In an era of increasing technological innovation, clever criminals have developed a novel technique to steal vehicles by exploiting their computer systems. According to a report on MSN’s Autoblog, these tech-savvy thieves are now targeting the headlight modules of modern vehicles to gain access to their Controller Area Network (CAN) bus systems, which serve as the vehicle’s central nervous system.
The headlight module is chosen as the point of entry due to its simplicity and direct connection to the CAN bus system. If the thief can access this connection from the bumper, they can infiltrate the vehicle’s communication network and take control. Ken Tindell, the chief technical officer of Canis Automotive Labs, discussed the intricacies of this theft method in a blog post.
Tindell explained that modern vehicles employ smart keys to ensure security. These keys communicate with the vehicle, exchanging cryptographic messages to authenticate their legitimacy. While this messaging system is generally secure and can only be compromised with substantial resources, thieves often search for a weaker point to exploit.
CAN Injection : keyless car theft : https://t.co/1z6l459dGX credits @kentindell @mintynet pic.twitter.com/P1zBXbll7r
— Binni Shah (@binitamshah) April 12, 2023
Previously, criminals would hack into the key fob used for remote entry and starting, but increased awareness and countermeasures from vehicle owners and manufacturers have rendered this method less effective. As a result, thieves have turned to a new approach, bypassing the entire smart key system. By infiltrating the vehicle’s internal communication network, they inject fake messages as if they were from the smart key receiver, essentially commanding the vehicle to “unlock immobilizer.”
According to Tindell, most vehicles on the road today do not have protected internal messages, making them vulnerable to this type of attack. A counterfeit JBL speaker containing roughly $10 in components, available for purchase on the dark web, is all that is needed to carry out the theft.
Autoblog pointed out that the most effective defense against this method is the time required for thieves to access the wiring. A secluded area where the criminal can work undisturbed is necessary for the attack to be successful.
Although Tindell acknowledged that this security issue can be resolved, he cautioned against expecting a swift solution. Vehicle manufacturers have learned to proceed cautiously when making changes to vehicle systems, as seemingly simple fixes often prove more complex than anticipated. Additionally, extensive testing is required to ensure that there are no unintended consequences from the changes. As such, it may take some time before this particular vulnerability is fully addressed.
WATCH the video below for more details:
Sources: TheWesternJournal, Autoblog