Car Theft on Steroids: How Cyber-Powered Techniques Are Transforming Vehicle Protection

Home Blog Car Theft on Steroids: How Cyber-Powered Techniques Are Transforming Vehicle Protection

Car Theft on Steroids: How Cyber-Powered Techniques Are Transforming Vehicle Protection

Noam Herzenstein, Director of Product Marketing

Table of contents

It’s Monday morning, you pull yourself out of bed, make a cup of coffee, and head out to your car. When you reach the curb, you don’t believe your eyes. The front bumper and headlight housing are partially detached, the surrounding areas are scuffed and the paint is chipped. Figuring it was a weekend teenager prank, you take the car to the shop and forget about it. Two days later your car is stolen. 

If this sounds familiar, you’re not alone. This and other types of sophisticated cyber-enabled car theft have reached pandemic proportions, with repercussions across the industry – from car owners and OEMs to fleet operators and insurance companies.

From Hot Wiring to Hacking

Traditionally, the tools of the trade for a car thief were a big rock to break the window and a hot wire to bypass the ignition. That’s all you needed to drive away with the car.  Then came the immobilizer about 20 years ago, which became the gold standard for anti-theft protection. Needless to say, immobilizers don’t stand a chance against today’s high-tech car thieves – and we’re seeing the results on our streets every day.

From an automotive cyber security standpoint, the sophistication of today’s software-defined vehicles (SDVs) is a double-edged sword. Keyless technology and other smart connected vehicle systems enhance safety and convenience for drivers, but at the same time these technologies introduce new attack vectors that car thieves are leveraging to unlock, start and steal a car in less than 30 seconds.

Car Theft Has Reached Epidemic Levels

Car theft has escalated into a national crisis in many countries. In Canada alone, auto theft insurance claims surpassed $1.5 billion in 2023. Similarly, the United States reported over one million stolen vehicles in the same year. According to a crime trends report,  motor vehicle thefts increased by 39% in the first half of 2023 and by 21% in the second half of 2023 (see chart).

Source: Crime Trends in U.S. Cities, Mid-Year 2023 Update Report from the Council on Criminal Justice

Wreaking Havoc with the Entire Automotive Ecosystem

Vehicle theft is a multi-billion-dollar crime, costing vehicle owners more than $8 billion each year. Besides the anguish for car owners, cyber theft impacts the entire vehicle ecosystem:

  • OEMs – In certain markets and countries, specific car brands and models are known for being highly prone to theft. This “linkage” has a negative impact on brand reputation and sales for vehicle manufacturers.
  • Insurance companies – High car theft rates means more claims against insurance companies, which in turn raise their premiums for consumers and fleet operators. Looking to avoid hassles and costs, a growing number of insurance companies are reluctant to insure theft-prone vehicle models.
  • Fleet operators – With insurance companies looking to avoid losses, many fleet operators are now self-insuring their vehicles and paying out-of-pocket for theft loss.

The impact of increased car theft on consumers was reflected in a recently published Deloitte 2025 Global Automotive Consumer Study. Consumers from Europe, Asia and the US were asked which vehicle connected services they were willing to pay extra for. Anti-theft tracking was among the most commonly cited services, with 49-88 percent of respondents saying they were “somewhat willing” or “very willing” to pay extra to protect their vehicles from theft.

Cyber-Enabled Car Theft Techniques

Car theft has been around since the invention of the automobile. The only thing that’s changed is the method used by the thieves. It’s safe to assume that as vehicle technologies continue to advance, so will the techniques used by car thieves to steal vehicles.

Examples of common techniques used today include:

  1. CAN injection attacks exploit vulnerabilities in a vehicle’s CAN bus to allow thieves to steal vehicles in under 30 seconds without physical break-in. Using ready-made hacking devices, available for purchase on the darknet, thieves can disable the immobilizer, unlock doors, start the engine and drive away with the vehicle. 
  2. Key Fob Cloning – This technique relies on acquiring the tablets that car makers use to reprogram key fobs (e.g., in the case where the owner lost the key). Thieves can easily find these devices on the black market and use them to gain access to a car’s network by connecting to a port on the dashboard or through the headlight. Once a device is synced to the car’s network, a thief can use commands to register their own key as if it’s a valid key and take control of the vehicle.
  3. Relay attacks – Typically conducted by a pair of attackers, each with a small handheld device. One is near the key fob (i.e., outside the owner’s garage) and the other is near the vehicle. The first device captures the key fob’s signal and relays it to the second device, which then transmits it to the car, tricking it into thinking the key is present. This allows the thieves to start the engine and drive off without physically possessing the key fob.

One of the reasons why cyber car theft is so prevalent is that none of these techniques requires technical or cyber expertise. The criminals simply buy a dedicated device on the web, learn how to connect it and the device does the rest.

How to Address the Problem

In countries where car theft is rampant, a great deal of effort has been invested in trying to recover vehicles. Many car owners and fleet operators use stolen vehicle recovery services (required by many insurance companies). However, what’s truly needed is a way to make vehicles more difficult to steal in the first place. 

We have seen that consumers are willing to pay for anti-theft protection. To meet market needs, any such solution should be built on three pillars:

  1. Detect – Detect vehicle theft attempts such as unauthorized vehicle network manipulation or unauthorized key fob registration.
  2. Prevent – Prevent vehicle theft by triggering a theft prevention action in real time (e.g., re-enable immobilizer that has been temporarily disabled by the attack, or block fake message coming across the CAN network). Effective prevention requires the ability to distinguish between a valid and invalid scenarios (e.g., reprogramming a new key) and prevent only the invalid ones.
  3. Future-Ready – Support new and emerging vehicle theft attack vectors via ongoing software updates. Today there are three main attack vectors, but tomorrow there will be a new technique. A vehicle produced today is going to be on the road on average for 10-15 years. Anti-theft protection solutions must be built with the infrastructure and tools to enable OTA security updates over the lifetime of the vehicle.

How To Protect Vehicles Already on the Road: The Need for Aftermarket Protection

To comply with new cybersecurity regulations and standards, such as UNR 155 and IS21434, vehicle manufacturers are developing their new vehicles with cyber security in mind. This includes secure coding, in-vehicle intrusion detection and prevention, and fleet protection (i.e., VSOC) capabilities. 

But when it comes to anti-theft protection, the industry is still playing catch-up. While OEMs would be glad to add anti-theft protection features (or services), this can’t be done retroactively. Let’s say the OEMs decide today to design new security measures to address the surge in car theft, it’s going to take a few years before these models hit the road. But how can they secure the millions of vehicles already on the road? 

When a known vulnerability is detected in a vehicle, the OEM can release a software update to the affected vehicles, but in practice they can never address every vulnerability in every vehicle. If they could, then there would be little or no cyber-enabled car theft. Not only that, with millions of cars on the road, it takes time to get the update out to the entire fleet. So what happens in the interim?

It is precisely this gap that has created a need for new aftermarket anti-theft protection services based on the pillars mentioned above. The magnitude of the car theft epidemic, as well as consumers’ willingness to pay for anti-theft protection, have created an opportunity  for new types of protection services focused on cyber-powered attacks.

How We Can Help

PlaxidityX vDome is an AI-powered anti-theft protection solution that proactively detects and neutralizes malicious theft attempts in less than 200 microseconds. vDome identifies unauthorized activities on the vehicle network that indicate an attempt to steal the car (e.g., electronic manipulations to unlock the doors and start the engine), and then triggers a theft prevention action in real time. vDome software has already been integrated into Vodafone Automotive’s anti theft solution.

Contact us to learn more about how vDome can help you protect vehicles from the latest cyber theft techniques.

Published: March 17th, 2025

Ready to See Plaxidityx in Action?

“We see cybersecurity as a differentiator of our market offering and believe our partnership with PlaxidityX complements our “Digital Shield” cybersecurity service offering, helping us to achieve our goal of becoming a leader in secure software and electronics.”

Oliver Huppenbauer
Global Cybersecurity Manager at Marquardt

“The partnership with PlaxidityX enables our OEM and Tier 1 customers to benefit from our new, high-performance Ajunic®️ platform without the security worries. By leveraging PlaxidityX’s automotive cyber security expertise and innovative IDPS product line, we will be able to deliver market-leading in-vehicle protection capabilities as an integral part of our software development stack.”

Georg Schwab
Managing Director of AVL Software and Functions

“We chose PlaxidityX based on its proven experience, knowledge, methodology, and expertise..PlaxidityX’s ability to complete and submit in an extremely short time with top quality results, was critical for meeting our business goals”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Emrah Duman
Ford Trucks Leader

“PlaxidityXs’ comprehensive suite of cyber security solutions and its outstanding array of strategic technological partnerships have contributed to the company’s leadership position”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Dorothy Amy
Industry Analyst, Business Strategy & Innovation, Mobility
Frost & Sullivan

“The partnership with PlaxidityX enables our customers to perform cybersecurity testing on our established test platforms ..We are excited to partner with a strong and experienced cybersecurity service provider such as PlaxidityX”

Dr. Herbert Schütte
Executive Vice President Real-Time Test & Development Solutions
dSPACE

“By combining PlaxidityX’s expertise in securing connected vehicles with Microsoft’s Azure AI capabilities, we have a unique opportunity to accelerate ‘shift left’ security innovations across the entire automotive sector..”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Dominik Wee
Corporate Vice President for Manufacturing and Mobility
Microsoft

“PlaxidityX is a key pillar of Continental’s SDV strategy, enabling Continental to implement a security-by-design approach. As automotive cyber security moves to the cloud, PlaxidityX’ cutting-edge technologies and proven VSOC capabilities position us advantageously to meet our customers’ future needs”

Gilles Mabire
Chief Technology Officer
Continental

Updates and insights

Press Releases

Deloitte Spain and PlaxidityX Join Forces to Deliver Transformative Automotive Cyber Security Solutions

Video

HIL and SIL-based Cybersecurity Testing Solution

Blog

The Auto Tech War: U.S. Ban on China and Russia Leaves Industry Scrambling

Learn how we bring peace of mind for millions of drivers