Criminals employ outdated devices such as Nokia 3310 phones or Bluetooth speakers equipped with integrated remote key connection circuits in order to commit car theft.
Under the watchful eye of Motherboard, a YouTuber showcased their expertise in utilizing a Nokia 3310 to initiate the ignition of a Toyota vehicle.
The man occupied the driver’s seat of the car, persistently pushing the start button located near the steering wheel. However, despite his efforts, the engine failed to start, causing the red light to flash incessantly.
Next, the individual retrieved a Nokia 3310 from their possession and proceeded to connect it to the car using a cable. Once the phone was turned on and various options were selected, the screen displayed the message “Connected. Receive data.” After restarting the car, the engine roared to life, accompanied by the green light indicating readiness.
In addition, another individual recorded a video using a JBL Bluetooth speaker that showcased the scene of unlocking the car. This person further mentioned that the speaker can be utilized to unlock various car models, including those manufactured by Toyota and Lexus.
Please find the video at this link: “https://www.youtube.com/watch?v=oeJumGZ56CY”
These devices, known as “emergency starter devices,” are being sold online at varying prices, ranging from 2,700 USD to 19,600 USD. The advertisement also promises that the software will be regularly updated over time, in case the car company imposes any restrictions.
A new method utilized by criminals in the US involves using outdated mobile devices to swiftly steal cars. Unfortunately, individuals using these devices find themselves helpless in safeguarding their valuable possessions.
How it works
As per a device seller, outdated mobile devices are repurposed internally to function as repeaters. These repeaters relay signals from the vehicle to the targeted individual’s key. Thieves commonly aim for cars parked in close proximity to houses, as the short distance between the key and the car makes it arduous for the car owner to identify their presence.
The specific type of attack being referred to here is known as Controller Area Network (CAN). In this attack, the device sends deceptive connections that appear to originate from the car’s smart key receiver. Interestingly, during this process, there is no requirement for any verification step, and the car will accept and establish the connection. The wire connected to the headlight is commonly regarded as the most susceptible point for establishing this illicit connection.
According to Ian Tabor, a security expert in automotive equipment, constructing this device is a straightforward process that requires minimal effort. All one needs to do is solder some wires and encase the assembled components in a resin. These internal parts can be easily obtained from electronics stores for less than $10.
According to Tindell, there is presently no solution available to address the recent attack, leaving car owners with no choice but to patiently await software updates from their vehicle suppliers.