10 seconds to steal a car

[gmaster1]

Have a condo in Chicago -- neighbor's car was broken into and the other stolen. Both were by using some electric hacking tool that only took like two seconds to get into each car and about 10 seconds to start one of them.

The video recording I have here is the sub-stream (extremely low res that gets recorded off-site) as the main 2MP stream goes to another box that crashed four hours before this happened (Unstable BI update.....)


Cam that recorded it:

 

[alphawave7]

He removed the baby seat...how thoughtful!

 

[gmaster1]

He removed the baby seat...how thoughtful!

Right? I mean... he's not a COMPLETE monster ;-)

 

[tangent]

Right? I mean... he's not a COMPLETE monster ;-)

Nice of him to leave leave fingerprints behind in the other car and on the car seat (hopefully) it kind of looked like whatever he used might have a touchscreen (probably not wearing gloves).

He probably removed it mainly because it might be suspicious for someone his age to have a kid / the chop shop doesn't want them.

Plenty of different attack vectors. Easiest is a replay attack with a device attached to the car in a parking lot (with gps tracking) or just hidden in the bushes. Starting the car that quickly is a little more interesting, but probably similar maybe with an electronic key. I think it actually took a lot longer than 10 seconds, I think the device he used was working from when he set it on the passenger seat until the car starts several minutes later.

 

[alphawave7]

Right? I mean... he's not a COMPLETE monster ;-)

Highly unusual that he makes effort to place it by the building, rather than carelessly tossing it away. Most crooks are in a giant hurry, to avoid detection/the po po.

 

[nayr]

@ 2AM there's not alot of people out and about, the best way to go un-noticed is to look like your doing nothing wrong..

since this guy has a hack that lets him enter and start the car w/out any physical damage, his best approach is to simply take it like he owns it... to drive it like he stole it would just attract attention to his clean attack.

Lots of people have identifying writing on car seats, due to air-travel and the likes my name and telephone numbers are written on mine w/sharpie.. If he needed to dispose of the car seat somewhere, probably safest to do it here.

This thief is smarter than the average night prowler.. im betting the car is headed to the port or already chopped up.

 

[smiticans]

Have a condo in Chicago -- neighbor's car was broken into and the other stolen. Both were by using some electric hacking tool that only took like two seconds to get into each car and about 10 seconds to start one of them.

The video recording I have here is the sub-stream (extremely low res that gets recorded off-site) as the main 2MP stream goes to another box that crashed four hours before this happened (Unstable BI update.....)


Cam that recorded it:
View attachment 12246

How did BI crash? Are you running it as a service? Do you use BI tools as a watchdog to auto restart upon a crash?

 

[gmaster1]

Recording to UNC so not running as service.

 

[smiticans]

If possible I would run it as a service. If not, at least download BI tools and use the watchdog feature so this situation doesn't happen again.

 

[Lostmydonkey]

Most newer vehicles will only run a few miles before it shuts off without the key in the ignition, how do they bypass...I can only guess a "master key" or to fool the vehicle...I am curious as how we can prevent this from happening

 

[nayr]

http://chicago.cbslocal.com/2014/02/27/car-thieves-break-into-cars-by-hacking-them-with-black-box/

same city go figure, cars digital communications system has very little security.. it would not be difficult technically to compromise a keyless entry/keyless start system now days.. Auto Manufacturers often set the gold standard for minimal security.

I heard of one attack that involved simply yanking out a mirror, plugging into the car's comms via a module in the mirror and then unlocking and starting the car from outside w/out any damage.. they try like hell to keep this shit secret, and there is big money to be made so its often in the hands of organized criminals, compared to petty night prowlers. This vehicle probably got loaded up on a cargo freighter in the Great Lakes desperate to take any cargo for the return chip to China.

I can buy a very expensive cable online that will let me program immobilizer chips for many european vehicles, just gotta hack it into a simple black box so all you do is push a button and go..

dont want this to happen? park it in a garage and unplug the garage door opener heh..

 

[nbstl68]

I don't get the point of taking the effort, time, space for sending a low res substeam video for offside backup if the end result is, hey, I have a video of some unidentifiable person taking something......if you lose the Hugh res video what would this type of backup get you at alll?

 

[Q™]

...dont want this to happen? park it in a garage and unplug the garage door opener heh..

Or pull one of the battery cables.

...come to think of it how can a $600.00 mobile device have a "find my iPhone" feature but a $35,000 vehicle can't.

 

[Q™]

I don't get the point of taking the effort, time, space for sending a low res substeam video for offside backup if the end result is, hey, I have a video of some unidentifiable person taking something......if you lose the Hugh res video what would this type of backup get you at alll?

Considering that camera's placement would high-res provided evidentiary face recognition video?

 

[gmaster1]

I don't get the point of taking the effort, time, space for sending a low res substeam video for offside backup if the end result is, hey, I have a video of some unidentifiable person taking something......if you lose the Hugh res video what would this type of backup get you at alll?

Time = 3 Minutes to set up off-site recording. Three minutes.
Effort = Three minutes
Space = 70-80MB/hr for 24/7. It's recording on a 16TB array.
End Result = My entry cams I can absolutely identify faces with that resolution based on where they are positioned. This parking lot is a wash and I knew it going into the project because HOA rules are HOA rules. If the rest of the owners wanted to pool together for cams lower down the decks I'd be happy to accommodate. Day time image on HD I can read license plates clear as day. Night image sucks on low res. It is what it is.

"If you lose the high res video what would this type of backup get you at all?"

A redundant and low cost peace of mind solution?

Considering that camera's placement would high-res provided evidentiary face recognition video?

This cam wasn't really meant for facial recognition to be honest. The only cams I truly care about are focused on the entry to my unit. That said, off-site is a nice peace-of-mind redundancy and I can identify faces on those cams with that resolution based on where they are positioned.

 

[HorizonXP]

Oh wow, that's really crazy that you caught all that. My sis lives in Chicago, and always tells me that some parts are just sketchy.

 

[nayr]

Or pull one of the battery cables.

...come to think of it how can a $600.00 mobile device have a "find my iPhone" feature but a $35,000 vehicle can't.

Heh, my wife's car came with a plastic key and you have to take half the door handle off to get to the slot to insert it and unlock it, kill the battery and its a bitch to get back inside..

and your $600 mobile phone has a >$60mo mobile plan attached to it.. I am not so keen on trying to make cars as disposable as phones, adding a bunch of software that will be abandoned and obsolete in 10 years is kinda silly.. what if cars from 2000's era were all running WindowsXP and had internet connections, hahaha

 

[smoothie]

An attack I have read about involves cars that are equipped with "Smart Entry" where the key remains in your pocket/purse and when you touch the door handle or approach the car it sense the key and unlocks. The attacker gets a transceiver off the mysterious Internets! (its a series of TUBES!). At night when the key is in the house sitting on the kitchen table the attacker walks up and touches the door handle. The transceiver hears the cars call to the key, amplifies it, the key in the house hears the cars amplified signal and responds, the transceiver hears the faint response of the key and amplifies so the car can hear it. Door unlocks as car thinks the key is within range which is normally just a couple of feet. Some cars can be started using this method as well and only cease operating once the car is turned off. You can defeat this type of attack by keeping your key fob in a Faraday cage such as a purpose built container, and some have suggested using things like Microwave Ovens or refrigerators/freezers for the same effect.

 

[gmaster1]

and your $600 mobile phone has a >$60mo mobile plan attached to it.. I am not so keen on trying to make cars as disposable as phones, adding a bunch of software that will be abandoned and obsolete in 10 years is kinda silly.. what if cars from 2000's era were all running WindowsXP and had internet connections, hahaha

My past few and current cars have GPS + SIM card inside the console for app and web integration/concierge services and whatnot. Basically there's an option to pull up the location of your car from your phone using an app. Can also check gas, oil, etc status from the phone. I never renew the service after the free grace period of a couple years, but the technology is all there for your car to be 'tracked'. Even if you don't renew the plan, I think the SIM card stays active.

Basically if I were to steal cars using the few known methods of how to do this, I'd stick to the 2007-2009 models more than anything newer for that reason. And inside of that there's a specific pool of cars I'd probably target knowing that they don't have those web based services and location features.

 

[tangent]

Auto theft has been declining. The number of vehicles stolen in 2014 is almost half the number stolen in 2005. Looks like 2008/2009 was the biggest drop, so I'm not sure those would actually be the ones to target.

I happen to drive one of the most frequently stolen vehicles in the US, it's been broken into twice. That's why I have some custom homemade security devices in my car.