PCA Forums

Where the old farts gather
https://www.pcabusers.org/phpbb3/

Car Thieves Everywhere Rejoice as Unsecured Database Exposes 10 Million Car VINs

https://www.pcabusers.org/phpbb3/viewtopic.php?f=18&t=60960

Page 1 of 1

Car Thieves Everywhere Rejoice as Unsecured Database Exposes 10 Million Car VINs

Posted: Thu Jun 08, 2017 10:22 pm
by FlyingPenguin
VINs could be used in mass car cloning operation

Believe it or not, the most sought-after information exposed in the database is the VINs, a serial number unique to each vehicle.

For the last decade, car thieves have been using stolen VIN numbers to pass stolen cars as legitimate...

...VINs could be used to create replica keys

Besides car cloning, VINs can also be used for other criminal operations. For example, last week, a motorcycle gang from Mexico known as the Hooligans have shown the world another way of using stolen VINs.

The group operated by initially obtaining the VIN of a car they wanted to steal. The group focused only on Jeep Wranglers.

After getting his VIN, the gang would illegally access a car dealership's proprietary database from where they'd steal two codes necessary to create replacement keys.

The gang would then use these secondary keys to open cars and drive off with people's cars in the middle of the night.

Compared to car cloning, this method is more complex, as it requires access to proprietary car key codes databases, but if an attacker finds 10 million VINs on the Internet than he's already halfway there.
https://www.bleepingcomputer.com/news/s ... -car-vins/

Re: Car Thieves Everywhere Rejoice as Unsecured Database Exposes 10 Million Car VINs

Posted: Sat Jun 10, 2017 9:07 am
by Losbot
What baffles me is that if the VIN is so sacred, why are we still placing it on the dash in plain sight? Why not only place it in areas where you'd need a key to access it & read it?

Re: Car Thieves Everywhere Rejoice as Unsecured Database Exposes 10 Million Car VINs

Posted: Sat Jun 10, 2017 9:25 am
by FlyingPenguin
I'm guessing what's valuable is not only the VIN but the owner's information? I guess that would make it easier to forge a stolen car's VIN?

Re: Car Thieves Everywhere Rejoice as Unsecured Database Exposes 10 Million Car VINs

Posted: Wed Jun 14, 2017 9:52 am
by Err
While it would stick for owners, the only way I see around this is to not tie keys to the VIN and require a dealer to marry them to the vehicle. Another way may be to have a code encrypted in the car's computer that can only be read by a dealer. Neither method is going to stop all thieves.

Honestly, having to punch in a PIN to start your car would probably be more secure in this day and age.

Re: Car Thieves Everywhere Rejoice as Unsecured Database Exposes 10 Million Car VINs

Posted: Wed Jun 14, 2017 4:14 pm
by Pugsley
Depends how its integrated. If its just a module that sends a signal to the ECU saying OK to run then that can be faked.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited