Will Telematics Systems open doors for car theft?


In the last few years there has been a rise in thefts of late-model cars where criminals have used hand-held tools, such as key programmers and immobilizer overrides, to steal them without needing the original key.

The speed with which these devices perform their attacks on the embedded software, via the OBD port, has transformed electronic theft from a minority method to, in some markets, the dominant method used by thieves to steal the most targeted models.

The proliferation of theft tools available today illustrates both the ingenuity of the attackers and the complacency of vehicle manufacturers.

A growing number of vehicle manufacturers today offer telematics systems to provide the connectivity demanded by a new generation of buyers.  Some of these systems already offer services which could potentially be manipulated by an attacker to steal cars, such as remote door unlock and remote engine start.

This report shows that vehicle manufacturers and their telematics service providers should take heed of emerging academic studies which have demonstrated that remote attacks can result in a criminal manipulating vehicle systems.  Reverse engineering vehicle CAN messages, frequently to override security protocols, is already mainstream research for aftermarket companies.  This level of knowledge, combined with any single exploitable weakness in the telematics platform, would provide an attacker with almost any remote control functionality they desire.

This report looks at how vehicle telematics systems could be used to facilitate car theft in the future.  It considers how criminals may remotely access or start the car and whether such attacks could be performed entirely over-the-air, or whether the vehicle would firstly need to be compromised by some alternative method.  It also examines the explosion in internet facilitated crime to consider what the automotive industry should know about today’s cybercriminals.

To read full report go to this URL http://www.sbd.co.uk/files/sbd/pdfs/522IB.pdf? dm_i=1ICZ,1MR0C,7YAJQE,5OL00,1