After pouring himself a cup of coffee, Nick Bilton, a tech reporter at The New York Times, saw an unusual sight outside his window, where his 2013 Toyota Prius was parked:
I saw two teenagers on bikes (one girl, one boy)….I watched as the girl, who was dressed in a baggy T-shirt and jeans, hopped off her bike and pulled out a small black device from her backpack. She then reached down, opened the door and climbed into my car. As soon as I realized what had happened, I ran outside and they quickly jumped on their bikes and took off. I rushed after them, partly with the hope of catching the attempted thieves, but more because I was fascinated by their little black device. How were they able to unlock my car door so easily?
There you go: $26 worth of hardware that will enable you to control a car's steering and brakes. (Photo: Automotive IT News)
High-tech car theft isn’t totally new, but it’s only now catching on in the U.S. after establishing a considerable beachhead in Western Europe. A year ago, I wrote about it being possible to hack into a car with a cheap piece of hardware:
It’s a small board with $26 worth of electronic parts (an Arduino mini pro, resistors, a voltage regulator, Ethernet cable, LCD and SD card reader among them) that plugs into a car’s Controller Area Network (popularly known as the CAN bus) to enable all kinds of remote mischief.
The go-to guy in Congress on these issues is Sen. Edward Markey (D-MA). He issued a report in February, based on automaker inquiries his office conducted, that found:
- Nearly 100 percent of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
- Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Markey.
- Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real time, and most say they rely on technologies that cannot be used for this purpose at all.
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.
As I mentioned, the electronic theft has reached critical mass in Europe, which may be a sign of what’s to come in the U.S. Soccer star David Beckham’s BMW was stolen in Spain with a gadget that cost less than $100 online. In a stranger-than-fiction development, the car was later seized during a raid on a people-smuggling operation in Macedonia. The government minister who’d been driving it around said, “If Beckham asks for the vehicle back I will hand him the keys myself.”
This video is bizarre, because the reporters keep talking about a "mystery device" that criminals from New York to Los Angeles are using to gain access to cars. Really, it's not that complicated: