First of all, the most important thing for Canadians to realize is that the technology to fix auto theft has existed for literal decades, since the popular introduction of keyless car fobs in the early 2000s. The fact that this solution has not been implemented is ultimately for several reasons.

The encryption used by cars and their fobs is largely weak, and easily defeated using exploits such as RollJam and Rolling-PWN. These various iterations of attacks on rolling code encryption systems target a wide assortment of automotive manufacturers, stretching across decades of models of vehicles that are still in regular use today by the mass public.

Through exploits in these non-standard rolling code systems, which are proprietary and thus vary between manufacturers, thieves can mimic an authentic fob to remotely unlock and start vehicles they do not own. The attacks on rolling code systems thus take many different forms based on the make and year of the car, but ultimately with the same goal.

Some iterations copy and then jam the signal of the authentic fob while the bad actor replays the copied signal themselves; other techniques exploit bugs in the rolling code implementation to replay previously expired code, and another variant instead seeks to reverse-engineer the pseudorandom number generator used to generate the codes, allowing future codes to be predicted before they’re sent.

There are some mitigation strategies that manufacturers can implement against these attacks, but they require more advanced software and hardware that adds costs to the cars and the fobs. While these mitigations attempt to ensure the authenticity of any fob in use, security researchers have developed exploits to cloak fraudulent fobs and make them appear authentic.

The industry standard of security through obscurity and glitchy proprietary algorithms has not worked, but there are stronger software and hardware encryption solutions that can be used. There are several reasons why automotive manufacturers have opted against implementing those measures, although not all of them motivated by greed.

When it comes to embedded hardware chips that perform cryptographic operations, the more complex they are, the more expensive. While the price differences may seem marginal between the different tiers of embedded chips, it is indeed those margins which matter a great deal at the large order volumes that large manufacturers such as the automotive industry require.

Even when older vehicles have the capacity to receive software updates to improve their cryptography, or even when they can be made compatible with newer fobs that have stronger security measures to ensure their authenticity, auto manufacturers ultimately get their profit from selling new cars and not maintaining old ones.

Absent any legal requirement for auto manufacturers to provide security updates for a certain number of years after the model is released, there is no financial incentive to improve the security of used cars. Certainly not in the best interest of the consumer, but under capitalism corporations will pursue as much profit as they are legally permitted to pursue.

Thus, the manufacturers have no financial interest under the current regulatory regime towards making either their new cars or their used cars harder to steal. But the blame does not lie solely with security exploits on these proprietary rolling code encryption systems. Blame additionally lies with service tools designed by the manufacturer themselves, to provide features that car owners have deemed necessary.

Share Jake Landau is Getting Tired

The bleeding edge of security attacks on cars is called a CAN Bus Attack, as reported recently last year in this piece by CBS News. The CAN Bus is best described as the central computer system at the core of the car, which is used by service technicians to diagnose and fix issues with the motor vehicle.

Systems which can interface directly with the CAN Bus of a vehicle through it’s diagnostic port are available legally for purchase by the general public, and they are frequently used legitimately by locksmiths to delete and add fobs from the car when individuals are locked out of their vehicle.

The problem here is that while a locksmith will follow the law, and will only generate a new fob if the registration in your glove box matches your ID while otherwise re-locking the car if you lied, nefarious criminals obviously have no compunctions about using these tools to steal your vehicle.

The CAN protocol does not have any standardized security features, and indeed if manufacturers could completely lock it down solely to their own dealerships, there would no longer be the ability to visit independent car dealers or repair shops. Such ability for the auto manufacturer to force you to only buy used cars from them, and only repair your vehicle with them, would obviously raise prices, and indeed a locksmith can replace your car fob for a far cheaper price than your dealership will.

Worse, if the tool to interface with a vehicle’s CAN Bus did not exist, then the moment someone’s keys were lost or damaged, that car which they likely spent a five-figure sum to purchase would suddenly become a very expensive paperweight. The lock would be perfectly secure, indeed too secure, as the car would be effectively useless and require extensive replacement of internal systems with a new computer matched to a new fob.

This is ultimately a larger problem than the flaws in the encryption systems currently used by manufacturers. True organized crime rings won’t use glitch exploits on the rolling code system, they will simply obtain these industry standard tools which can rapidly generate a new fob in less than a minute.

Every customer wants a car that can’t be stolen, and yet they also want a car where the keys can be replaced when they need them replaced. Ultimately, both of these consumer demands are in direct competition with each other.

The CAN Bus is effectively a skeleton key for cars, and there is no magic key and lock which only works for those who are pure of heart and not those whom bear wicked intent. The entire automotive industry, from sale to repair to resale, requires this backdoor system to give customers the reprogrammable fobs they need, and since this technology by it’s very nature is prolific throughout the industry there is no possible way to prevent organized crime from accessing it.

Thus, theft of vehicles has become incredibly simple to execute, moved quickly at low risk through the Port of Montreal. Organized criminals migrate cargo containers full of stolen vehicles into the Port through rail or truck using falsified customs declarations, and then avoid detection through the Canadian government’s extreme austerity in hiring border officers and purchasing cargo scanners, which the Americans have funded to a far larger extent.

The thefts are simple to execute, the smuggling is low-risk to perform, and the sale of the stolen goods abroad is extremely lucrative for the amount of labour performed across the entirety of the operation. Ultimately, without any political will to give CBSA the resources they need to truly stop organized crime at the Port of Montreal, auto theft will continue to run unabated in Canada. Assuredly, it is not the only smuggling occurring at the Port.

There is, however, one solution to the problem of auto theft, a technique in which we might cut the Gordian Knot. I am aware of an automobile which is already in extremely popular use, and which has very practical limitations making it difficult for malfeasants to steal, and even more difficult to smuggle and fence for profit. Let me end this column by providing you with a visual representation of this elegant solution to auto theft.