How new tech ended Toronto’s last car theft crisis — then started another
Sun Nov 05 05:00:00 EST 2023
Toronto’s out-of-control car theft epidemic started quietly. It was 2015, and theft rates were at record lows. At the time, automakers had nearly completed a transition: The car key was out. In its place was the key fob, which could unlock a car and start the ignition without any physical contact. This computerization was seen as a way of preventing thefts via the old-school technique of hot-wiring — and it appeared to be working. That year, Toronto police reported fewer than 3,500 car thefts, down more than 70 per cent from the city’s post-amalgamation record of nearly 12,500 in 2003.
But investigators were noticing something new was happening: Criminals had started to use mystery devices that let them steal the newer, previously harder-to-steal vehicles. Thieves “may have access to electronic devices, which can compromise an SUV’s security system,” Toronto police warned residents of the city’s wealthy Midtown area in a 2015 news release — the first of many notices about the new technique that has come to define the city’s current car theft explosion. In France, where car thefts shot up a remarkable 74 per cent over four months in 2015 and have continued to rise, this same practice of using technology to duplicate a car’s key fob has been termed “mouse-jacking.” It involves a thief using a device to intercept and duplicate the radio signal of a key fob from a distance. The targeted fob can even be inside, sitting on a counter behind a locked door; a copy can be made in a few minutes, without needing to break in. And as thefts have spiked to near record levels in Toronto since 2015, police say this and other computerized attacks are a significant factor behind the explosion.
It’s why police routinely advise anti-theft techniques like keeping your key fob in a Faraday box that blocks the signal from being copied from outside your home. It was also in 2015 that researchers were ringing the alarm about these new techniques. In late summer that year, British and Dutch scientists were finally allowed to release their findings on car security after being blocked for two years by lawyers for Volkswagen, who had won a British court injunction against the release of their findings. Their scientific paper — subtitled “Wirelessly Lockpicking a Vehicle Immobilizer” — detailed several “practical attacks” thieves were using to take control of high-end cars, including Porsches, Bentleys and other brands under Volkswagen’s corporate umbrella. “From our collaboration with the local police, it was made clear that sometimes cars are being stolen and nobody can explain how,” the scientists wrote, explaining the motivation for their study before detailing ways thieves could relatively easily crack a vehicle’s cryptographic safeguards and defeat the immobilizer device that’s meant to only allows a car to start in the presence of the key fob. In their paper, the researchers argued that carmakers hadn’t paid enough attention to security as they pushed to computerize their vehicles.
“At some point, the mechanical key was removed from the vehicle but the cryptographic mechanisms were not strengthened to compensate,” they wrote. “The software in existing cars is designed with safety in mind, but is still immature in terms of security,” they wrote. Volkswagen had originally sought for the scientists to publish a shortened version of their paper without codes used to crack the vehicles’ security systems, but the scientists declined.
Eventually, the scientists won in court, and a slightly shortened version of their findings was released at the 2015 USENIX security symposium of the Advanced Computing Systems Association. The researchers noted that Volkswagen used their findings to resolve some of the issues they’d uncovered. Volkswagen was also far from the only carmaker vulnerable to “mouse jacking.” The most commonly stolen vehicles in Toronto include popular models from Toyota and Honda, as well as luxury SUVs by Lexus and Range Rover.
In other areas of the GTA, common targets include GMC, Dodge and Ford trucks. And in the U.S., Korean brands Kia and Hyundai have been forced to pay settlements over models that were too vulnerable to hacking thefts. So far in 2023, vehicle thefts in Toronto have shot up nearly another 30 per cent since last year. As of Nov. 1, the city had reported nearly 10,000 thefts, essentially matching 2022 with two months to spare and on track to nearly challenge 2003’s record.
Elsewhere, thefts have increased more than 50 per cent in Quebec, 18.3 per cent in Alberta and 34.5 per cent in Atlantic Canada, according to Équité Association, a not-for-profit group that works with police and the insurance industry. Équité spokesperson Bryan Gast said vehicle manufacturers should update and enhance their anti-theft measures to prevent easy thefts. Meanwhile, vehicle owners can do a number of things, including parking in a secure garage or well-lit area; equipping vehicles with GPS tracking devices; placing a fob in a Faraday bag while at home; using devices that show thieves the vehicle is protected; and installing a quality aftermarket immobilizer device with an ignition disabler that protects against reprogramming and other attacks.
Owners should also be sure to lock their vehicles and activate their security systems, and never leave their car running or with the key or fob inside while unattended, Gast said. For safety’s sake, Gast emphasized that vehicle owners shouldn’t try to physically track their stolen vehicle or put themselves in harm’s way and should always report suspicious activity to police.
Late last month, Toronto police announced the recovery of more than 1,000 vehicles — worth nearly $60 million — in an investigation dubbed “Project Stallion.” In many cases, the vehicles were recovered as they were being prepared to be shipped overseas, with vehicles recovered from staging areas and other spots between Toronto and the Port of Montreal, Supt. Ron Taverner said, cautioning that Project Stallion largely targeted people at the lower end of the criminal organizational hierarchy. “It’s very difficult to get to the head of the snake,” he said. Meanwhile, criminals keep getting better at hacking into vehicles’ security systems. A decade ago, sophisticated thieves could hack into a car’s security system within 30 minutes.
Now, it can be done in under a minute.