SA Migration International

News Articles

To steal todays computerized cars, thieves go high-tech

Source: The Conversation, 10/09/2023

These days, cars are computer centres on wheels. Today`s vehicles can contain over 100 computers and millions of lines of software code. These computers are all networked together and can operate all aspects of your vehicle.
It`s not surprising, then, that car theft has also become high-tech.
The ones and zeros of getting from A to B
The computers in a vehicle can be divided into four categories. Many computers are dedicated to operating the vehicle`s drive train, including controlling the fuel, battery or both, monitoring emissions and operating cruise control.
The second category is dedicated to providing safety. These computers collect data from the vehicle and the outside environment and provide functions like lane correction, automatic braking and backup monitoring.

category is infotainment systems that provide music and video and can interface with your personal devices through Bluetooth wireless communications. Many vehicles can also connect to cellular services and provide Wi-Fi connectivity. The final category is the navigation system, including the car’s GPS system.
Computers in one category often need to communicate with computers in another category. For example, the safety system must be able to control the drive train and the infotainment systems.
One difference between the network in your car and a typical computer network is that all devices in the car trust each other. Therefore, if an attacker can access one computer, they can easily access other computers in the car.
As with any new technology, some aspects of today`s cars make it harder for thieves, and some make it easier. There are several methods of stealing a car that are enabled by today’s technology.
A car thief hacks a car`s security remotely.
Hijacking wireless keys
One of the high-tech features is the use of keyless entry and remote start. Keyless entry has become common on many vehicles and is very convenient. The fob you have is paired to your car using a code that both your car and fob know, which prevents you from starting other cars. The difference between keyless entry and the remotes that unlock your car is that keyless entry fobs are always transmitting, so when you get near your car and touch the door, it will unlock. You had to press a button for old fobs to unlock the car door and then use your key to start the car.
The first keyless fobs transmitted a digital code to the car, and it would unlock. Thieves quickly realized they could eavesdrop on the radio signal and make a recording. They could then `replay` the recording and unlock the car. To help with security, the newest fobs use a one-time code to open the door.
One method of stealing cars involves using two devices to build an electronic bridge between your fob and your car. One person goes near the car and uses a device to trick the car into sending a digital code used to verify the owner`s fob.

The thief`s device sends that signal to an accomplice standing near the owner`s home, which transmits a copy of the car`s signal. When the owner`s fob replies, the device near the house sends the fob signal to the device near the car, and the car opens. The thieves can then drive off, but once they turn the car off, they cannot restart it. Carmakers are looking to fix this by ensuring the fob is in the car for it to be driven.
A criminal hacks into a vehicle`s computer system.

Hacking the network
The network used by all computers in a car to communicate is called a controller area network bus. It`s designed to allow the computers in a car to send commands and information to each other. The CAN bus was not designed for security because all of the devices are assumed to be self-contained. But that presumption leaves the CAN bus vulnerable to hackers.

Car thieves often try to hack into the CAN bus and, from there, the computers that control the car`s engine. The engine control unit stores a copy of the wireless key code, and thieves can clone this to a blank key fob to use to start the victim’s car. One method is accessing a car’s onboard diagnostics through a physical port or wireless connection meant for repair technicians. Thieves who access the onboard diagnostics gain access to the CAN bus.
Another network hacking method is breaking through a headlight to reach the CAN bus via a direct wiring connection.
Throwback attack
Modern thieves also try the USB hack, which exploits a design flaw in Hyundai and Kia vehicles. This is more of an old-style hot-wiring of a car than a high-tech computer issue. It is named the USB hack because when thieves break into a car, they look for a slot in the steering column. It turns out that a USB connector fits into the slot, and this allows you to turn on the ignition.
So all someone has to do is break the window, insert a USB connector and start the car. This technique has become infamous thanks to a loose affiliation of young car thieves in Milwaukee dubbed the Kia Boyz, who have gained notoriety on TikTok.
Hyundai and Kia have issued an update that closes the vulnerability by requiring the fob to be in the car before you can start it.
Limiting your car’s vulnerability

Given there are so many different car models, and their complexity is increasing, there are likely to continue to be new and creative ways for thieves to steal cars.
So what can you do? Some things are the same as always: Keep your vehicle locked, and don`t leave your key fob in it. What is new is keeping your vehicle’s software up to date, just as you do with your phone and computer

Search

Latest News

As a South African who has adopted a nomadic work lifestyle alongside my wife, Ingrid Lotze, I’ve been an interested observer of South Africa’s snail-pace digital nomad visa (DNV) development process. Despite the optimism surrounding its introduction, the visa seems to miss several crucial marks for digital nomads like us.... Read more...

EREMY MAGGS: I want to stay with crime now. Individuals with a criminal record may be faced with significant challenges when seeking employment, I think that’s a given. Here in South Africa, employers may legally exclude an applicant from consideration for a position if having a clean criminal record is what is termed an inherent requirement of the job. That phrase, inherent requirement, is important, but what exactly does that mean, and when can an applicant be lawfully excluded for having a criminal record?... Read more...

There are fears that more people will be separated by the introduction of a minimum salary level for those wanting UK family visas. Families living in the UK and abroad have raised concerns about what new rules will mean for them as they try to reunite with foreign spouses. In December, the Home Office, which says migration to the UK is too high, announced a package of measures to reduce net migration, following a spike in arrival numbers.... Read more...

An Ethiopian asylum seeker, who does not speak English, claims he was duped by a senior immigration official into paying an admission of guilt fine when he thought he was paying for bail.Two Western Cape High Court judges have condemned the official`s `deplorable` behaviour, set aside the fine, and ordered the immigration official be taken off the case. Tsegaye Esyas claims Annelise van Dyk treated him like an animal which led to him attempt suicide while in police cells.... Read more...

An Ethiopian asylum seeker, who does not speak English, claims he was duped by a senior immigration official into paying an admission of guilt fine when he thought he was paying for bail. Two Western Cape High Court judges have condemned the official`s `deplorable` behaviour, set aside the fine, and ordered the immigration official be taken off the case. Tsegaye Esyas claims Annelise van Dyk treated him like an animal which led to him attempt suicide while in police cells.... Read more...

North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. Researchers describe GuptiMiner as `a highly sophisticated threat` that can perform DNS requests to the attacker`s DNS servers, extract payloads from images, sign its payloads, and perform DLL sideloading. Delivering GuptiMiner via eScan updates In a report released today, cybersecurity company Avast says that the threat actor behind GuptiMiner had an adversary-in-the-middle (AitM) position to hijack the normal virus definition update package and replace it with a malicious one named ‘updll62.dlz.’... Read more...

Airports Company South Africa (ACSA) this week revealed that Cape Town International Airport (CTIA) has achieved a ground-breaking milestone by processing more than 10 million passengers over a single financial year. This is the highest number of regional and international passengers processed since COVID-19... Read more...

DA MP says hours lost continue to result in persons being unable to collect their ID documents due to unmanageable queues The DA has been inundated with complaints that the Department of Home Affairs (DHA) systems are offline, resulting in long queues and delayed processing of documents. Through questions posed to the Minister, the DA can now reveal that the DHA has lost over 77 years’ worth of working hours due to system downtime and load-shedding from 2019 to date. Concerningly, this data only relates to hours lost for the application of smart IDs, meaning decades more of working hours could have been additionally lost in other spheres such as passport or visa applications.... Read more...

Home Affairs’ seemingly endless court battles set the department back more than R110-million between April 2023 and the end of February this year. This was revealed in a written parliamentary response by minister Aaron Motsoaledi. He said the department accumulated a litigation bill of R117 692 996.3, higher than the R72 637 944.51 spent the year before.... Read more...

Due to system downtime and load-shedding, the Department of Home Affairs (DHA) lost nearly 141,000 hours of Smart ID application and production time between the 2019/20 and 2022/23 financial years. Minister Aaron Motsoaledi revealed this figure in a recent response to questions raised in Parliament by Democratic Alliance MP Adrian Roos. Motsoaledi provided a breakdown of smart ID production and application hours lost to technical difficulties and load-shedding per province for each financial year from 2019/2020. These disruptions hit home Affairs offices in the Eastern Cape the hardest, with over 34,000 hours to rotational power cuts and system downtime. Mpumalanga offices lost the next-highest number of hours at 17... Read more...