It’s “headlight hacking,” warns Dr. Ken Tyndall of Canis Automotive Labs
Car thieves have come up with yet another way to steal your car, and it’s pretty creative. We’ll call it “headlight hacking,” but as Dr. Ken Tyndall of Canis Automotive Labs describes the method, it’s a lot more complicated.
This keyless car theft method starts at your car’s headlight unit, but the only reason thieves choose this break-in point is because it offers them the easiest way to hook into the so-called. Vehicle CAN system.
For those who are not familiar, the CAN bus system of the vehicle, in short we will say that it is a system through which the various ECUs in a modern vehicle communicate with all the electronics in the car. Or in other words, an automotive bus developed by Bosch that allows microcontrollers and devices to communicate with each other in a vehicle without a host computer. Thieves use this “central nervous system” to their advantage by performing an attack called “CAN injection”.
Someone has developed a tool (disguised as a JBL Bluetooth speaker and sold on the dark web) that when connected to the vehicle’s control CAN bus and can mimic the vehicle’s key. The vehicle that Dr. Ken Tyndall uses as an example is a current generation Toyota RAV4, but it’s vital to note that this vulnerability is not specific to a particular model – it’s an industry-wide problem at the moment.
Thieves pull bumpers and trim from a vehicle, allowing them access to the CAN bus near the headlight connector. Much of a vehicle’s CAN bus systems will be found hidden deep inside the car, but because modern headlights are so smart these days, they require their own ECUs, meaning they too are connected to the car’s entire electronic system .
Once thieves find the right cables to plug into, the theft device does the work for them. A simple “play” button on the fake instrument disguised as a JBL speaker is programmed to instruct the ECU to unlock the doors as if you had the real car key in your hand. You turn on the car in a similar way and the thief can just drive off with your car without ever coming into contact with the actual car key.
As of this writing, there is no good protection against this type of theft. The initial fix that Dr. Ken Tyndall is offering to automakers is a software update that recognizes the type of CAN systems activity that this tool is sending. This may hamper the tool in the short term, but Lindell believes thieves will find a way around it in the long term.
Follow the latest news with BLITZ and on Telegram. Join the channel here