Thieves Can Steal Modern Cars by Tapping Into a Headlight Wire
upstart writes:
As car security has advanced, the world of auto theft has quickly melded with the world of hacking. The advent of high-tech car keys means that hotwiring is out and methods like relay attacks are the new way to gain unauthorized access to a vehicle. Now, however, it seems that attackers have found a new way to entirely bypass the electronic security on modern cars: A method called CAN injection.
[...] The attack relies on a vehicle's CAN bus, the internal computer network that keeps everything running. If you've ever wondered how your car's engine, body control module, and all the little controllers scattered around the car all communicate, CAN bus is the answer. The system is universal in modern cars, and even aftermarket ECU manufacturers now build CAN integration into their products.
The attack method Tindell lays out relies on physical access to the car's CAN bus, meaning an attacker needs to get to the data wires that run through your car. By tapping into these wires, a thief can inject malicious commands into the network - allowing the thief to wake up the car's computer controllers, falsify the presence of the car key, and drive off. [...]
[...] This attack isn't the easiest to pull off, given that it requires a thief to partially disassemble the target car, but it's powerful when done correctly - entirely bypassing the car's key, unlike relay attacks that simply extend the key's radio range. Tindell lists multiple solutions that automakers can implement, most notably the "zero trust" approach - wherein every device, even within a car's internal CAN bus, needs to verify itself during any communication.
Read more of this story at SoylentNews.