A surprisingly simple way to foil car thieves

July 17, 2023

Flicking lights or swiping wipers could one day add extra security to vehicles.

Car engine with Battery Sleuth authenticator installed. — An experimental prototype of the Battery Sleuth authenticator device installed in a vehicle. Image credit: Kang Shin

Skyrocketing vehicle theft rates in some U.S. cities have drawn attention to an inconvenient truth: the increasing amount of technology in our vehicles can make them increasingly vulnerable to hacking or theft.

Now, a solution that leverages perhaps the lowest-tech feature of today’s vehicles—the auxiliary power outlet, known to those of a certain age as the cigarette lighter—has been developed by a University of Michigan-led research team.

With a new $1.2 million dollar grant from the National Science Foundation, the team is set to begin large-scale testing of Battery Sleuth, a vehicle security system that can protect against sophisticated wireless hacking, old-school jimmying and everything in between.

Battery Sleuth bypasses both the wireless communication that key fobs depend on and the standardized onboard communication network that’s used in today’s vehicles. Instead, it authenticates drivers by measuring voltage fluctuations in a vehicle’s electrical system. Drivers interact with it through a keypad device plugged into the auxiliary power outlet.

“The great thing about the power outlet is its simplicity—it’s just a wire connected to the battery, so there’s nothing to hack,” said Kang Shin, the Kevin and Nancy O’Connor Professor of Computer Science at U-M and lead researcher on the project. “And creating voltage fluctuations with components like windshield wipers or door locks is even simpler.”

Car shifter and dashboard with prototype keypad installed underneath A/C controls. The devices consists of a numeric keyboard, circuit, and wires. — An experimental prototype of the Battery Sleuth code entry device installed in a vehicle. Image credit: Kang Shin.

Battery Sleuth delivers a predetermined series of voltage fluctuations—a sort of “voltage fingerprint”—to the car’s electrical system when the driver enters a numerical code into the keypad device. A receiver then recognizes this fingerprint and enables the vehicle to start. Drivers can also deliver the voltage fluctuation manually using auxiliary functions that draw battery power. They might perform some combination of flicking the windshield wipers, turn signal or headlights on and off, or locking and unlocking the doors.

Installed between a vehicle’s battery and the car’s electrical system, Battery Sleuth’s default mode allows the battery to deliver enough current to power systems like electronics and lights, but not enough to power the vehicle’s starter. Only when it detects the pre-set series of voltage fluctuations in the vehicle’s electrical system does it turn up the juice, allowing the battery’s full power through to the starter.

“The idea of measuring fluctuations in a car’s electrical system seems simple, but designing one device that can do it accurately on thousands of different vehicle models in varying environmental conditions gets quite complicated,” said Liang He, assistant professor of computer science and engineering at the University of Colorado, Denver and a researcher on the project. “We’re working to design a system that’s smart enough to measure the parameters of the vehicle it’s installed on and then customize itself to work effectively on that vehicle.”

Battery Sleuth also has defenses to guard against hacking or physical attacks on the device itself, including a siren that sounds if illegitimate activity is detected and a resistor that shuts down the vehicle’s electrical system if an unauthorized power source is connected to the vehicle. The system is designed to work as either an add-on to existing vehicles or a permanently installed component on new vehicles.

An experimental prototype of the Battery Sleuth authentication device and a diagram showing its installation. Image credit: Kang Shin

“Vehicle theft costs drivers and insurance companies more than $4 billion each year in the United States alone, and that’s partly because today’s vehicles use a hodge-podge of computer systems that were never designed to work together,” Shin said. “Each new layer of technology introduces new security vulnerabilities, and rather than try to patch each one, we’ve developed a system that works completely independently.”

In a field test study on eight vehicles published in July 2022, the researchers showed that a prototype of Battery Sleuth was more than 99.9% effective at detecting and preventing illegitimate activity without interfering with normal vehicle operation. The team plans to use the new grant to fund more extensive testing at U-M’s Mcity test facility. The next stage of the process will also explore expanding the system to enable it to control entry to the car, making it useful for applications like vehicle sharing.

At the end of the three-year project, the team aims to have a commercially viable prototype that can be scaled up to commercial production, first as a theft deterrent device, and potentially later as a complete vehicle entry and control system that could replace traditional keys and fobs.

The research was supported by the National Science Foundation Division of Computer and Network Systems under the Computer Science and Engineering Directorate, grant number 2245223.

This story was originally published by the University of Michigan News office.