In the past, stealing a car often meant smashing through a car window and picking the lock of the car. However, as car security systems get more advanced and connected, it is now more likely that a thief will use a computer or other technology to break in, said Yoav Levy, CEO of Herzliya-based Upstream Security.
In many cases, the technology to hack into your car, or an entire fleet of cars, can be purchased cheaply online, or downloaded from the dark web, Levy said. That’s why cyber theft of cars in the UK has risen 60% in the past year, according to his company’s data.
A simple search on YouTube can reveal some of the most common ways to hack a car. One is to change the key code inside a car to match the code that already appears on a different key already in the hacker’s possession. One can easily buy online an OBD (on-board diagnostics) dongle like the type auto mechanics use to access a car’s computer system for diagnostic testing. A thief could use that to access the system and change the code to bypass some of the car’s security mechanism, Levy explains.
A second common hack uses the signal transmitted by a keyless entry system. A person standing within 2 m. of the key fob could receive the signal being transmitted by the key and transmit it to a person standing close to the car with a receiver. Once that signal is used to open the car and turn the engine on, the car can be driven away without the owner finding out.
Another method, Levy said, involves hacking the mobile apps that many manufacturers now offer to serve as a sort of remote control for many automobile functions. A hacker could download the app on his own phone and search for vulnerabilities that will give him access to different cars of that maker.
There is no doubt that many car thieves are doing “professional retraining,” and in the future, most car thefts will be carried out through attacks on its computerized systems, Levy said. Today, approximately 27% of cyber intrusions into a vehicle are made through a car’s keyless system, and 9% through mobile applications.
Upstream offers car manufacturers and insurance companies information to track vulnerabilities so they can better understand the risks they face. “If there is a known risk of cyber attacks for a specific model, insurance companies should price that into their plans,” Levy said.
The company also offers a cloud-based detection and response system that can alert the car’s owner and trigger different responses if it senses that an attack is occurring.
Upstream was founded in 2017, and now has 70 employees, mostly at its Herzliya headquarters.