Thieves Can Steal Modern Cars By Tapping Into a Headlight Wire

As car security has advanced, the world of auto theft has quickly melded with the world of hacking. The advent of high-tech car keys means that hotwiring is out and methods like relay attacks are the new way to gain unauthorized access to a vehicle. Now, however, it seems that attackers have found a new way to entirely bypass the electronic security on modern cars: A method called CAN injection.

What Car Should You Buy: Moddable Cargo-Hauler Edition

The method is detailed in a blog post by Ken Tindell, CTO of automotive cybersecurity company Canis Automotive Labs. Tindell’s friend, Ian Tabor, had a nearly new Toyota Rav4 stolen last year using this novel exploit — now, Tindell has documented exactly how it works.

In case you missed it:

The attack relies on a vehicle’s CAN bus, the internal computer network that keeps everything running. If you’ve ever wondered how your car’s engine, body control module, and all the little controllers scattered around the car all communicate, CAN bus is the answer. The system is universal in modern cars, and even aftermarket ECU manufacturers now build CAN integration into their products.

G/O Media may get a commission

HEALTHIER HAIR

Augustinus Bader Hair Revitalizing Complex

Improve your hair today
The Hair Revitalizing Complex was tested via double blind trial to compare those taking it to those on a placebo. Those on the supplement were found to have increased their hair count by 56%, hair shine by 100%, and a 98% reduction in hair damage when compared to those taking the placebo. If these are the results you’re looking for, you can get a one-month supply (30 days) for just $130.

The attack method Tindell lays out relies on physical access to the car’s CAN bus, meaning an attacker needs to get to the data wires that run through your car. By tapping into these wires, a thief can inject malicious commands into the network — allowing the thief to wake up the car’s computer controllers, falsify the presence of the car key, and drive off. And as Tindell points out, getting access to these data wires can be as simple as yanking out a car’s headlight — since modern high-tech headlights now communicate with all the other electronic controllers in a car.

As Tindell explains, for certain car models, thieves can even turn to the dark web to buy modified Bluetooth speakers filled with hardware that can inject malicious messages into a car’s CAN bus network, instructing the car to unlock the doors even when the key is nowhere nearby. To an outside observer, this device would just look like an ordinary portable speaker. The video below shows just such a theft unfolding.

Toyota RAV4 2021 – stolen in less than two minutes

This attack isn’t the easiest to pull off, given that it requires a thief to partially disassemble the target car, but it’s powerful when done correctly — entirely bypassing the car’s key, unlike relay attacks that simply extend the key’s radio range. Tindell lists multiple solutions that automakers can implement, most notably the “zero trust” approach — wherein every device, even within a car’s internal CAN bus, needs to verify itself during any communication.

Zero trust would effectively stop these kids of attacks, but it would require a new commitment to security from automakers. As those companies continue to add new tech to cars, we can only hope they’ll start keeping up with securing it.

Check out Tindell’s full explanation of this vehicle vulnerability here. It’s an incredibly technical write-up, but Tindell does a great job of breaking it down so anybody can understand it.