gr1nch
Active Member
- Joined
- Oct 15, 2016
- Messages
- 729
- Location
- Louth, Lincolnshire
- Car
- 2017 W222 S350d AMG Line Premium Plus : Iridium Silver and Black Nappa
Having one's car attacked can be devastating or, at best, merely inconvenient. Attacks include:
* theft of the car
* its contents
* damage (mindless vandalism, also forcing to gain advantage, e.g. window, ODBII port, dash,
* malicious (e.g. to cause an accident)
For privately owned vehicles, often it's immensely upsetting, hugely inconvenient and costly. If someone wants to protect their car efficiently and comprehensively, then knowing what the attacks are is essential.
Before I list what I've found out so far, a word about cost as I've seen posts along the lines of "your car is insured, so get over it". Yes, a stolen car may get you a full insurance payout, but even if adequately replacing one's pride and joy turned out feasible, then there's the excess to shoulder and a likely increase in insurance premiums. Alternatively, if something is stolen from your car, with no provable sign of entry, then it's hard to convince an insurance company it actually happened.
# list of known Attacks
The are a number of known attacks on modern cars with electronic keys:
* Keycode. car access. e.g. Rolljam which jams your 1st key press to car, saves code, jams 2nd key press, sends 1st code, saves 2nd for later malicious use. Driver mistakenly thinks the 1st key press simply didn't work and was discarded, but the 2nd worked. Result: car entry after you walk away.
* Keyless Go car access and theft. Involves amplifying the signals between key and car, into tricking the car that your key is within physical range. Inside the car one thief presses down on the brake with a stick, usually telescopic, ingenious b******s. At least two posts on this (new C- and S-Class) here.
Defenses:
- turn off Keyless Go, or if not
- outside car, keep keys in a jamming pouch
- to help avoid personal attacks at home, some owners prefer to keep their keys easily accessible to intruders, e.g. on the stairs.
* Key creation car theft. Access to the car's OBDII port to program a blank key into a working one.
Defenses:
- OBD port lock and key
- Disable port via COMAND?
* Phone app. Attack vectors primarily any of:
- stealing the phone
- conning the user into installing a Trojan horse app that appears to behave as the genuine app
- copying authentication data fool app config files (by physical access to phone or remotely via malicious app)
- man-in-the-middle over the network attack between app-server-car intercepting genuine commands and issuing bad guy ones
Defences:
- either do not enable or disable app access, or if not
- don't have a rooted phone
- install the app only from on an official supplier on the Android or Apple app stores, not a 3rd party website
- check the app stores your credentials on the phone are encrypted strongly (at least makes the bad guys try brute force, though that would be automated too)
* Immobilisers
The are one's, e.g. Ghost, which disable the car either to prevent 1st start or to permit first start but then immobilise after N minutes or km. This allows you the ability to get away from hijackers but then recover your * Immobilisers later.
* Steering Locksq
Any good ones used ?
Not an exhaustive list, but intended as a start, for other to post their tips and knowledge...
Resources:
https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
9 manufacturer mobile apps which were, at publishing, exploitable.
http://www.mbclub.co.uk/forums/gene...brand-new-c-class-stolen-2-minutes-drive.html
Securing your car with the ?OBD Saver? ? Lock Technology News
Sent from my XT1032 using Tapatalk
* theft of the car
* its contents
* damage (mindless vandalism, also forcing to gain advantage, e.g. window, ODBII port, dash,
* malicious (e.g. to cause an accident)
For privately owned vehicles, often it's immensely upsetting, hugely inconvenient and costly. If someone wants to protect their car efficiently and comprehensively, then knowing what the attacks are is essential.
Before I list what I've found out so far, a word about cost as I've seen posts along the lines of "your car is insured, so get over it". Yes, a stolen car may get you a full insurance payout, but even if adequately replacing one's pride and joy turned out feasible, then there's the excess to shoulder and a likely increase in insurance premiums. Alternatively, if something is stolen from your car, with no provable sign of entry, then it's hard to convince an insurance company it actually happened.
# list of known Attacks
The are a number of known attacks on modern cars with electronic keys:
* Keycode. car access. e.g. Rolljam which jams your 1st key press to car, saves code, jams 2nd key press, sends 1st code, saves 2nd for later malicious use. Driver mistakenly thinks the 1st key press simply didn't work and was discarded, but the 2nd worked. Result: car entry after you walk away.
* Keyless Go car access and theft. Involves amplifying the signals between key and car, into tricking the car that your key is within physical range. Inside the car one thief presses down on the brake with a stick, usually telescopic, ingenious b******s. At least two posts on this (new C- and S-Class) here.
Defenses:
- turn off Keyless Go, or if not
- outside car, keep keys in a jamming pouch
- to help avoid personal attacks at home, some owners prefer to keep their keys easily accessible to intruders, e.g. on the stairs.
* Key creation car theft. Access to the car's OBDII port to program a blank key into a working one.
Defenses:
- OBD port lock and key
- Disable port via COMAND?
* Phone app. Attack vectors primarily any of:
- stealing the phone
- conning the user into installing a Trojan horse app that appears to behave as the genuine app
- copying authentication data fool app config files (by physical access to phone or remotely via malicious app)
- man-in-the-middle over the network attack between app-server-car intercepting genuine commands and issuing bad guy ones
Defences:
- either do not enable or disable app access, or if not
- don't have a rooted phone
- install the app only from on an official supplier on the Android or Apple app stores, not a 3rd party website
- check the app stores your credentials on the phone are encrypted strongly (at least makes the bad guys try brute force, though that would be automated too)
* Immobilisers
The are one's, e.g. Ghost, which disable the car either to prevent 1st start or to permit first start but then immobilise after N minutes or km. This allows you the ability to get away from hijackers but then recover your * Immobilisers later.
* Steering Locksq
Any good ones used ?
Not an exhaustive list, but intended as a start, for other to post their tips and knowledge...
Resources:
https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
9 manufacturer mobile apps which were, at publishing, exploitable.
http://www.mbclub.co.uk/forums/gene...brand-new-c-class-stolen-2-minutes-drive.html
Securing your car with the ?OBD Saver? ? Lock Technology News
Sent from my XT1032 using Tapatalk