Posted on April 10, 2023 at 8:30 PM
Hackers are using a dark web tool to access cars’ communication system
The world of technology is in constant war with cybercriminals, who keep finding new ways to misuse some of the most impressive technological achievements. Now that communication systems are a major part of modern cars, hackers have also started targeting vehicles.
Of course, security researchers and car manufacturers are constantly trying to improve the security of today’s heavily computerized cars, but unfortunately, hackers keep finding new ways to bypass defenses and send the researchers back to the drawing board.
Recent reports have highlighted another such case, where car thieves managed to find a rather sophisticated way of snatching cars off the streets. The new method was named headlight hacking, so those using it are similarly called Headlight Hackers.
Apparently, the new method involves accessing the Controller Area Network (CAN), which is a system that allows devices within the vehicle to communicate with one another in real-time.
The first recorded incident of headlight hacking
An automotive cybersecurity researcher, Ian Tabor was among the first to notice this trend. He originally started tracking it last spring, so the method might not be that new, after all. According to him, he woke up one morning to find the front bumper of his Toyota RAV4 missing while the headlight wiring plug was pulled out. He also found screwdriver marks indicating that someone intentionally vandalized his vehicle.
About three months after the initial incident, he also found that someone had pulled the bumper away during the night, and they unplugged the headlight on the driver’s side of the car.
Only three days after that, the unknown individual who has been coming back to his car finally finished the deed, successfully stealing Tabor’s Toyota RAV4 from the curb in front of his home.
He posted n Twitter that he understood what the car thief was trying this whole time, since his car is gone now. After checking Toyota’s app, he found the vehicle was in motion.
But the vandalism did not stop there, as shortly after, his neighbor lost his Land Cruiser in a similar way. Since Tabor is a security researcher, he started digging into both thefts. Since both were modern cars, they had advanced security systems that should have stopped the thief from snatching them. However, it would appear that the thief managed to find a way to circumvent the security, and take off with the cars anyway.
How did the thief do it?
Following all that, last week, Dr. Ken Tindell, CAN bus security expert, documented Tabor’s entire investigation. The results have revealed that the thief or thieves managed to identify the headlight module as an entry point into the car’s CAN bus system.
They managed to wire in a tool that is sold on the dark web, disguised as a Bluetooth speaker, which allowed them to mimic the car’s key fob. When they pressed Play on the device, it would instruct the car’s door electronic control unit (ECU) to unlock. After that, stealing the vehicle is simple, and the thieves most likely used this same system on both cars.
Furthermore, since most newer cars have a similar remote start function, the fake speaker can even be used to start the ignition. The flaw lies with the CAN bus, which interprets each command as one that comes from a key fob. In other words, the security system cannot tell the difference, and so it doesn’t raise the alarm.
It is also worth noting that headlight hacking is not only a problem when it comes to Toyota cars. In fact, most cars’ headlights have their own ECUs now, which means that they are all vulnerable to the same approach, which only requires minor vandalism.
The method is sophisticated, but it has a weak spot — it takes time to access a vehicle this way and involves a special tool. A car thief will likely have neither at their disposal in most situations. Parking a car in a secured area, or one where there is constant heavy traffic, will likely discourage anyone from stealing it by using this method.
