Thieves are now stealing cars via a headlight 'CAN injection'
Car thieves have come up with yet another way to steal your car, and this one is rather creative.
Going to need headlight locks.
- Thread starter swampdodo
- Start date
Sorry, didn't know this is a repost...
There’s a new form of keyless car theft that works in under 2 minutes
A much more higher tech method of stealing late model vehicles. "When a London man discovered the front left-side bumper of his Toyota RAV4 torn off and the headlight partially dismantled not once but twice in three months last year, he suspected the acts were senseless vandalism. When the...
bobistheoilguy.com
What about the jerks that buy stolen goods? They are just as responsible.
This should have been thought of by car designers. Two near zero cost measures could be:
* End to end encryption between the key fob and the PCM. Everything on the Internet is considered vulnerable to malicious injection and man-in the middle attack, so applications use end to end encryption. Fob data is already encrypted on the radio, but they made the mistake of decrypting it before it reached a secure destination.
* CAN firewalls or separate buses for wiring in insecure areas of the car. In buildings such as libraries where Ethernet cables are exposed to be potentially attached to malicious devices, that segment of a network is considered a DMZ. This could be as simple as isolating peripheral parts of the CAN bus until after the car has been unlocked and started.
* End to end encryption between the key fob and the PCM. Everything on the Internet is considered vulnerable to malicious injection and man-in the middle attack, so applications use end to end encryption. Fob data is already encrypted on the radio, but they made the mistake of decrypting it before it reached a secure destination.
* CAN firewalls or separate buses for wiring in insecure areas of the car. In buildings such as libraries where Ethernet cables are exposed to be potentially attached to malicious devices, that segment of a network is considered a DMZ. This could be as simple as isolating peripheral parts of the CAN bus until after the car has been unlocked and started.
Last edited:
If car mfg tighten security measures in CANBUS (again), would it post a new challenge on fixing your own vehicle? If every command is encrypted, what are we going to do for things like releasing electronic parking brake or resetting ECU learning through OBD port? 
They could find some way to disable all that until the car is "on".If car mfg tighten security measures in CANBUS (again), would it post a new challenge on fixing your own vehicle? If every command is encrypted, what are we going to do for things like releasing electronic parking brake or resetting ECU learning through OBD port?
Few days ago, I posted a video of Chrysler security module. In case you miss it.
With out knowing the Topology of the modules, I wonder weather this actually works.
With out knowing the Topology of the modules, I wonder weather this actually works.
The folks who love ebay on bitog might be unaware that some chance item is
.or paid for with stolen CC numbers then put on ebayThe folks who love ebay on bitog might be unaware that some chance item is
dnewton3
Staff member
Similar threads
- Locked
