CAN Injection: Keyless Car Theft Using Smart Key Receiver
As the car industry keeps growing, reshaping, and announcing more sophisticated tech systems, thieves are constantly looking for ingenious ways to keep up with the changes and meet their own ends. Today we are going to talk about the Controller Area Network injection attacks or CAN injection attacks and the related CAN injection car theft problem. In short, with the help of an apparently harmless portable speaker, thieves can hide a hacking device used to steal a car.
Our experts have compiled a comprehensive guide that will answer important questions like ”How do thieves steal keyless cars?” and “Can a keyless car be stolen with the CAN injector method?”. Without further ado, let’s get started.
What Is CAN Injection Keyless Car Theft?
CAN injection car theft is a creative car theft method that is also called headlight hacking. This is because the procedure is usually initiated at the vehicle’s headlight module, as this is the simplest way of getting hooked into the CAN bus system. The latter is the method by which a modern car’s numerous Electronic Control Units (ECUs) are interconnected and communicate with one another. These ECUs are responsible for a number of systems, including climate control, engine control, telematics, smart keys used to lock and unlock doors and start the engine, and, of course, the headlights. The ECUs are tied together through controller area network (CAN) buses.
Car thieves who are familiar with this CAN injection keyless car theft method do not need to concern themselves with finding clever ways to directly connect to the ECU responsible for the smart key system. All they need to do is reach this ECU using the wires that are tied to the headlight, provided both the smart key ECU and the headlight are part of the same CAN bus.
To execute a CAN injection attack, thieves need to use a special tool that is usually disguised as a Bluetooth speaker. The respective tool needs to be wired into the car’s control CAN bus. There, it will act like the car’s key fob and allow these property criminals to easily leave the premises with a stolen car.
These devices are usually sold on the black market for up to $5,500. They are advertised as emergency start kits or devices recommended to owners who have misplaced or lost their keys or to car locksmiths.
Which Cars Are Targeted by the CAN Injection Method?
Most current-generation vehicles like the Toyota RAV4 can fall victim to the CAN injection car theft attempts. Owners should know that the respective vulnerability is not limited to just one OEM or car model but it is rather a wider issue dispersed all throughout the industry at this time.
The largest part of a car’s CAN bus system is usually hidden inside the vehicle. However, today’s modern headlights are smart and they require a separate ECU to function. This automatically requires them to be wired into the vehicle’s CAN bus system.
When a thief manages to come across the right wires they need to tap into, they can easily use the previously mentioned theft device. Using the “play” button on the fake speaker, the injection tool will send the signal for the door ECU to unlock the car’s doors, similar to using a regular key fob. To turn on the car, the same button can be used, allowing the thief to rapidly drive away with the vehicle without needing to use the original key fob.
Why Has There Been a Rise in Keyless Car Thefts Recently?
For starters, specific vehicles that rely on keyless entry options may be more prone to fall victim to theft attempts. This is primarily because it is a lot easier to get access to the interior of these cars and start their engine with the help of a series of relay attacks. Some of the most recent car models in the industry, however, rely on ultra-wideband technology used to determine the distance a signal will travel from the key fob to the actual vehicle. Relay attacks are less likely to be successful when these cars are targeted since the vehicles themselves would automatically refuse to unlock the doors when they would identify too big of a distance.
Nonetheless, with the help of the right types of relay attacks including the CAN injection method applied on those vehicles that do not benefit from the ultra-wideband technology, thieves should not have a problem unlocking them without using force, the original key, or a copy.
Another argument that would explain the rising number of keyless vehicle theft is the fact that more and more drivers choose to leave the classic protection devices behind in a desire to keep up with smart technologies. This means steering wheel locks and other similar physical devices are gradually replaced by electronic protection methods. The latter, however, can easily fall victim to smart thieves who are constantly coming up with new ways of intercepting and manipulating electronic signals.
Official claims numbers for 2020-2022 have shown that keyless vehicles are twice as likely to be stolen compared to cars that do not use keyless systems. Keyless entry is also also the preferred access way for close to 40% of car thieves looking to break into a vehicle.
How Do I Prevent My Car From Being Stolen?
As a short-term solution, experts recommend software updates that would recognize the suspicious activity on the CAN bus systems sent out by these injection tools. A long-term solution would be a “Zero Trust” approach that would guarantee that all messages conveyed between ECU systems would be fully encrypted and authenticated with complex anti-spoof codes. ECUs should also carry secret keys specific to each vehicle to stop universal key extractors from being generated and used.
These actions would, of course, require the use of many resources, and car manufacturers are not yet willing to embrace the necessary changes. In the meanwhile, there are a few things car owners can do to make their vehicles less susceptible to theft.
-
place the car keys in a quality signal blocker pouch or box whenever they are not used
-
choose a Faraday pouch that can effectively block the signal of a key thanks to the top-tier protective material it is lined with
-
use a standard steering wheel lock as another excellent deterrent against CAN injection keyless car thieves