Clever car thieves have devised a new method to hijack your vehicle.
According to MSN’s Autoblog, the theft entails hacking into the computer system of a modern vehicle through the headlight module.
This location is chosen because traveling through the headlights is an easy way to access the CAN bus system, which is how all the vehicle’s technology communicates.
In the current configuration of vehicles, there is a connector from the headlamps to the CAN bus (think of the CAN bus as the vehicle’s central nervous system).
If a thief can gain access from the bumper, they can control the vehicle by tapping into the cabling that connects the headlights to the main communication network.
In a blog post, Ken Tindell, chief technical officer of Canis Automotive Labs, described how the larceny occurs.
CAN Injection : keyless car theft : https://t.co/1z6l459dGX credits @kentindell @mintynet pic.twitter.com/P1zBXbll7r
— Binni Shah (@binitamshah) April 12, 2023
“Modern cars are protected against thefts by using a smart key that talks to the car and exchanges cryptographic messages so that the key proves to the car that it’s genuine,” he wrote.
“This messaging scheme is generally reckoned to be secure and can’t be broken without huge resources (of the type only a nation state has). But thieves don’t attack the hard part: they find a weakness and work around it,” he wrote.
Tindell noted that one of the more prevalent methods of attacking the system has been to essentially hack the remote entry and initiating key fob. The publicity surrounding this technique prompted proprietors and automobile manufacturers to implement countermeasures.
“Faced with this defeat but being unwilling to give up a lucrative activity, thieves moved to a new way around the security: by-passing the entire smart key system,” he wrote.
He said in this new technique, thieves “get into the car’s internal communication” and then “inject fake messages as if from the smart key receiver, essentially messages saying ‘Key validated, unlock immobilizer.’”
“In most cars on the road today, these internal messages aren’t protected: the receivers simply trust them,” he wrote.
Tindell stated that a counterfeit JBL speaker with approximately $10 worth of components is sold on the dark web and is capable of committing theft.
According to Autoblog, the greatest defense is currently the time required to access the wiring. A thief would require a place to operate in solitude and without interruption.
Tindell said the problem can be solved, but not to expect a solution any time soon.
More on this story via The Western Journal:
