A Toyota in the midst of a suspected CAN injection theft attack over several months. Photo by Ian Tabor/Twitter
Toronto, Ontario — Car hackers are evolving and they’re coming for your headlights—literally.
According to at least one security expert, car thieves have discovered a way to enter a vehicle’s internal computer network through the headlights, connecting the vehicle’s CAN bus system and creating a false duplicate of the vehicle FOB.
Loyal readers with a sense of déjà vu may recall that this line of attack is nearly identical to our previously reported FOB relay attack, with the wireless transmission of a real FOB’s signals being replaced by a hacker directly plugging into the vehicle via the headlights.
Ken Tindell, chief technical officer of Canis Automotive Labs details his investigation into what been dubbed the CAN injection keyless car theft, referencing photos taken by a friend venting on social media about an apparently vandalized car with the “front bumper and arch trim pulled off,” along with the “headlight wiring plug (which) had been yanked out.”
This progressed a few months later with the headlight being completely unplugged, followed by the car driving away a few days after.
Tindell explains this has become an emerging trend among car thieves, where the prospective hacker uses an emergency start system disguised as a Bluetooth speaker, plugs it into the vehicle’s headlights and programs the vehicle’s electronic control unit to open the door or begin driving.
Tindell elaborates that these systems are commercially available on the dark web, with brand-specific techniques being actively discussed on forums, hinting at the scale of this problem.
According to Autoblog, there are no immediate countermeasures against this type of attack. However, it does require the thief to remove body panels and gain access to the vehicle’s wiring, meaning that physically securing the vehicle might be the only option for now.
Finally, be careful if you notice tampering or damage to the trim and body panels around your headlights—it might be anything from vandalism to a planned theft in progress.
For Tindell’s technical deep-dive, click here.