Automotive theft affects shipping security

Cars and ships – there’s not that much in common with two areas that we carry out a lot of research in to. One uses CAN for safety critical controls, the other uses serial and +/- 10V.

Yet, security of the two sectors is linked through vehicle theft and fraud:

Most modern vehicles have telematic data connections. eCall is mandatory for all vehicles sold in the EU; in the event of an accident the emergency services are automatically informed of the vehicle position, airbag deployment and impact sensor information.

Many other telematics services are available, depending on the vehicle and manufacturer. ‘black box’ event data recorders  (EDRs) are present in many for post-incident analysis by the OEM. Some insurers insist on a telematics device for some policies, particularly for young drivers.

Indeed, higher end vehicles have concierge type services and other always-on data connections to provide the driver with useful information.

Services are usually delivered using a telematics control unit (TCU) fitted somewhere around the vehicle.

The mobile data connections these use can be expensive for the OEM, so large software updates are delivered via Wi-Fi in some cases, notably Tesla.

Some manufacturers dislike security researchers and competitors tampering with their vehicles. I remember a story where a Tesla was being reverse engineered by a competitor investing in development of their own electric vehicles. Tesla knew from telematics data where the vehicle was & who was reverse engineering it, so gave them a call…

Telematics tracking

It’s possible to stop telematic data from being gathered in a number of ways. Disconnecting the GPS aerial from the TCU and/or removing the data SIM are possible, but often require removal of panels and wiring from the vehicle. It took us over 4 hours of fiddling to achieve this in one vehicle. Removing the TCU is possible, but in our experience the vehicle may not function without it.

Some people simply don’t like the concept of being tracked – the perceived invasion of their privacy by the OEM or telematics service provider is of too great a concern. So, they might want to block the signal.

Some choose a GPS jammer, though these are illegal in many territories. Small jamming devices are available online, they simply plug in to the 12V power supply or run from batteries. They have low range, but will jam the GPS signal in the vicinity of the vehicle, preventing telematics from detecting vehicle position.

Note that the rough position of the data sim in the TCU can be triangulated from cell towers, so GPS jamming may not be sufficient by itself for those seeking privacy. GSM jammers are also available, also illegal in many countries.

We do not condone the use of GPS or GSM jammers. However, automotive and shipping industries should be aware of the potential issues surrounding use of these devices.

Vehicle theft

As OEMs and vehicle tracking security devices can locate stolen vehicles, car thieves need to obfuscate stolen vehicle position, or it can easily be tracked and recovered.

Luxury vehicles are often quickly loaded to shipping containers and moved out of the country. Whilst the telematics still has connectivity to mobile data, the stolen vehicle is exposed to recovery.

Shipping containers are often considered ‘Faraday Cages’ for GPS signals, yet this is a dated view. Several years ago, GPS tracking from inside containers was demonstrated with commercial success, particularly for high value parcel tracking from inside a container.

As a result, GPS jammers are increasingly being used in vehicle theft and export cases. This creates significant issues in shipping:

GPS jamming on board ship

GPS jamming is often considered a nation-state grade attack, probably because the highest profile incidents to date have been in the vicinity of military bases.

Yet, the technology for short-range jamming is well within the reach of the average consumer. I believe that we will see a spate of jamming incidents relating to vehicles and shipping:

Consumers with jammers for privacy reasons will take their vehicles on board ferries. Ships masters will need to be prepared for GPS drop outs and ensure that they are not relying on GPS position alone.

Ocean going container vessels may experience local jamming for extended periods from stolen vehicles on board. If buried deep in stacks, then the jamming signal may be attenuated somewhat.

GPS jamming has been perceived as emanating from a fixed location, e.g. a shore station. Navigate away from the jamming station and all returns to normal. If it’s emanating from a fixed location ON BOARD, that’s a different matter.

Conclusion

Careful choice of GPS receiver location may help reduce the impact of jamming on board, as may design of the receiver.

Automated detection and alarming of GPS jamming will help the crew know when to disregard unusual position reports. Many modern vessels will have GPS jamming detection alarms.

Having simple handheld equipment on board to help the crew locate the source of a jammer may be wise in future.

More than anything, the availability of jammers should remind crew to always look out of the window and not become fixated on screens.

Practice working without GPS: consider covering an ECDIS screen, forcing the navigation officer to work from other instruments, whilst another member of the crew keeps a safety watch on a second ECDIS screen.