Tipline
Tipline
The Anti-Vehicle Crime Association of Minnesota (AVCAM) is a non-profit organization formed to prevent vehicle crime through community awareness and education. Our members come from law enforcement, insurance companies and other organizations and businesses interested in preventing vehicle crime. AVCAM has no paid staff and operates solely with member volunteers. The AVCAM message is clear and succinct:  Lock Your Car.  Take Your Keys.  Prevent A Theft.
AVCAM Blog

AVCAM Blog (8)

Wednesday, 04 September 2013 14:50

Hackers Find Weaknesses In Car Computer Systems

Written by

As cars become more like PCs on wheels, what's to stop a hacker from taking over yours?

In recent demonstrations, hackers have shown they can slam a car's brakes at freeway speeds, jerk the steering wheel and even shut down the engine — all from their laptop computers.

The hackers are publicizing their work to reveal vulnerabilities present in a growing number of car computers. All cars and trucks contain anywhere from 20 to 70 computers. They control everything from the brakes to acceleration to the windows, and are connected to an internal network. A few hackers have recently managed to find their way into these intricate networks.

In one case, a pair of hackers manipulated two cars by plugging a laptop into a port beneath the dashboard where mechanics connect their computers to search for problems. Scarier yet, another group took control of a car's computers through cellular telephone and Bluetooth connections, the compact disc player and even the tire pressure monitoring system.

To be sure, the "hackers" involved were well-intentioned computer security experts, and it took both groups months to break into the computers. And there have been no real-world cases of a hacker remotely taking over a car. But experts say high-tech hijackings will get easier as automakers give them full Internet access and add computer-controlled safety devices that take over driving duties, such as braking or steering, in emergencies. Another possibility: A tech-savvy thief could unlock the doors and drive off with your vehicle.

"The more technology they add to the vehicle, the more opportunities there are for that to be abused for nefarious purposes," says Rich Mogull, CEO of Phoenix-based Securosis, a security research firm. "Anything with a computer chip in it is vulnerable, history keeps showing us."

In the last 25 years, automakers have gradually computerized functions such as steering, braking, accelerating and shifting. Electronic gas pedal position sensors, for instance, are more reliable than the old throttle cables. Electronic parts also reduce weight and help cars use less gasoline.

The networks of little computers inside today's cars are fertile ground for hackers.

Charlie Miller, a St. Louis-based security engineer for Twitter, and fellow hacker Chris Valasek, director of intelligence at a Pittsburgh computer security consulting firm, maneuvered their way into the computer systems of a 2010 Toyota Prius and 2010 Ford Escape through a port used by mechanics.

"We could control steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, gas gauge," said Valasek. The two used a federal grant to expose the vulnerability of car computers. Even with their expertise, it took them nine months to get in.

Valasek and Miller released a report, including instructions on how to break into the cars' networks, at a hacker convention in August. They said they did so to draw attention to the problems and get automakers to fix them. The pair say automakers haven't added security to the ports.

Ford wouldn't comment other than a statement saying it takes security seriously, and that Miller and Valasek needed physical access to the cars to hack in.

Toyota said it has added security and continually tests it to stay ahead of hackers. The company said its computers are programmed to recognize rogue commands and reject them.

Two years ago, researchers at the University of Washington and University of California, San Diego did more extensive work, hacking their way into a 2009 midsize car through its cellular, Bluetooth and other wireless connections — even the CD player.

Stefan Savage, a UCSD computer science professor, said he and other researchers could control nearly everything but the car's steering. "We could have turned the brakes off. We could have killed the engine. We could have engaged the brakes," he said.

Savage wouldn't identify which manufacturer made the car they hacked into. But two people with knowledge of the work said the car was from General Motors and the researchers compromised the OnStar safety system, best known for using cellular technology to check on customers and call for help in a crash. The people didn't want to be identified because they were not authorized to speak publicly on the matter.

GM wouldn't comment on the research, but the company issued a statement saying it takes security seriously and is putting strategies in place to reduce risk.

One of the people said GM engineers initially dismissed the researchers' work, but after reading the report, quickly moved to close holes that allowed access to the car's computers.

Savage doesn't think common criminals will be able to electronically seize control of cars anytime soon. Currently it would take too much time, expertise, money and hard work to hack into the multitude of computer systems.

"You're talking about a rarefied group who has the resources and wherewithal," he said.

Instead, he believes basic theft is a more likely consequence of computerization, with criminals being able to unlock doors remotely and then start and drive the car by hacking through the diagnostic port. Remote door unlocking could also lead to theft of packages, phones and other items that are stored in a car.

Wednesday, 04 September 2013 14:50

Hackers Find Weaknesses In Car Computer Systems

Written by

As cars become more like PCs on wheels, what's to stop a hacker from taking over yours?

In recent demonstrations, hackers have shown they can slam a car's brakes at freeway speeds, jerk the steering wheel and even shut down the engine — all from their laptop computers.

The hackers are publicizing their work to reveal vulnerabilities present in a growing number of car computers. All cars and trucks contain anywhere from 20 to 70 computers. They control everything from the brakes to acceleration to the windows, and are connected to an internal network. A few hackers have recently managed to find their way into these intricate networks.

In one case, a pair of hackers manipulated two cars by plugging a laptop into a port beneath the dashboard where mechanics connect their computers to search for problems. Scarier yet, another group took control of a car's computers through cellular telephone and Bluetooth connections, the compact disc player and even the tire pressure monitoring system.

To be sure, the "hackers" involved were well-intentioned computer security experts, and it took both groups months to break into the computers. And there have been no real-world cases of a hacker remotely taking over a car. But experts say high-tech hijackings will get easier as automakers give them full Internet access and add computer-controlled safety devices that take over driving duties, such as braking or steering, in emergencies. Another possibility: A tech-savvy thief could unlock the doors and drive off with your vehicle.

"The more technology they add to the vehicle, the more opportunities there are for that to be abused for nefarious purposes," says Rich Mogull, CEO of Phoenix-based Securosis, a security research firm. "Anything with a computer chip in it is vulnerable, history keeps showing us."

In the last 25 years, automakers have gradually computerized functions such as steering, braking, accelerating and shifting. Electronic gas pedal position sensors, for instance, are more reliable than the old throttle cables. Electronic parts also reduce weight and help cars use less gasoline.

The networks of little computers inside today's cars are fertile ground for hackers.

Charlie Miller, a St. Louis-based security engineer for Twitter, and fellow hacker Chris Valasek, director of intelligence at a Pittsburgh computer security consulting firm, maneuvered their way into the computer systems of a 2010 Toyota Prius and 2010 Ford Escape through a port used by mechanics.

"We could control steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, gas gauge," said Valasek. The two used a federal grant to expose the vulnerability of car computers. Even with their expertise, it took them nine months to get in.

Valasek and Miller released a report, including instructions on how to break into the cars' networks, at a hacker convention in August. They said they did so to draw attention to the problems and get automakers to fix them. The pair say automakers haven't added security to the ports.

Ford wouldn't comment other than a statement saying it takes security seriously, and that Miller and Valasek needed physical access to the cars to hack in.

Toyota said it has added security and continually tests it to stay ahead of hackers. The company said its computers are programmed to recognize rogue commands and reject them.

Two years ago, researchers at the University of Washington and University of California, San Diego did more extensive work, hacking their way into a 2009 midsize car through its cellular, Bluetooth and other wireless connections — even the CD player.

Stefan Savage, a UCSD computer science professor, said he and other researchers could control nearly everything but the car's steering. "We could have turned the brakes off. We could have killed the engine. We could have engaged the brakes," he said.

Savage wouldn't identify which manufacturer made the car they hacked into. But two people with knowledge of the work said the car was from General Motors and the researchers compromised the OnStar safety system, best known for using cellular technology to check on customers and call for help in a crash. The people didn't want to be identified because they were not authorized to speak publicly on the matter.

GM wouldn't comment on the research, but the company issued a statement saying it takes security seriously and is putting strategies in place to reduce risk.

One of the people said GM engineers initially dismissed the researchers' work, but after reading the report, quickly moved to close holes that allowed access to the car's computers.

Savage doesn't think common criminals will be able to electronically seize control of cars anytime soon. Currently it would take too much time, expertise, money and hard work to hack into the multitude of computer systems.

"You're talking about a rarefied group who has the resources and wherewithal," he said.

Instead, he believes basic theft is a more likely consequence of computerization, with criminals being able to unlock doors remotely and then start and drive the car by hacking through the diagnostic port. Remote door unlocking could also lead to theft of packages, phones and other items that are stored in a car.

Tuesday, 15 January 2013 00:00

UPDATED : The Most Stolen Cars In The U.S.

Written by
The National Insurance Crime Bureau (NICB) has released its annual report of the most stolen cars and trucks in the U.S. Is your car one of them? Thieves are on the prowl for vehicles that are top sellers, have marketable parts, and blend in into the crowd.

The report examines vehicle theft data submitted by law enforcement to the National Crime Information Center (NCIC) and determines the vehicle make, model and model year most reported stolen in 2012.

  1. 1994 Honda Accord - According to the latest report from the National Insurance Crime Bureau (NICB), the 1994 Accord once again tops the list, making this the car’s fourth consecutive appearance as the car thieves most love to steal.The ’94 Accord’s lack of security features and its popularity as the main reasons why the car is so frequently stolen. In 1997, Honda began equipping its vehicles with immobilizer systems, preventing them from running unless the driver had the key.
  2. 1998 Honda Civic - Number two on the list is also a Honda, the 1998 Honda Civic.
  3. 2006 Ford Pickup (Full Size) -  A surprise entry in the top three is the 2006 Ford F-150 pickup, the first time a truck ranked so high on the most-stolen list since the NICB began tracking thefts in 2000.
  4. 1991 Toyota Camry - Another traditionally best-selling family sedan.
  5. 2000 Dodge Caravan
  6. 1994 Acura Integra
  7. 1999 Chevrolet Full-Size Pickup
  8. 2004 Dodge Full-Size Pickup
  9. 2002 Ford Explorer
  10. 1994 Nissan Sentra

As for the increase in thefts of later-model vehicles, the NICB says that’s the result of thieves being able to illegally obtain replacement key codes for specific vehicles.

Overall, the trend is toward decreasing auto thefts. According to FBI crime statistics, thefts haven’t been this low since 1967.
Remote keyless entry has been around for for almost 20 years now, and has become standard equipment on virtually all new cars today. More advanced keyless systems are passive, providing access to a vehicle by merely being in close proximity to a vehicle. No digging for keys and pressing buttons. As researchers in Switzerland demonstrated recently by successfully attacked eight car manufacturers’ passive keyless entry and start systems—wireless key fobs that open a car’s doors and start the engine by proximity alone.

A new report by MIT researchers shows how an attackers can start a car using an antenna. A signal from the car is transmitted to a computerized key, which is tricked into enabling the engine ignition.

Remote keyless-entry systems use radio waves that typically are specific to a manufacturer, and the signals are usually encrypted. When your vehicle’s key fob is within 20 feet of the car, you’re allowed to transmit a signal to unlock the doors, pop the trunk, remote start your car (when equipped) or activate the car alarm. Researchers at ETH Zurich discovered that these encrypted signals are easy to intercept and trick.

The theft works by setting up two antennas, one near the targeted vehicle and one near the holder of the key fob. This equipment can usually be purchased for $100 to $1,000. The person with the antenna aimed at the owner of the key fob needs to get within 26 feet of the target. In a store, this could be a few aisles away, so as to not arouse suspicion.

Once the antenna is near the intended victim’s key fob, the key transmits a low-power signal to the antenna, which is then relayed to the antenna near the vehicle. Once that occurs, the thief can unlock the doors and drive away (if the vehicle has push-button start).

While this system may seem fairly complicated, it could catch on with car thieves because of the cost of the equipment and anonymity. However, the hack cannot start the cars with traditional keys. Today’s ignition systems are increasingly complicated and secure.

Another negative aspect of high-tech car theft is that it doesn’t leave any sign of forced entry. That could lead to problems with police and insurance companies in tracking down the criminals and filing insurance claims.

At the moment, the only effective way of preventing keyless entry hacking is to leave your key fob at home until manufacturers come up with an effective method of preventing keyless entry theft.
Thursday, 14 March 2013 15:35

Top Auto Theft Myths

Written by
Myth: Most Thefts Occur in Unprotected Areas. Despite conventional wisdom, parking in an unprotected area does not mean your vehicle is more likely to be stolen. An FBI report on "Crime in the United States" indicates that more than one-third of all vehicle thefts occur at a home or residence, compared to only two of every 10 vehicle thefts occurring at a parking lot or parking structure. Vehicles that are stolen from highways, roads or alleys, including carjacking, account for the least number of thefts.

Myth: Stolen Vehicles Are Usually Found. Drivers who believe their stolen car will eventually be found also may be making a false assumption, especially if their vehicle has been missing for more than six days. Although about one-half of all stolen vehicles are recovered, the first few days are critical. Even if the vehicle is recovered, it may be completely totaled. The longer the vehicle is in the possession of criminals, the less chance of recovery. Interestingly, Fridays and Saturdays are the days with the highest frequency of motor vehicle theft and Mondays and Tuesdays have the highest recovery rates.

Myth: Insurance Always Provides a Rental Car. Another common misconception many insured drivers have is that once they report a stolen car, their auto insurance will automatically cover a rental car until their vehicle is found or they are authorized by their insurance company to buy a new one, which can take several weeks. Unfortunately, although insurance for theft is included in the comprehensive part of an auto insurance policy, this coverage may not automatically include coverage for a replacement rental car for a stolen vehicle. Since replacement rental car coverage is only a couple dollars a month, it can cost more for a one-day car rental than for a full-year of coverage.

Myth: Anti-Theft Devices Are Easy to Install. Pay a competent professional to wire, install and test the anti-theft system because there is too much complexity in today's vehicles for an untrained person to cut into a vehicle's electronics. Don't select the installer on price alone; check with the Better Business Bureau (www.bbb.org) for a report to see if the business is reputable. Also, ask if the alarm system technician is certified by the Mobile Electronics Certification Program (MECP). If not, you may want to look elsewhere. And, make sure the shop provides a written warranty and will take the time to show you how the anti-theft system works so that you are comfortable with its operation.

Myth: Thieves Are Not Interested in Older Vehicles. Those who believe that older vehicles are of no interest to thieves should think again. "Older vehicles are most often taken for their parts which are no longer manufactured and are too difficult or expensive to obtain," said Robert M. Bryant, president and chief executive officer of NICB. Unfortunately, motorists with older vehicles who have dropped comprehensive coverage to save money are not covered for theft and do not qualify for replacement rental car coverage. NICB also publishes annual lists of the top thefts by region and by year, make and model, as well as most popular colors stolen and other information, including tips to help avoid theft using its "Layered Approach to Protection" at www.nicb.org.

Supported by 1,000 major property and casualty insurance companies, the National Insurance Crime Bureau (www.nicb.org), based in Chicago, and is a not-for-profit organization dedicated exclusively to fighting insurance fraud and theft through criminal investigations, industry training and public education programs. For more information on fraud and how it affects everyone, please visit www.nicb.org.
Tuesday, 14 May 2013 15:14

Does VIN Etching Effect Insurance Rates?

Written by
VIN etching is the permanent stenciling of your vehicle’s 17-digit identification number onto the windshield and all window glass.

The engraving can be done by either laser, chemical or mechanical process and usually takes as little as 10 to 15 minutes.  Typically the etching is done at the bottom of the glass and doesn’t obstruct your view or change the overall appearance of your car, but it can help protect it from thieves.

Many auto insurers will give you a discount if your car’s vehicle identification number (VIN) is permanently etched into your vehicle’s glass.  The discount varies but typically it’s anywhere from 5 percent to 15 percent off of your comprehensive coverage.  

Having your VIN etched on your windows counts as a passive security system / anti-theft deterrent and is why a discount may be available on this portion of your policy.

Why Do VIN Etching?

Police and insurance companies both recommend VIN etching to protect your vehicle against theft.  It’s much harder for a thief to make a profit off of stealing your vehicle when your car’s glass is etched with your VIN.

If your auto has VIN etching, a thief would need to change out all the glass on the vehicle, which is expensive and thus a deterrent to stealing your car versus one without VIN etching.  Also, if your car is stolen, police will have an easier time identifying and recovering your vehicle -- even if the VIN plate is missing -- since the VIN is now available on multiple parts of your vehicle.

Where to get a VIN etching

Dealerships typically offer VIN etching on new cars, but this option tends to be pricey ($200 or more).  To save money, get the etching done on your new or used car by someone other than a dealer.

DIY etching kits are available for $20, and some American Automobile Association (AAA) offices offer the service for $30 for members and $40 for non-members.  Also, police, state and city crime prevention associations host free VIN etching events throughout the year. Look to see if a free VIN etching event is taking place soon in your area before paying to get it done.

When you have the VIN etching done to your vehicle, you should receive a completed form to submit to your car insurance provider and seek a discount.  It’s also a good time to ask your auto insurer about any other types of discounts you may be eligible for but aren’t currently receiving.
Sunday, 14 April 2013 15:13

The Top 5 Methods Thieves Use To Steal a Car

Written by
  1. Theft of an unattended vehicle without key(s): The removal of a parked vehicle either by breaking and entry, followed by hotwiring or other tampering methods to start the vehicle, or else towing.
  2. Theft with access to keys: Known in some places as "Taken Without Owner's Consent (TWOC)". The unauthorized use of a vehicle in which the owner has allowed the driver to have possession of or easy access to the keys. Often, this is the adolescent or grown child or employee of the vehicle's owner who, at other times, may be authorized to use the vehicle. May be treated differently, depending on the jurisdiction's laws, and the owner may choose not to press charges.
  3. Opportunistic theft: The removal of a vehicle that the owner or operator has left unattended with the keys visibly present, sometimes idling.
  4. Carjacking: Refers to the taking of a vehicle by force or threat of force from its owner or operator. In most places, this is the most serious form of theft, since assault also occurs. In some carjackings, the operators and passengers are forced from the vehicle while the thief drives it away him/herself, while in other incidents, the operator and/or passenger(s) are forced to remain in the vehicle as hostages. Some less common carjackings result in the operator being forced to drive the assailant in accordance with the assailant's demands.
  5. Fraudulent theft: Illegal acquisition of a vehicle from a seller through fraudulent transfer of funds that the seller will ultimately not receive (such as by identity theft or the use of a counterfeit cashier's check). Many vehicles stolen in this manner are resold quickly thereafter.
Friday, 15 February 2013 00:00

Computer Tracking and the Prevention of Auto Theft

Written by
A vehicle tracking system combines the installation of an electronic device in a vehicle, or fleet of vehicles, with purpose-designed computer software at least at one operational base to enable the owner or a third party to track the vehicle's location, collecting data in the process from the field and deliver it to the base of operation. Modern vehicle tracking systems commonly use GPS or GLONASS technology for locating the vehicle, but other types of automatic vehicle location technology can also be used. Vehicle information can be viewed on electronic maps via the Internet or specialized software. Urban public transit authorities are an increasingly common user of vehicle tracking systems, particularly in large cities.

Passive versus Active Tracking

Several types of vehicle tracking devices exist. Typically they are classified as "passive" and "active". "Passive" devices store GPS location, speed, heading and sometimes a trigger event such as key on/off, door open/closed. Once the vehicle returns to a predetermined point, the device is removed and the data downloaded to a computer for evaluation. Passive systems include auto download type that transfer data via wireless download. "Active" devices also collect the same information but usually transmit the data in near-real-time via cellular or satellite networks to a computer or data center for evaluation.

Many modern vehicle tracking devices combine both active and passive tracking abilities: when a cellular network is available and a tracking device is connected it transmits data to a server; when a network is not available the device stores data in internal memory and will transmit stored data to the server later when the network becomes available again.

Historically, vehicle tracking has been accomplished by installing a box into the vehicle, either self-powered with a battery or wired into the vehicle's power system. For detailed vehicle locating and tracking this is still the predominant method; however, many companies are increasingly interested in the emerging cell phone technologies that provide tracking of multiple entities, such as both a salesperson and their vehicle. These systems also offer tracking of calls, texts, web use and generally provide a wider range of options.