Because of advancements in vehicle security, the realm of car theft has become increasingly intertwined with that of computer hacking. Because of the proliferation of high-tech automobile keys, hotwiring is no longer a viable method for gaining unauthorized entry to a vehicle. Instead, relay attacks have become the method of choice. A technique known as CAN injection appears to be the latest method that attackers are using to completely sidestep the electronic protections that are installed in contemporary automobiles.
A blog article written by Ken Tindell, the Chief Technology Officer of the automotive cybersecurity startup Canis Automotive Laboratories, provides further explanation of the process. Tindell’s friend Ian Tabor had a fairly new Toyota Rav4 stolen using this novel exploit a year ago; now, Tindell has detailed exactly how it operates and provided step-by-step instructions.
The CAN bus, which is a vehicle’s internal computer network that ensures everything stays operational, is targeted in this attack. CAN bus is the solution to the question “How do my car’s engine, body control module, and all the other small controllers strewn about the car all communicate with one another?” that you may have asked yourself at some point. The technology is standard in all contemporary automobiles, and even aftermarket ECU makers are starting to incorporate CAN integration into their systems.
Tindell’s strategy for attacking a vehicle focuses on gaining physical access to the vehicle’s CAN bus. This means that an attacker needs to gain access to the data wires that are routed throughout the vehicle. By tapping into these lines, a thief is able to insert malicious commands into the network, which gives the burglar the ability to wake up the car’s computer controllers, falsify the existence of the car key, and drive away with the vehicle. And as Tindell points out, gaining access to these data lines can be as easy as taking off the headlight of a vehicle. This is because contemporary high-tech headlamps now connect with all of the other electronic controls in a vehicle.
According to Tindell, thieves can even use the dark web to purchase modified Bluetooth speakers equipped with circuitry that can inject malicious signals into a car’s CAN bus network. These messages tell the car to unlock the doors even though the key is nowhere in the vicinity of the vehicle. This device seems to be nothing more than a typical portable speaker to anyone looking in from the outside. The heist that is depicted in the video may be found below.
This assault is not the easiest to pull off, given that it takes a thief to partially disassemble the target vehicle, but it is effective when carried out correctly, completely bypassing the vehicle’s key, in contrast, to relay attacks, which just expands the key’s radio range. Tindell outlines a number of potential solutions that car manufacturers can put into action, the most prominent of which is the “zero trust” approach. This method requires every device, including those that are part of a car’s internal CAN bus, to validate itself prior to engaging in any form of communication.
Zero trust would effectively prohibit these types of assaults, but it would need automakers to make a new commitment to security. We can only hope that those firms will begin to stay up with safeguarding the technology as they continue to add new technology to automobiles.
Below is the whole explanation that Tindell has provided regarding the vulnerability of this vehicle. Tindell does a fantastic job at simplifying the information so that even a layperson can grasp it, despite the fact that the write-up itself is extremely technical.