Criminals stealing shop scan tools and using them to steal vehicles
Motor Auto News reports that criminals are hijacking auto locksmith vehicles in order to steal their scan tools capable or re-keying vehicles. In addition these same criminals are breaking into auto repair shops by breaking windows in order to steal scan tools.
The goal? To obtain scan tools capable of reprogramming vehicle key fobs so they can steal cars and trucks.
“What we’re seeing today are vehicle service providers (VSP—who are bonded and licensed to perform locksmith or security work on vehicles) being shot at and their vehicles being stolen so thieves can get access to aftermarket scan tool technology that allows them to cut new keys, program key FOBs and steal vehicles,” says Chris Chesney, VP Training and Organizational Development for Repairify Institute, during a recent CIECA webinar.
A professional grade scan tool allows criminals access to the vehicle’s security system
By gaining access to the OBDII port, a criminal with a pro grade scan tool can perform a CAN injection attack, where the perpetrators accesses the vehicle’s CAN bus, allowing them to unlock the vehicle and disabling the engine immobilizer with a simple USB cord and Bluetooth speaker.
“The thieves can do this in less than two minutes and drive away,” says Chesney, who is also a board member of the National Automotive Service Task Force (NASTF). “Cybersecurity is a major issue with OEMs today. Vehicles are being stolen at an all-time high rate—higher than any time in the last 14 years. And the brand protection departments of each OEM are really stepping in and trying to make sure their vehicles can’t be stolen because they don’t want to be on the news. Cybersecurity is at the top of the list for OEMs.”
Prevent scan tool theft
In a joint effort, a new program to be introduced by NASTF, the Equipment & Tool Institute (ETI) and others will help solve the problem of aftermarket scan tool security. If a service professional is going to perform a security transaction on a vehicle using an aftermarket scan tool, they will be required to contact the NASTF Secure Data Release Model (SDRM) registry to verify that they are credentialed and a known entity as a VSP—and not a criminal.
“This program has the potential to squash a lot of the problems we’re experiencing today,” says Donny Seyfer, executive director of NASTF, during a NASTF meeting this month. “Without fail, these thieves are caught with a couple different aftermarket scan tools when they are arrested. We’re trying to keep those tools in the hands of the people who bought them, and protect the locksmiths so they don’t have to choose between their lives and their livelihood when they’re working.”
(NASTF has also recently identified another method being used by criminals who download sensitive VSP and business information that shops have uploaded to their websites and public online spaces. Read about it here.)
Aftermarket scan tool manufacturers will be required to integrate the NASTF SDRM Application Programming Interface (API) in their scan tools to reduce vehicle theft rates. VSPs will need to add security protocols, logins and requirements for internet connectivity, etc. Many aftermarket tool companies are already implementing changes in anticipation of the program, Seyfer says.
Seyfer adds that mid-December is the goal to begin the messaging, and they’ll use AAPEX and SEMA this year to create awareness and announce that the program is coming. He says it’s also important that service professionals who are already VSPs know that they are already credentialed and don’t need to take any further steps or make changes.
Posted on by Rick Muscoplat