Hackers are now injecting code into the Electronic Control Unit (ECU) of cars, including headlight wiring, enabling criminals to gain keyless vehicle access.
Ian Tabor, a cybersecurity researcher specializing in automobiles, discovered the new Controller Area Network (CAN) injection attack technique while investigating how his Toyota RAV4 was stolen. His findings were detailed by Ken Tindell, CTO of Canis Automotive Labs, in an April 3 blog post. Tabor’s car was stolen after criminals hacked into the vehicle’s system using a device plugged into a wiring harness behind the headlights, enabling them to unlock the car and drive it away.