out of the area, then connect onto the OBD/diagnostics and run the OEM "all keys lost" procedure with cracked dealer software, which lets you program brand new keys into the system.

Then they end up in a container ship bound for West Africa.

https://toronto.ctvnews.ca/car-stolen-from-an-ontario-street...

The cost of these devices is out of the 'simple criminal' pricerange, but is a minimal expense to a crime ring that can export a boatload of stolen cars at a significant profit as these cars go for significant price premiums overseas.

I remember seeing a french documentary about the french criminal world many many years ago, there they showed a professional car thief using a device bought from Russia that he plugged into the ODB2 port. Once plugged in it reset the car and it could be started with a blank key. A co-workers friend got his Audi RS4 stolen from a public garage with the thiefs using the technique described in the article and that was probably 6-8 years ago so it’s far from new but maybe more widespread now.
Did your friend get his car back after all? Or else how did he conclude which technique was used to steal it?
Yeah I wonder about this as well. It was decades ago that a friends Mercedes was stolen in Poland and the police just immediately concluded that it had been taken to Russia. I'm thinking "well yeah, if you just decide all stolen vehicles go to Russia then they in fact are never found".
He never got the car back, don’t know if it was picked apart or they managed to send it abroad. The security footage from the garage caught it on video so that’s how they knew that they went through the headlights.
CAN bus is a brilliant thing for car diagnostics and modification but with every good system normally has a sword of damocles.

I would imagine my Passat which has a CAN interface on the headlight cluster would be vulnerable to this attack as well. Maybe even the bonnet sensor could be vulnerable.

Car manufacturers could remove CAN interfaces from peripheral systems (lights, wing mirrors) but they probably won't because it would make maintenance a little harder and less cost effective.

The idea of a software update by the security researchers sounds sensible but updating ECUs (engine control units), CCU (climate comfort units), infotainment systems of legacy cars will not happen.

Say goodbye to the old car thieves with their manual tools, hello techy thieves.

Given range extender attacks on key fobs for cars (and subsequent methods to defeat that attack) techy thieves have always been around.

There are rumors that the algorithm and secret key for various manufacturers has been broken, and that any car with a remote can be stolen after recording the unlock and start sequence from nearby. But if you had the code that would do that, it's not like you'd upload it to GitHub, so that rumor remains just that, a rumor.

> CAN bus is a brilliant thing for car diagnostics and modification but with every good system normally has a sword of damocles.

There are over 100 issues (aka bugs) in the spec though. Uncovered by these guys: https://youtu.be/zi0rHwfiX1Q?t=1150 (starting at 19:10, includes examples)

It feels like this should be manageable without completely removing CAN interfaces from peripheral systems by having multiple busses that are interconnected to each other. Things like lights and wing mirrors can sit on a low security peripheral network, with the controller rejecting any commands that aren't whitelisted, it's not like you need to be able to plug arbitrary devices into your headlight socket.
You know that it actually is whitelisted by its CAN ID, but ECU can't tell where the command came from.
It can if you have actually isolated busses feeding into what I will, for lack of knowledge of a better term, a CAN router. Maybe it exists, but I'm imagining a device with multiple CAN inputs that makes decisions on what messages to pass on to other busses.
That what gateway is doing and that's the reason why they are going for headlights (which are sharing bus with immobilizer I suppose) and won't go for door locks or TPMS.
>which are sharing bus with immobilizer I suppose

I think the proposal is to, uh, not do that.

Is CAN bus actually a serial bus? If so, I wonder if it's possible to make a CAN bus jammer. Plug it in anywhere on your car, and its sole role is to detect all CAN bus messages and jam them. Add bluetooth to it, so you can switch it on and off from outside the car.
CAN is multi-master so you could just have a device on the bus that hold the line active forever.
I still have a hard time wrapping my head around the fact that cars are now computers on top of wheels.
There is a chance that all of this comes in waves, and that waves will go away...
How would like like to define "computers" here? Electronic fuel injection was first introduced in 1960's and 70's, and the 70's are when microprocessors first hit the scene. Without the ECU in a EFI car, you're not going to get very far.
Tesla cars can play AAA games on their infotainment system. That's pretty much a normal computer/console right there.
That’s not the point they were trying to make. The point (as I saw it) was that cars have relied on computing for quite a while. Aside from the infotainment/nav systems, cars have required on board computers for decades. And I think many of those chips are general purpose chips with specialized firmware. So, it’s been fair to think of them as computers (or rather a network of computers) for quite a while.
In the context of this news, I'm thinking computer as something you can plug a USB stick and hijack it.
The first USB flash drive was in the 2000s so at least then. It's hard to find when hijacking via USB was first a thing, if only because the more popular route is either plug in a replacement ECU, which supports tuning out of the box, or via a USB -> OBDII/other non-usb-port on car, which I don't think quite counts.
More than that. They have server racks in them and phone home to enable/disable services you bought.

Ever want to run away from your loveless marriage with the secretary at work? Your car knows (what you did last summer, lol). So does Elon.

Would he impulsively cut you out of your own Tesla, because you insulted his minisub on twitter? What if you stole his favourite secretary?

Remotely disabling someone's car is a crime against freedom. Cars are required to keep people alive and working in the US. It's weird watching potential Internet-Feudalism™ roll down into mechanical automobiles.

More like the entire car is the rack. Console in the middle, TOR switch up top, controllable indicators in left and right, storage services down below…
The fix for this doesn't need any cryptography. Nothing more than the key receiver and the main ECU agreeing on a randomized number in the "unlock" code. Allow unrandomized unlock once, agree on and store random number on both sides, from here on insist on this number. Sure this is insecure in the sense that a device listening to the bus can capture the fixed unlock code for that car, but who cares, it completely disables this attack (generic device can unlock ANY car of that model/series with no prior knowledge).

Of course some sort of override is needed to reset the pairing in case one or the other side is replaced in a repair. But this can be made cumbersome enough for a thief not to bother.

I'm sure this is well in scope for a field firmware upgrade, so hopefully this attack vector doesn't last long.

I believe you reinvented the one time pad.
It's a CAN injection, has nothing to do with the immobilizer feature (between the fob and the car) that has a random SK exchanged on fob-car pairing and is mandated (by insurance companies to prevent hot wiring a car) for more than a decade.
You didn’t spent the time to understand what is being attacked, didn’t you?

Ken has everything greatly documented. Ken is a long time fellow in the area. Btw, he has also solutions.

Looks like it's back to steering wheel rods.
If I saw one of those ancient Nokia bricks, I'd immediately be suspicious.

There's probably people on this forum that have never seen one in the wild.

There are people that are still using them.
I didn’t even know they still worked. Aren’t they using old cell tech?

I’m pretty sure it was last century, when I had that exact model (which was great, BTW).

3G is getting harder and harder, but I also have a 4G version that is still going strong (and still has 5 days of battery stand by time).

It's from after the reboot so that technically not a 'real' Nokia (N-800).

Then it's probably not the one I had.

I really liked those old 2G phones.

I remember, in the 1990s, in Japan, the phones kept getting smaller and smaller. It was pretty cool. One reason they could be so small, was they had antennas everywhere, and it was a fairly low-power system.

I brought the last iPhone 13Mini. I will miss the smallness.

2G has been extended in some areas because there is a large amount of legacy hardware using it.
I'm still using an elderly 2G Nokia in the UK. My carrier switched off data in January but I wasn't using it anyway. Surprisingly, reception is worst in dense city centre areas. I guess they have the fastest turnover to more recent technology.
Neat, I still have a bunch of 2G ones here, I should charge one up and see if it still gets a signal.
I know security through obscurity is not really a security, but thieves have a limited time to action and they would drop the car if there are problems or are spooked.

How you can prevent a car theft?

Hardware:

- Kill switch - hide a switch somewhere to the battery/ignition

- Steering wheel or pedal lock - annoying for the daily use. Not much of a deterrent if someone has a pick or liquid nitrogen.

- Chain and a lock in your garage - the need to cut something would be too risky. Doesn't help in a public place.

- Replace ODB with a fake - stops the hacking

PsyOp:

Have a message displayed or an extra devices that would communicate (this is car is being track, please leave the vehicle, police unit is dispatched etc.)

Tracking:

Thieves know how to disable car alarms with GSP, but Airtags maybe hard to find.

wrt PsyOp, I would have agreed with you until my car was recently stolen with an airtag and a custom camera system. The theives could care less about the custom cameras and simply snipped the cables. They had an iphone and I'm guessing once the iphone got pinged they were tracked they tossed the airtag. It doesn't seem like they care all that much about anything to be honest.

A hidden kill switch is probably the best idea since you actually need to find it which costs time.

fun fact, when I told the cops there was an air tag in there their first reaction was "what's that", and their second was "our investigators tell us it's not accurate enough to be actionable information." I recovered it myself and in some sense they were right, the airtag was kind of useless in finally recovering the vehicle.

A friend had an idea, I don't know if he had ever implemeted it. Take a square pillow. Stick about 100 needles in it. When leaving the car, position pillow on the driver seat so that needles' points are up, but of course all of them are still invisible / inside the pillow. Don't forget to move the pillow when you want to drive the car :)
Sounds like a lawsuit waiting to happen.
I hate to say it, but if the police don't start acting to deter these thefts then people will result to vigilante justice and booby traps, since it's the only thing they can do.
Similar idea, also illegal, leave a half empty bottle of booze laced with poison in the boot.
Usually the fuse box is accessible right under the dashboard. Remove the ignition fuse and keep it in your wallet, and the car won't start, without any clear message about what's wrong (most of the time).
I know a local dealership that does this. They have a bowl full of fuses underneath their key lockbox. Pretty funny to see them need to put the fuse in just for a test drive.
I had an old fiat car where it had some unknown electrical problem that would run the some fuel pump thing all the time, even without key. So the solution my grandfather figured out what a kill switch under the dashboard for the fuel pump. Wouldn't start without flipping it.

I want this, but on my electric car. Fuses aren't usually so accessible. I made a switch like this on my next (gas) car, but I could get the manuals and find the spot in the wiring diagram. I have no idea how to do this for a tesla. I don't think the fuses are so accessible in evs.

sadly my Mercedes CLA has in the engine compartment. Probably it's better to swap it with a fake/damaged one.
A hidden switch on the wire behind that fuse would be a lot more ergonomic, a thief would just replace the ignition fuse with any other in the panel, he doesn't need the radio to be on :)
Kill switch on the fuel pump relay and a removable steering wheel. I'm actually using the ECU signal to fuel pump as my kill switch and I have my amplifier remote turn on the same circuit.

The stereo in the trunk is a big red herring because if you yank it out the car isn't going to crank pal.

Just drive a stick shift.
This mostly works.
(comment deleted)
in my country most cars are stick shift ;)
> Chain and a lock in your garage

I've seen someone protect a Ferrari F40 in his garage by having a gigantic door security "trunk" on his garage door. Literally the size of a tree trunk.

Stealing the car required getting inside the garage, which was only accessible through a regular but armored door.

The owner's idea was that you couldn't use another car to destroy the garage's door as there was this huge metal "trunk" taking all the width of the garage, going through huge holes in concrete.

So you'd first need to open the armored door, then slide that gigantic metallic trunk. That trunk was so heavy is was on little wheels.

So back to locking our cars with an iron bar then?
Here's what is going to happen. These thieving assholes are going to make it so that new cars will have to have an always on connection to the auto maker in order to start so that they can "verify" it is really you. This will be the "solution" the auto makers will come up with. Forget that it also will enable them to know a shit ton about you as a side-effect.
> According to Tindell and Tabor's research, the attack, called CAN (controller area network) injection, works by sending fake messages that look as if they come from the car’s smart key receiver, the research continues. The underlying issue is that vehicles trust these messages without verifying them. Once the thieves have accessed the necessary cables by removing the headlights, they can use their device to send these messages, it adds.

I have to ask - does the automobile industry hire from a different pool of systems engineers than the usual pool I’m used to interacting with? It seems like everyone I know would say “obviously you should verify that the security mechanism first”.

Or is this a result of how the automobile industry is structured and what is outsourced to vendors/suppliers and what is done in house?

I’m not going to be buy that this isn’t solvable for a technical reason at this point. We have had a lot of experience dealing with PKI infrastructures and zero trust architectures in other parts of the industry.

It seems to me that computer systems have always been a secondary concern on ICE cars.

It’s possible the ECUs in question have been so cost optimized there’s not a lot of power left to do asymmetric (or possibly even symmetric, idk) crypto.

Bus capacity is also a concern.

The "problem" is really that the need for security became obvious in the web/networked world first. Think back to how insecure devices were 20 years ago.

That security is slowly trickling down to other areas of the software industry. Even when you have individual engineers or teams who understand that it needs to be more secure, their procedures don't have that built in. And securing the car needs to be done at a system level, which means coordinating across suppliers & subcontractors, which requires management buy-in.

Similar problem in the medical device industry, but at least we have FDA cybersecurity requirements to adhere to.

Don't these high end cars have hidden GPS devices inside of them? Or is that a myth?
They have them and it would solve this problem if victims could rely on a perfect police force with unlimited capacity.
I am so terrified of getting a new car. Here's hoping my 2008 car lasts another 20 years.
Why wouldn’t it? I drive a 1990, a 1981 and a 1979. As long as there are parts for it, it should run. Just keep rust away.
If I'm required to own three cars just to be assured at least one of them is operable at any given time, that's a non-starter.
You’re not. I just like cars and have a selection. My 90 is a daily, it’s never stranded me in the 7 years I’ve had it. Even with a dead battery I can start it by pushing it in neutral and dumping the clutch in gear, really can’t beat that. I just sold a 2013 I didn’t use because I enjoyed the 90 more. The 2013 has gotten me stranded with a dead battery. So has my gf’s 2016, but not the old trusty miat
In a few years (1~3), regulations (Crit'Air and low emission zones) will prevent me from keeping my '08 car (or at least getting it out of a closed parking lot, controls are planned to be done via fully automated license plate recognition).

Sad because it's stupidly reliable and in great mechanical condition, I expect it to run another 15 without batting much of an eye if properly maintained.

Ironically if it were older (like, > 30 years old) I'd be able to keep using it, as it would be considered a collector car (... provided it's vetted on a case by case basis by local authorities).

But then other regulations would take effect like max mileage per year and limited allowed range (e.g leaving local administrative area), which you can only exceed with more vetting from local authorities and under specific circumstances (e.g participating in a collector car showcase)

Can't you hide it at your uncle's country place that no one knows about?
But a 2008 car is already prone to these kind of attacks anyway, you’re looking at a 90s one to avoid these, but you’re open to other kinds of attacks.

Better to live in an area where this is not a problem or carry insurance.

I've never seen a car from 2008 with a push-button start.
I have one: 2008 Nissan Altima
Not saying an old car cannot be stolen but at least compared to my peers, nobody is trying to take my car with no push start button.

My fear is spending a lot of money on a sweet car and then having it stolen right away and, yes, I should carry insurance but making insurance claims is time consuming and inconvenient. Not to mention the fact that it sucks to have to pay deductible for being a victim of car theft.

My Honda source say they “fixed” this in 2022+ meaning signed CAN bus messages and John Deere level ECU signing on headlight bulbs.

In fairness the headlights were probably a $500 LED board anyways.