Thieves can use CAN injection attacks to steal a variety of car models by hacking into their devices.
A disturbing new attack method that allows thieves to steal cars of various models has been revealed by automotive cybersecurity experts Ian Tabor of the EDAG Group and Ken Tindell, CTO of Canis Automotive Labs. This attack method, called CAN injection, was discovered when Tabor had his 2021 Toyota RAV4 stolen last year.
The investigation conducted by Tabor showed that a special hacking device was likely used to unlock the vehicle and drive away. These devices can be bought for up to €5,000 ($5,500) on dark web sites and are often advertised as ‘emergency start’ devices for vehicle owners who have lost their keys or automotive locksmiths. The electronics responsible for hacking the vehicle can be hidden inside a Bluetooth speaker case.
CAN injection attacks involve connecting the hacking device to wires connected to an electronic control unit (ECU) responsible for the vehicle’s smart key. The attacker sends a specially crafted CAN message that tells the smart key receiver ECU that the key is validated and another CAN message to the door ECU to unlock the door, allowing the thieves to get in the car and drive away.
The researchers analyzed diagnostics data from Tabor’s stolen RAV4 and such a CAN injection device in an effort to see how they work. They found that similar hacking devices offered for sale to car thieves target many brands, including BMW, GMC, Cadillac, Chrysler, Ford, Honda, Jaguar, Jeep, Maserati, Nissan, Peugeot, Renault, and Volkswagen.
The researchers reported their findings to Toyota, but without much success due to the fact that it’s not an actual vulnerability disclosure. On the other hand, they believe all vehicle makers should read their report and take action to prevent CAN injection attacks. The report made public this week contains some recommendations that can be applied by manufacturers to prevent these types of attacks.
Key Points:
- Automotive cybersecurity experts Ian Tabor and Ken Tindell discovered a new attack method, CAN injection, that allows thieves to steal cars of various models.
- The attack is conducted by connecting a special hacking device to wires connected to an electronic control unit (ECU) responsible for the vehicle’s smart key.
- The device can be acquired on dark web sites for up to €5,000 ($5,500) and is often advertised as an ‘emergency start’ device for vehicle owners who have lost their keys or automotive locksmiths.
- The researchers found that similar hacking devices target many brands, including BMW, GMC, Cadillac, Chrysler, Ford, Honda, Jaguar, Jeep, Maserati, Nissan, Peugeot, Renault, and Volkswagen.
- The report made public this week contains some recommendations that can be applied by manufacturers to prevent these types of attacks.