Thieves are now stealing cars via a headlight
Q REPORTS – A report from AutoBlog.com explains how car thieves have come up with another way to steal your car: Through “headlight hacking”.
It’s a bit more complicated than that, as it involves getting access to your car’s headlight module, as it offers thieves the easiest way to get hooked into a vehicle’s CAN bus system, the method by which the numerous ECUs throughout a modern vehicle communicate with each other.
Thieves are using this central nervous system to their advantage by executing an attack referred to as “CAN injection”, through the use of a tool (disguised as a JBL Bluetooth speaker and sold on the dark web) that when wired into a vehicle’s control CAN bus, can impersonate the vehicle’s key fob.
Vulnerability is not specific to any particular OEM or car make or model. Thieves are pulling bumpers and trim pieces away from a vehicle, which allows them access to the CAN bus near the headlight connector. Much of a vehicle’s CAN bus systems will be found hidden deep inside a car, but since modern headlights are so smart these days, they require their own ECUs, which means they’re going to be wired into the whole car’s CAN bus system.
The “play” button on the fake JBL speaker injection tool is programmed to instruct the door ECU to unlock the doors, as though you have the actual key to the car in your hand. You turn the vehicle on in a similar fashion, and a thief can simply drive away with your car without ever coming into contact with the vehicle’s actual key fob.
This is an industry-wide problem at the moment. There isn’t a great defense against this sort of theft. On the good news front, it takes time to rip off panels and so does wiring into the car, which takes uninterrupted time.
This method has not yet been seen in Costa Rica.
Read the complete story here at Autoblog.com.