A Nigerian United States-based expert in automotive cybersecurity, Engr. Sunday Aluko, has raised the alarm on a growing global threat: hackers stealing cars using just a phone camera.
Aluko, leveraging his expertise in the automotive industry, emphasized the urgent need for car manufacturers and owners to adopt robust cybersecurity measures to combat this evolving crime.
With modern vehicles relying heavily on electronic systems, car thieves now exploit vulnerabilities that require no physical tampering.
By simply capturing the Vehicle Identification Number (VIN) displayed on a car’s windscreen, they can duplicate keys with an automated VIN-to-key tool, bypass security systems, and steal vehicles within seconds.
The Vehicle Identification Number (VIN) is a unique 17-character code stamped on every vehicle, providing essential information such as make, model, and manufacturing history. While the VIN is critical for legitimate purposes like recalls and repairs, it has become a tool for criminals in the digital age.
Aluko explained how snapping a photo of the VIN allows hackers to automate key cutting, clone electronic key fobs, and exploit a vehicle’s electronic systems.
This method requires no broken windows, no tampered wires, and no physical struggle.
He noted that today’s car thieves operate discreetly, even in crowded spaces, leveraging technology to execute thefts swiftly.
“This is a global threat. All a hacker needs is your VIN to bypass security systems and drive away with your car in seconds,” Aluko said.
As vehicle technology advances globally, so do the tactics of cybercriminals.
In 2023, reports from cybersecurity agencies in Europe and North America revealed a sharp rise in VIN-based car thefts. Countries like Germany and Japan are already addressing these vulnerabilities through stricter regulations and enhanced cybersecurity protocols. However, the global automotive industry faces a significant challenge in staying ahead of these threats.
To mitigate the risk of VIN-based car theft, Aluko highlighted the importance of concealing the VIN displayed on dashboards, particularly in public spaces. He also recommended additional security measures such as steering wheel locks, storing wireless key fobs in protective pouches, and ensuring vehicle software is regularly updated to patch vulnerabilities.
He emphasized the need for automakers to enhance encryption protocols and implement robust cybersecurity frameworks in vehicle design.
He also called on policymakers to introduce regulations that mandate stronger security features in cars.
“All it takes is a photo of your license plate or VIN for a hacker to compromise your car’s security,” Aluko warned. “Automakers and owners must work together to safeguard vehicles. Awareness and proactive measures are key.”
As an advocate for a safer automotive future, Aluko urged stakeholders to prioritize cybersecurity. “The rise in VIN-based car theft highlights the urgency for global action. It’s not just about protecting assets; it’s about securing the future of transportation.”
He concluded by emphasizing the importance of vigilance among car owners. “While technology has made our lives easier, it has also introduced new risks. Protecting your vehicle begins with awareness and taking simple preventive steps.
Chronicle NG reports that hackers can steal cars using a phone camera by exploiting vulnerabilities in keyless entry systems. Here’s a simplified overview of the process:
Method 1: Relay Attack
1. Scanning for signals: A hacker uses a device to scan for the radio frequency (RF) signals emitted by the car’s key fob.
2. Relaying the signal: The hacker uses a relay device to amplify and relay the signal to a partner near the car.
3. Unlocking the car: The partner uses the relayed signal to unlock the car.
4. Starting the engine: Once inside, the hacker can use the relayed signal to start the engine.
Method 2: Camera-Based Attack
1. Capturing the key fob’s signal: A hacker uses a smartphone camera to capture the infrared (IR) signal emitted by the key fob when it’s in close proximity.
2. Replaying the signal: The hacker uses software to replay the captured IR signal, which can trick the car into thinking the key fob is present.
3. Unlocking the car: The hacker can then unlock the car and start the engine.
Prevention Measures
1. Use a Faraday bag or wallet: Store your key fob in a Faraday bag or wallet to block RF signals.
2. Keep your key fob close: Keep your key fob in a safe place, away from windows and exterior walls.
3. Use a key fob signal blocker: Consider using a device that blocks key fob signals.
4. Disable keyless entry: If possible, disable keyless entry on your car.
5. Keep your car’s software up-to-date: Regularly update your car’s software to ensure you have the latest security patches.
It’s essential to note that not all cars are vulnerable to these attacks, and manufacturers are continually working to improve the security of their keyless entry systems.
