Dustin Decker

Vehicle Controller Area Network Attacks

Vice is running an interesting article on Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers. They detail the weaponization of theft with European hackers selling some twenty-dollars-worth of components in a unit for anywhere between a few hundred dollars to a few thousand.

This allows folks with essentially no prior knowledge of the CAN network to break into and even steal a vehicle.

I wrote about this elsewhere last year comparing the estimated 50 million lines of code that Windows 11 is purported to be derived from, contrasted to the 300+ million lines of code in my own 2018 Toyota Tacoma. Your vehicle operates a “real time” operating system, checking millions of sensor inputs per second, evaluating safety constraints and determining if emergency braking is necessary, etc. Presently there doesn’t appear to be any form of cryptographic signing going on “under the hood” (pun intended) so thieves are really just convincing the CAN that it’s receiving bonafide signals from a key fob.

At present these hacks require PHYSICAL ACCESS to the vehicle. In time, this will likely evolve into full blown wireless attacks as well.

Should you be worried? That’s a difficult question to answer. It depends on your vehicle, its vulnerabilities, and whether or not that make/model has been reverse engineered far enough for folks with nefarious intent to profit from it. A “dangling headlamp” will develop into a new sensational issue within our zeitgeist as time progresses.

Car Thief