Beware the Monolith

Written By Edward Luck

Yesterday we were notified of another VF Commodore that was stolen by pushing or towing it away even though it had a CANbus immobiliser fitted. And it reminded me of a classic term we use in Cybersecurity - “Monolithic security”.

It boils down to this:

If most people with a VF Commodore have a CANbus immobiliser fitted, thieves will assume that you have a CANbus immobiliser fitted and will just tow it away rather than attempt to use their normal tools to start the car.

We use the term, “monolithic” because nearly everyone will have the same protection in place. And so the thieves pivot to a technique that bypasses it.

What to Do?

There is a short version and a long version of this. The short version is get a good tracking system in place (hi there!). The long version is to layer your security.

Looking at the VF commodore specifically, here is what we would recommend:

  • A good vehicle immobiliser. CANBus, or otherwise (hi there!)

    • The Immobiliser should also disable the electric park brake switch, or electronic steering lock

  • A good GPS tracking system

    • With auto geofence alarms

    • With Ignition notification

    • With towing alarms

    • With real-time tracking capabilities

    • With a backup battery

    • With jamming detection

    • With Location Based Services (i.e., find the tracker based on cell tower data not just GPS)

    • Tied into the immobiliser if possible

    • Able to tie into your car alarm for notifications your alarm has been triggered

  • If the vehicle is really valuable, a secondary (standby) GPS tracker powered by an internal long life battery

    • Which also has Location Based Services for finding the tracker based on cell tower triangulation

Closing thoughts

Attack and defense is a constantly evolving game. An attack appears and is very successful, followed by a defense which is very successful, followed by the attacker pivoting to a new technique (which is very successful!) and so on.

As players in the defense market, we of course are always trying to make the sale and it is easy to fall into the trap of saying something can’t be defeated or bypassed. Everything can be defeated with enough time. Honestly we’re surprised that some enterprising fellow or team hasn’t found vulnerabilities in the CANBus immobiliser market that could also be exploited via CANBus. It is improper thinking to suggest that one could not exist. It is better thinking to suggest that one may exist but just hasn’t been found or attacked yet.

We don’t believe there is a known vulnerability in any CANbus immobilisers though. If there was we’d likely hear about it because it’s not like your average thief on the street is good at keeping secrets.

So in summary…

Avoid the Monolith and layer your security.

Edward Luck
Previous

The Ultimate Stopped Machine
Next

Listen, Coppertop