Modern vehicles come with cutting-edge security features that are intended to prevent theft. But according to a recent report, even the most advanced anti-theft safeguards can be evaded by connecting to a headlight wire. A method called CAN injection.
The headlight module of your car is where this keyless auto theft method starts, however, thieves only choose this point of entry since it gives them the simplest access to a car’s CAN bus system. If you’re wondering what a CAN bus system is, it’s the internal computer network that keeps everything running. It’s basically numerous ECUs throughout a modern vehicle that communicate with each other.
Thieves gain access to the CAN bus near the headlight connector by removing bumpers and trim pieces from a car. This allows them to get to the data wires that run through your car. Once inside, they can simply inject commands and disable the alarm system. This allows them to start the engine and drive away without triggering any alarms or alerts.
CTO of automotive cybersecurity company Canis Automotive Labs, Dr Ken Tindell explained how his friend, Ian Tabor, had a nearly new Toyota RAV4 stolen last year using this method. According to Tindell’s explanation, a tool has been developed, disguised as a JBL Bluetooth speaker and sold on the dark web that when wired into a vehicle’s control CAN bus, can impersonate the vehicle’s key fob.
There is a ‘Play’ button on the JBL Bluetooth speaker case, and this is wired into a chip. When this button is pressed, there is a burst of CAN messages. These CAN messages contain a ‘smart key is valid’ signal, and the gateway will relay this to the engine management ECU on the other bus.
There is an extra circuit that comes into play and it changes the way a CAN bus operates so that other ECUs on that bus cannot talk. Therefore, allowing the theft tool to do what it was designed to do.
The implications of this vulnerability are significant. Not only does it expose car owners to theft, but it also raises questions about the effectiveness of modern security systems. It is clear that manufacturers need to take steps to address this issue and improve their anti-theft measures.
Modern cars may have a lot to offer in terms of convenience and safety, but they are not immune to theft. Vehicle owners should invest in extra security that is currently available in the market such as a device that will not allow the engine to start unless the key has the correct chip. The chip has specialised coding specifically for the vehicle, so the engine will only start if the code matches what is registered in the chassis.