Auto Thieves Have Now Figured Out How to Steal Cars Through the Headlights - Here's How They Do It
Technology-savvy thieves have come up with a new way to steal your car.
The theft involves hacking into the computer system of a modern vehicle through a car’s headlight module, according to MSN’s Autoblog.
That spot is chosen because going through the headlights is a simple way to gain entry to what is called the CAN bus system, which is how all the technology in a vehicle communicates.
The headlights are a target because, in the current configuration of vehicles, there is a connector from the headlights to the CAN bus (think of the CAN bus as the central nervous system of the vehicle).
If a thief can get access from the bumper, then the thief can tap into the wiring that connects the headlights to the main communication network and control the vehicle.
Ken Tindell, chief technical officer of Canis Automotive Labs, wrote about how the theft takes place in a blog post.
CAN Injection : keyless car theft : https://t.co/1z6l459dGX credits @kentindell @mintynet pic.twitter.com/P1zBXbll7r
— Binni Shah (@binitamshah) April 12, 2023
“Modern cars are protected against thefts by using a smart key that talks to the car and exchanges cryptographic messages so that the key proves to the car that it’s genuine,” he wrote.
“This messaging scheme is generally reckoned to be secure and can’t be broken without huge resources (of the type only a nation state has). But thieves don’t attack the hard part: they find a weakness and work around it,” he wrote.
Tindell noted that one of the more common ways to attack the system has been to essentially hack the key fob used for remote entry and starting. Publicity over that technique led to countermeasures from owners and car makers.
“Faced with this defeat but being unwilling to give up a lucrative activity, thieves moved to a new way around the security: by-passing the entire smart key system,” he wrote.
He said in this new technique, thieves “get into the car’s internal communication” and then “inject fake messages as if from the smart key receiver, essentially messages saying ‘Key validated, unlock immobilizer.’”
“In most cars on the road today, these internal messages aren’t protected: the receivers simply trust them,” he wrote.
Tindell said that a fake JBL speaker with about $10 in components is sold on the dark web and is able to perform the thievery.
As of now, Autoblog noted that the best defense is the time it takes to get into the wiring. A thief would need a private area to work without interruption.
Tindell said the problem can be solved, but not to expect a solution any time soon.
“[C]ar makers have learned over the years to act carefully when making changes to vehicle systems: what appears to be quick and simple often turns out to not be, and even a simple fix requires extensive testing to make sure there are no unintended consequences. So it will take some time to implement this,” he wrote.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.