Threat from new form of vehicle theft

I Hope this is the best sub-forum to post in, for being seen by the maximum number of members. I just stumbled upon this article detailing a new method of vehicle theft. If I read it correctly, it [still] only applies to vehicles with keyless ignition FOBs. So definitely something to be aware of if you have a gen 3 truck. (I cant recall off-hand if there were any late gen 2.5 Tundras that have this, but someone can answer.)

This article specifically discusses Toyota vulnerability, but I don't get the impression that it's limited to them.

Be sure to read all the way through,. It also talks about a more heretofore-known "wireless" theft method that you may be aware of - and that you can, and may want to, still help prevent depending on where you live. [Edit. Others have added video and proper terminology for active and passive FOB signal supression below]

But I don't know that there's a way to help foil this new "CAN-injection" method yet. I think it's going to require a software or hardware upgrade. Just something to be aware of until then. In the case of the victim profiled, the theft of his vehicle happened over a multi-event timeframe. First, it was just a headlight - but that gave access for the eventual, actual theft.

https://arstechnica.com/information...iously-unknown-keyless-can-injection-attacks/

 

New variation on an old theme it reads to me like.

instead of using a relay box to boost signal for fobs in vicinity (fob in home - car in driveway - their uses a $30 home build amp box and starts car and leaves) - thieves just utilize info obtained using onboard technology.

It’s pretty simple really - nothing is secure from a professional thief. That said - the chances a professional thief is boosting cars is pretty low - you gotta steal ALOT of cars vs what you could make stealing high end goods - and the funny thing is the high end stuff is typically LESS protected and less likely to be a problem for a thief. It’s funny - but think about it. A multi millionaire losing their $500k luxury car isn’t likely to car much / it’s insured and it’s an inconvenience but not something they are likely to pursue too far. On the other hand - steal cats off some construction workers Tundra and dude can’t go to work - they are gonna be PISSED - no waiting for 911 to respond - they will just take matters into their own hands if they catch the thief.

Of course pros don’t hang out on carthief.cok on the darkweb discussing vulnerabilities and how to boost cars - dishonest shops and fences do however and perfect the hacks and then teach it to the local teenage delinquents paying them to deliver the goods for a few hundred bucks or a cheap ass handgun. You will find something like 90% of car thefts involve “kids” - 13 to 18 years old. Work cheap, can send out a group of 5-10 at a time and occasionally- gets caught but never everyone as you got 1-2 officers and 10 kids running in 10 different directions when they DO catch them in the act. 6 months in juvi and their back to the streets.

 

Didn’t read the article, eh?

 

Here is the described device working on my 2012 several years ago. Luckily I don't keep my pistol in my truck and they got about 63 cents in loose change. You can't see the device, but I am sure that is how they unlocked my doors.

https://www.youtube.com/watch?v=L0auo2Nsymo

 

Read the rest where it talks about what the new exploit actually is… the new one isn’t a wireless attack.

 

My fault - i was in a hurry when I first posted, and didn't make it very clear. The new theft method uses a readily-available but inexpensive device that doesn't depend on boosting the wireless signal from the fob, but is still specific to fob-style cars, because it requires a keyless start button function.

I don't know that there's a way to protect yourself from this new device yet, but there is a way to protect from the old.

The faraday pouch (thanks - I had forgotten that term) or shielded metal box is still good for foiling the "old" fob theft method. I think I like the method in @Librarians' video too - but I can't tell if you have to re-do it after every time you later hit a button to open the door.

 

I tried the button push method from post #5. Has to be completed after each time you open the truck with the fob. Not sure if you can permanently disable the proximity function.

 

So they send a "security thumbs up" messages to CAN and hold the line for the rest of time, so no other modules can transmit anything (CAN is a shared bus with electrical arbitration). Not very smart, but neither is Toyota, who uses a bare CAN in 2023.

More advanced car vendors started shifting away from CAN a decade ago, CAN is only for OBD-II diagnostic in those cars. Toyota will eventually follow the same direction.

Those advanced vendors also reuse example passwords and encryption keys found in development kits and opensource projects that they have used, so hacking those advanced cars is still possible. Sometimes over the Internet. Toyota will follow that direction, too

 

And a new way to steal your Tundra

https://www.autoblog.com/2023/04/12/vehicle-headlight-can-bus-injection-theft-method-update/