In the first half of the year, 14,852 vehicle thefts have been reported, an increase of 23.7% compared to the same period in 2021. However, gone are the days when

a window was broken to make a jumper and start the vehicle, since now the favorite criminal tool is the computer.

“Now, glass breaks only occur when you want to extract something of value from the interior,” police sources told ABC. Makes sense

thieves don’t want a damaged car, because it attracts more attention and causes the resale value to decrease. In addition, the absence of force presents a new problem for the owner: the difficulty of proving the theft to his insurer.

These same sources declare that today, the most widespread method of stealing vehicles

is to open the door, either by forcing the cylinder or, if you are more sophisticated, by manipulating the radio frequencies of the key, and accessing the control unit through the OBD 2 port in order to start the engine and be able to drive it. Professional thieves are capable of carrying out the operation in less than three minutes.

«In recent years it has been very frequent

find cases in the Volkswagen Groupbut it is increasingly common to see complaints from BMW or French brands, “says the Police.

In fact, on October 10, Europol arrested 31 members of a gang organized between France, Spain and Latvia for vehicle theft. They seized 1.1 million euros in criminal assets.

There are many similar cases, in the US, the “Kia Boyz” specialized in the cars of the previous generation of the South Korean group, which also posted explicit videos of the method to follow to start the car. Others,

in France, they used a modified JBL speaker – with a black market value of $5,000 – to gain access to the vehicle’s control unit via the USB port. However, despite the fact that it seems that today vehicles are more vulnerable than ever, the reality is that in the first half of 2022 half as many thefts have been reported as a decade ago, since in the same period of 2012 27,045 were registered. subtractions.

The manufacturers try to repair their vulnerabilities quickly – the “Kia Boyz” are no longer capable of exploiting the new models – and even

they have come to pay the ‘hackers’ for revealing security breaches. One example is Tesla, which shelled out $50,000 after a hacker proved he had access to his entire fleet through information exchanged by his supercharger network.

The law is a step behind when it comes to policing novel forms of crime.

In 2021, the United Nations presented Regulation 155 for a standard for homologation of vehicles with respect to their cybersecurity, which defines almost 70 points of vulnerability for current and future vehicles that must be protected. The European Union has already announced that the UNECE/R155 standard will be implemented as of July 1, 2024, under penalty of 30,000 euros per manufactured unit that does not meet the requirements.

As well as digitization

has brought new avenues of entry For cybercriminals, it has also given rise to companies specializing in the prevention of this type of crime and in security certification. In Spain, for example, Eurocybcar is the only one capable of issuing this technical cybersecurity assessment.

5G, more problems?



Achieving lower latency broadband offers a world of industrial and automotive connectivity possibilities. In a recent interview with ABC, Bosch CEO Stefan Hartung said that this would reduce the number of control units in vehicles and move computing systems to the cloud. On the one hand, it would increase local security, as there are fewer vulnerable nodes to access, but on the other, it could compromise the integrity of a fleet management system by authenticating itself as a harmless element within the cloud.

To develop defenses, it is essential to adopt a “hacker mentality” and think about the profit paths that this type of criminal may have. Since

cybersecurity company Trend Micro, point to several vectors: ‘ransomware’ –blocking a vehicle’s functions until the owner pays a ransom–, the theft of private information or even the abuse of systems, which would include taking control of fleet management so as not to raise suspicions in the supervision center, deactivating the GPS location, for example. The arrival of autonomous trucks would open the door to a simple way of distributing illegal materials or the possibility of having them parked in a place to be dismantled.

However, from Trend Micro they affirm that the results of their search to violate connected cars have been limited, “a good sign that criminals have not yet focused their efforts on exploring monetization,” they state in their report.

In the forums of the ‘Deep Web’ they sell

hacked car sharing and taxi app accounts, as well as ‘threads’ on how to violate the OBD port, modify the control unit, information on the CAN protocol developed by Bosch or the sale of frequency inhibitors for keys –they prevent the car from being locked with the remote control– or the tools most used today: key cloners. Even so, from technology they assure that the simplest methods, such as duplicating keys, are potentially much more harmful than other more sophisticated ones, such as the installation of ‘malware’ remotely.

Hackers seized remote control of a Jeep Cherokee in 2015



Although car theft has become much more sophisticated – the most frequent destinations were

Russia and Ukraine before the war, as well as China, Eastern Europe, Morocco and Mauritania – the most notorious cases that have appeared in the press have been carried out by ethical hackers, in an attempt to demonstrate the vulnerabilities of a system.

The first example that revealed the lack of computer security in vehicles was the case of the ‘hacking’ of a Jeep Cherokee in 2015 that resulted in the recall of 1.4 million Chrysler vehicles. In this case,

Charlie Miller and Chris Velasek They discovered that they could access the control unit in several ways, but they preferred the 3G network because it allows an attacker to be out of visual range and still send messages to the vehicle through the CAN protocol. Among what they discovered was that they could turn off the engine, deactivate the brakes or turn the steering wheel of the Jeep.

According to the US consumer protection association, Consumer Watchdog, Tesla vehicles are the most vulnerable to cyberattacks, followed by models such as the Ford F-150, Dodge Ram 1500 or Chevrolet Silverado, the three leading pick-up trucks in the market.

More recently, in 2018 a BMW was attacked by Keen Security Lab analysts, they created three different attacks, one local through the OBD port and two more sophisticated remote ones. The most successful was to establish

a man-in-the-middle (MitM) exploit to receive all the GPRS data generated by the vehicle that were directed to the manufacturer’s server through its Connected Drive service and through this, to be able to send arbitrary messages using the CAN protocol and thus control the control unit.