"Car Thieves Are Using Increasingly Sophisticated Methods, and Most New Vehicles Are Vulnerable"
AA Insurance Services reported that car theft is on the rise. Thieves increasingly use high-tech tools to exploit vulnerabilities in sensors and computerized systems designed to make travel safer and more comfortable. Criminals now use sensors, computers, and data aggregation systems to steal cars. Recent reports have shown how criminals can gain access to Electronic Control Units (ECUs). Ian Tabor, a cybersecurity consultant for the engineering services company EDAG Group, experienced what first appeared to be a case of senseless vandalism to his Toyota RAV4. However, when the vehicle disappeared, it became apparent that the damage had been part of a sophisticated car theft scheme. In this instance, the thieves removed the car's front bumper to access the ECU, which in turn, provided access to the Controller Area Network (CAN bus). The CAN bus is the primary interface for ECUs to communicate with one another. In the case of Tabor, gaining access to the CAN bus enabled the criminals to inject their messages into the vehicle's electronic systems. These false messages were designed to fool the car's security systems into believing that a valid key was present. Without the key fob, the car doors unlocked, the engine could be started, and the vehicle was able to be driven away. This article continues to discuss the security vulnerabilities that leave cars susceptible to theft.