Here’s How Car Thieves Use SiriusXM Remote Start to Swipe Your Car

If you own a Honda, Acura, Infiniti, or Nissan with a SiriusXM subscription installed, your vehicle could have been an easy mark for car theft. That’s because its Connected Vehicle Services includes remote functions for car owners. Car thieves could unlock the car and then remotely start it. A second person near the car could drive it away. But it gets worse.

So how do car thieves hack into cars with SiriusXM?

police investigating
Police investigating dealership car theft | Colin McConnell/Toronto Star via Getty Images

Bug bounty hunter Sam Curry found that besides stealing your car, thieves could gain access to private information. “We took the authorization bearer and used it in an HTTP request to fetch the user profile,” Curry explains on his Twitter account. “It worked! The response contained the victim’s name, phone number, address, and car details. At this point, we made a simple python script to fetch the customer details of any VIN number.”

It’s becoming a common problem with remote connectivity. Hackers can transmit authentication codes between a key fob and the car’s ECU. Tesla vehicles are especially vulnerable, with a security expert in Germany showing he controlled around half a dozen Teslas at one time. 

Is anything being done to stop the car thieves?

First, he would open the doors and/or windows. Then, by disabling Sentry Mode and locating the Tesla, it can be swiped. The vulnerability reports have the National Highway Traffic Safety Administration’s attention. 

“Cybersecurity needs to be a top priority for every automaker, developer, and operator,” the NHTSA announced. One of the easiest ways is to pick up the key fob signal inside a house. From there, unlocking the doors and starting up the car is easy. 

Immobilizers can stop only some car thefts

Grand Theft
Illustration of Grand Theft Auto (GTA) logo | Rafael Henrique/SOPA Images/LightRocket via Getty Images

With immobilizers now in most cars, the only way to start a car remotely is with a unique handshake signal. Thieves need a laptop, a specific frequency, and knowledge of hacking to create the specific electronic signal to start the car.

As to thieves getting the key fob signal from inside of a house, keeping the fob away from the front of the house, or better, inside the refrigerator, it isolates the signal from spreading beyond the four walls of the house. But eventually, hackers will come up with another hack to override patches or other security measures to fight stolen car incidents. 

So would going back to a physical key lower theft rates? Yes, plenty of thefts happened with these ignition systems. But you had to either get the key or physically hack into the steering column to access the ignition switch and unlock the steering wheel. 

Why not go back to physical keys?

car theft
Police respond to a car theft | JOSEPH PREZIOSO/AFP via Getty Images

So the combination of those two deterrents helped keep somewhat of a lid on car theft. Getting the key is an obvious way to block theft. And having to hack the column takes time. 

But not that much time. Maybe three minutes with a screwdriver. And they were easily accessible, being right on the steering column. So if there was a reason to go back, which we doubt carmakers will do, they would be aware enough to isolate and shield the ignition switch better than in the 1980s. 

The good news about the SiriusXM breach is that the company was made aware of the issue and created a patch to thwart car thieves. Until, as we said, a better hack is discovered.