The editors of Motherboard magazine got a video of the implementation of the so-called. man-in-the-middle attacks by EvanConnect, who sells wireless repeaters that can be used to break into and steal luxury cars.
The two men were walking through the dimly lit garage, and one of them looked at the laptop-sized black device inside his shoulder bag. Using the buttons on the body of the device, he cycled through the various modes of operation displayed on the bright LED display of the device, before settling on one of them.
With the device set up, the second man approached a bright white Jeep parked in the garage. He was holding his device: a small box with an antenna on top. The man tried to open the car door, but it was locked. He pressed a button on the top of his device, blinked a light, and the machine opened. He climbed into the driver's seat and pressed the start button.
To demonstrate the capabilities of the device, the man turned off the box with the antenna and again pressed the start button of the car. “Key fob not found” - an inscription appeared on the car panel, which meant that the person behind the wheel did not have a wireless key with him to start the car. "Press the key fob button to start."
Ignoring the message, the man turned on the device in his hand again and tried to start the car. As if by magic, the engine started with a characteristic growl.
"EvanConnect", one of the men in the video who hides behind an online alias, typifies the link between digital and physical crime. He sells thousands of dollars worth of devices that allow other people to break into expensive cars and steal them. He claims to have clients in the US, the UK, Australia and several countries in South America and Europe.
“I can honestly say that I myself have not stolen cars using this technology,” Evan told the editors. “It would be very easy, but I think why should I get my hands dirty when I can make money just selling tools to others.”
The video does not show a real theft; Evan used a friend's Jeep to demonstrate to the editors the capabilities of the device, and then uploaded another version of it to his YouTube channel. In addition, these devices are sometimes used by security researchers to test the security of machines. However, the threat of digital auto theft is quite real.
Police officers around the world have reported an increase in the number of thefts over the past few years that they believe were committed using various electronic devices. In a 2015 press release, the Toronto Police Department warned locals about a surge in thefts of Toyota and Lexus SUVs that appear to have been carried out with electronic tools. A 2017 video released by the West Midlands Police in Britain showed two men approaching a Mercedes Benz parked outside its owner's house. As in Evan's video, one was standing next to a car with a portable device, and the other was placing a larger device near the house in an attempt to pick up the signal emitted by the car keys lying inside.
Not all electronic car thefts are necessarily carried out with the same technology. Some technologies rely on jamming the signal from the owner's key fob, causing the owner to believe they have locked the car when in fact it is open to burglars. Evan's devices, by contrast, are "wireless repeaters" and conduct so-called. proxy attacks.
Sammy Kamkar, who has long been interested in hardware hacking and security issues, appreciated Evan's video and explained to us the details of this attack. It all starts with the fact that the owner of the car closed it and leaves with the key. One of the accomplices tries to intercept the signal, and then approaches the car, holding one of the devices that listen to the air at low frequencies, on which the car sends signals to check for a key nearby, and then this device transmits this signal “at a higher frequency, type 2,4, XNUMX GHz or something like that, at which the signal travels much longer distances with ease, ”Kamkar wrote. The second device in the hands of the second cracker receives this high frequency signal and repeats it again, at the original low frequency.
The keyfob sees this signal at a low frequency and responds in the usual manner, as if it were located close to the car.
“This happens in both directions several times until the whole process of passing passwords and feedback between the key and the machine is completed, and these two electronic devices are simply engaged in transmitting communications over a longer distance,” Kamkar wrote.
Using such devices, the criminals create a bridge from the car to the key in the victim's pocket, home, or office, and each party is deceived into believing that they are located next to the other, which allows the attackers to open and start the car.
“I can’t confirm the authenticity of the video, but I can say that the method is 100% working - I myself organized a similar attack on at least a dozen cars using my own hardware, and it is very easy to demonstrate,” Kamkar said.
To prove ownership of the technology, Evan sent photos of the devices along with a printed message to prove they weren't just someone else's photos. He also showed the editors various technological devices in a live video chat and provided other videos demonstrating the operation of the devices.
A Fiat Chrysler Automobiles representative who manages the Jeep brand did not respond to our inquiries.
Evan said the devices will work in all cars with keyless entry, except those using 22-40kHz, which include Mercedes, Audi, Porsche, Bentley and Rolls Royce cars made after 2014. These manufacturers have switched to key systems using the newer FBS4 technology. However, Evan added that he was selling another model capable of switching between 125-134kHz and an added 20-40kHz range, which would allow hackers to open and start any keyless car today. He sells the standard model for $9000 and the upgraded version for $12000.
“It all sounds pretty plausible, and it is implemented simply,” Kamkar said. “I have made devices with this functionality for about $30 (and if you sell them in large quantities, you can make them cheaper), so there is no reason to suspect fraud.”
Indeed, wireless key repeaters can be assembled for a not very large amount. However, people who want to use these devices may not have the technical knowledge to assemble them themselves, so they buy pre-made boxes from Evan.
“The item is 100% worth the investment,” Evan said. – Nobody sells devices cheaply; only a person familiar with radio electronics and the PKE (passive keyless entry) operation scheme can make it cheaply.
Evan said he heard about people using similar devices in his town and decided to research the technology. A year later, he found interested parties and began to assemble a team to assemble devices.
Since these devices themselves are not banned in the US, Evan openly advertises his products on social networks. He said that he communicates with clients using the Telegram messenger. Evan usually requires full payment upfront, but occasionally meets with a client in person if they don't want to pay a lot of money up front, or sells them a cheaper device first.
He said that he already has a criminal record, and that he will go to jail in the future for a violation not related to these issues, but when it comes to technology, Evan considers himself an amateur in this area, and not some kind of hard criminal.
“For me, all this technique is just a hobby, and I share knowledge about this with the world without fear,” he told the editors.
Source: habr.com