LIGHTHOUSE HACKERS – Criminals denote a certain inventiveness and the ‘novelty’ we are talking about is a clear demonstration of this. It is an advanced technique that exploits an essential element of vehicles: the CAN-Bus, i.e. the data network which is the car’s ‘nervous system’. The complexity of current vehicles has in fact also led to the headlights, a position in which it is relatively easy to reach for ‘inject’ a signal which simulates the presence of the key. At that point you can unlock the doors, enter and, with the same system, start the engine and leave with the vehicle. Some stranger hacker developed a dedicated circuit and ironically put it into an otherwise innocuous JBL Bluetooth speaker; everything is available, in various versions dedicated to the various brands and models, in the infamous Dark Web.
AN ESSENTIAL AND VULNERABLE NETWORK – It should be noted that this vulnerability it is not specific to a particular car manufacturer or model but is related to an entire sector. Let’s go back in time: the electrical system of cars has evolved a lot because, around the mid-1980s, it had become so complicated that it was no longer manageable with the classic wires and switches. The Controller Area Network, the standard of which was made official in 1986, separates the control from the power supply: for example, to turn on the heated rear window, a coded signal is sent to the CAN-Bus which contains the information “rear heated window on”. The code is accepted only by a dedicated control unit which activates the heated rear window: the advantage is that this data network reaches everywhere with thin and light cables while the 12 volt power supply can be brought locally without having to go through a switch. which is perhaps a couple of meters away from the electric user.
NOW MUSIC? NO, THEFT! – In an article by Ken Tindell, the CTO of the Canis Automotive Labs company, he explains, together with the computer security researcher in the automotive sector Ian Tabor, the mechanism devised by the thieves. After unhooking the bumper and mudguard, the criminals manage to access the CAN-Bus cables arriving at the headlight connector in a fairly accessible position. Until a few years ago most of the CAN-Bus wires were placed deep inside the car, but today’s headlights are so ‘intelligent’ that they require dedicated control units and therefore CAN-Bus wiring. Once the bus wires have been identified, connect the device and press the “play” button: the CAN Injector is scheduled for simulate the presence of the real key of the car and then the door control unit will unlock them.
THE KEY THAT ISN’T THERE – With the same procedure the engine is started and therefore the thief can simply drive away with the car without ever coming into contact with the official vehicle key. The CAN Injection therefore has a radically different approach compared to the ‘cloning’ of keys, which under favorable conditions allows a car to be stolen in a few seconds (find out more here). Fraudulent use of the CAN-Bus does not seem easily countered but a “Zero Trust” approach to CAN-Bus systems is believed to be an effective way to go although it is not easy to implement. It’s about encrypt all ‘messages’ traveling from one control unit to another and also the control units should have encryption keys as well as every single car example: in this way the fraudulent CAN Injector signals would not be considered valid. An effective solution, but one that would require a lot of time and effort on the part of vehicle manufacturers. In any case, putting CAN Injection into practice requires a lot of time because it is necessary to remove various parts of the car and then find the right wiring and this will limit the diffusion of this theft method.