Equipment is sold full of ‘online market’, car owners are afraid because there is no way to fix it
A recent car theft in the US was linked to technology hidden in outdated Nokia phones and Bluetooth speakers. This entirely new method of auto theft is gaining popularity in the US.
A YouTuber has “demonstrated” these car stealing skills under Motherboard’s tutelage. He uses a Nokia 3310 to start a Honda car.
The man kept pressing the car start button. The car’s engine, of course, wouldn’t start at the red light because he didn’t have the keys. But then he brought out the Nokia 3310.
Using a black wire, the man connected the phone to the car. He did some operations on screen 3310, the screen says “connected, received data”. This person then tried to start it again, the engine exploded and the car showed a blue message.
Reports indicate that the technology sells for between $2,700 and $19,600 on various websites and Telegram channels.
Trying to play the person who bought the Nokia 3310 above, Motherboard editors received information that the seller accepts payments via online money transfers, even digital currency. The device will ship to the US.
Another seller introduced a Bluetooth speaker bearing the JBL logo with the name: “JBL unlocked. No need for a key.” According to this ad, the device can unlock various Toyota and Lexus models.
Len Tindell, CTO of security firm Canis Labs, says auto theft devices can also be used on Jeeps, Maserati and several other models.
According to security researchers, this attack is called CAN (area control network) tampering. The Nokia 3310 phone or Bluetooth speaker will send a spoofed connection, causing the car to be mistaken for a smart key connection. At that time, the car will immediately receive the signal.
After unpacking this device, Ian Tabor – a colleague of Len Tindell – found that the internal components only cost around 10 USD, with 1 CAN related chip and the necessary CAN hardware and software.
According to Tindell, the most effective way to prevent this theft right now is adding cryptographic protection to CAN messages. Tindell said there is currently no way to address the new attack. The only solution for car suppliers is to update the vehicle software as soon as possible.