Research

Criminal Overlap: The Hacking Theft of Cars

While stealing a car is nothing new, the increasing ease of doing so, combined with how long thieves are able to use stolen cars before they get flagged, makes this security threat especially worrisome.

First Published 7th July 2016

Criminal Overlap The Hacking Theft of Cars

"Congratulations! You've won a NEW CAAAARRRR!!!" 

4 min read  |  Reflare Research Team

The US National Insurance Crime Bureau (NICB) has recently released a report which describes a sharp uptick in cars being hacked and then stolen.

The NICB's President Roger Morris went as far as to state that "We think it is becoming the new way of stealing cars".

While car thefts using hacks are just gaining traction, the underlying issue is much older: As more and more systems become controlled by computers ("smart"), they need reliable update mechanisms to ensure their security.

Many devices such as smart appliances, smart meters and cars among others are not capable of automatic updates and thus expose a large attack surface.

For example, once attackers find a way to replicate contactless car keys, there is no way for the car company to update the cars and keys to a more secure implementation short of physically re-fitting all affected cars at a mechanic.

In the case of older cars, this often means replacing the hardware controlling the car locks and ignition, leading to a significant cost and time required for the upgrade. This disincentives the carmakers to publicise any discovered vulnerabilities and drivers to bring in their cars for a lengthy upgrade.

As cars are equipped with board computers and auto-pilots, this class of issues is going to increase in prevalence until car manufacturers establish clear policies and upgrade mechanisms to address cyber threats.

Since virtually every industry moves towards smart components, hackers will find more and more overlap with traditional crime as this case of cyber car thefts exemplifies.

We urge any organisation to consider the potential impact of a hack when adding smart devices to their infrastructure. Smart devices must be updatable and well supported by their manufacturer or they will eventually end up as a security liability.

Subscribe by email