Injecting Malicious Code via Headlight Wires

Hotwiring is ancient. Instead, relay attacks are being used to steal cars. But there’s a new method to bypass electronic security on modern cars. Have you heard of CAN injection?

A modern vehicle has a CAN bus. It is an internal computer network, which keeps everything running. This network ensures that all parts of the car communicate. It is universal in newer car models.

Accessing CAN Bus

Hackers need to access the car’s CAN bus. In other words, they must have access to the data wires running through a car.

As they tap into these wires, they can inject malicious codes into the network. This will result in waking up your car’s computer controllers. They can also simulate car key presence so they can drive your car.

Accessing the data wires is the key here. Fortunately for hackers, it is easy. They simply need to yank out the vehicle’s headlight. Modern high-tech headlights communicate with other electronic controllers in a vehicle.

Thieves can buy modified Bluetooth speakers that come with hardware so they can inject malicious messages into a vehicle’s CAN bus network. When that happens, they can instruct the car to just unlock the doors even without the keys. This speaker looks like an ordinary speaker.

Not the Easiest Attack

In addition to being tech-savvy, the thieves must also know how to partially disassemble the car they want to steal. However, if they know how to perform it correctly, they can easily bypass the car’s key.

“The way CAN Injection works is to get into the car’s internal communication (i.e. the CAN bus) and inject fake messages as if from the smart key receiver, essentially messages saying “Key validated, unlock immobilizer.”

How to Prevent It from Happening to Your Car?

This type of attack can be prevented. One is to encrypt the CAN Bus network. As this post explains, “This uses encryption and authentication codes to protect CAN frames so that the CAN Injector cannot create valid spoof frames. If implemented properly, this is a permanent fix. But it requires some effort (more on that shortly).”

Thieves are indeed getting smarter. They utilize sophisticated hacking techniques to gain access to a car’s electronic system. They can easily take control of your car’s functions, including unlocking the doors and starting the engine.

You could keep your car software up-to-date. Cars have software updates that fix any security vulnerabilities. You can ensure that your car is protected against the latest threats. But it is not always a guarantee.

Thus, whenever possible, make sure to park your car in a secure location, such as a garage or a well-lit area. It makes it more difficult for thieves to access your car and use the headlight wire to steal it.

Thieves have already exploited the vulnerabilities of the CAN bus. In that case, it is already a huge issue. This may continue and grow in popularity. And some people say to just invest in a low-tech car. It is easier to repair and maintain. Plus, there are no apps or software overkill.

