The relationship between thieves and security features can be viewed as a never-ending competition. This is because as security measures become more advanced and sophisticated, thieves also become more sophisticated in their methods of breaking in.
For example, when banks started using safes, thieves began using dynamite or other explosives to break into them. When banks implemented electronic security features, thieves began to use hacking techniques to bypass them. As a result, new security features are constantly being developed to keep up with the evolving tactics of criminals.
Despite this competition, it’s important to acknowledge that security measures do make a difference. They can deter some thieves and make it more difficult for others to successfully commit a crime. In the end, the ultimate goal is to make it as difficult as possible for thieves to break in and to keep people and their property safe, even if that requires continued efforts.
That having been said, sometimes a new vulnerability comes out of left field and catches those charged with protecting things by surprise. This month, it’s thieves stealing cars by opening up the headlights.
This method of theft involves tapping into a vehicle’s CAN bus system, which is referred to as “headlight hacking.”
The process begins with the thief gaining access to the headlight wiring. This can be done by ripping off bumpers or headlights, or in some cases simply plugging directly into the wiring. Once they have access to the wiring, they use a rather expensive device purchased on the Dark Web to fool the electronic sensors and unlock the car.
As The Drive points out, one researcher discovered that the costly device consisted of only $10 worth of components, but the real value (at least to thieves) comes from the software. The device’s programming was created to inject fraudulent messages into the legitimate CAN Bus network of the car. The bogus messages deceived the vehicle into believing that an authorized key was present, which convinced the CAN Gateway to let the messages through, instructing the car to deactivate its immobilizer, unlock its doors, and permit the thieves to drive away without any further work or breaking things.
Once inside the vehicle, they can then use their device to start the engine without needing any keys. This means that even if you have an alarm system or other anti-theft measures in place, your car could still be vulnerable to this type of theft, because the thieves gain control of all such systems before they ever get into the car.
One popular way lawmakers and law enforcement have for dealing with this is bans on burglary and theft tools. If a suspected thief gets caught with one of these gizmos, they can be put away without the police needing to catch them in the act. The sellers of such devices already thought of this, and disguise these hacking tools by putting them in the shells of other electronic devices, like a portable bluetooth speaker.
Sadly, there’s not a lot you can do to stop this kind of attack. Low-tech solutions like a wheel immobilizer, tracking devices, and simply parking the car in a garage or gated driveway (if possible) are about all that can be done for now.
Automotive manufacturers could solve this problem by encrypting the CAN network to keep unauthorized devices from inserting malicious messages, but that doesn’t help vehicles already on the road. Encrypting CAN also makes life a lot harder for independent repair shops and owners who want to conduct DIY repairs in the future, so this might not be a great solution, either.
Why Even Have Network Wiring In Headlights?
Even modern LED bulbs need just one thing to operate: 12-volt power. So, it may seem silly that automakers are going through the extra expense to put data cabling all over the car when old vehicles just had wires going from the fusebox to a switch to the headlights.
As Motor Magazine explains, that kind of headlight wiring had problems. A floor-mounted switch that carried the full current of the high beams was a common failure point due to salt and moisture from the road. It was also expensive to run thicker wires through the car and in many cases left too much of the vehicle’s lighting with a single point of failure.
One solution to this came from relays. A relay has very small wires that go to the switch and stalk in the car that activate larger and shorter wires under the hood. When done right, this made for a more reliable system.
Computerized automotive wiring was the next step. For many things in the vehicle, it makes more sense to have simple control wiring instead of a big rats’ nest of wires under the hood for every single device. So, while it may seem more complex, having CAN bus networking wires run to the headlights can be cheaper, less complex, and easier to maintain/repair than old electric-only wiring systems for headlights. Having a headlight controller on the network also allows for cool features like automatic lights, automatic high beams, and other smart lighting features that will continue to come out.
So, it really doesn’t make sense for automakers to just go “old school” and go back to simple direct 12v headlight and tail light wiring.
Physical Security Is Always King
The sad truth is that technological fixes will only be defeated in the future. Authenticating CAN messages, increasing network security, and even encrypting the whole system will only keep thieves out until they find a way around those software barriers. It’s only a matter of time.
Instead, I think automakers and people concerned about this mode of car theft should instead be looking at keeping thieves away from the wiring to begin with, or at least make it take so long to get at the wires that it becomes too risky (because police or someone with a cell phone will eventually come along and see what they’re doing).
There are several ways to do this. Routing wires so that they aren’t accessible without an open hood (and an accompanying alarm) is probably one good option. Thieves shouldn’t be able to pull a bumper back and get direct access to wiring. When that’s not practical, using a steel outer jacket on easier to access wires (stainless steel wire loom) can keep thieves from getting a knife or strippers to the wiring so quickly.
No matter how advanced thieves get with software, denying them access to the hardware can keep them from ever getting a chance.
Image by CleanTechnica.
Sign up for daily news updates from CleanTechnica on email. Or follow us on Google News!
Have a tip for CleanTechnica, want to advertise, or want to suggest a guest for our CleanTech Talk podcast? Contact us here.
Former Tesla Battery Expert Leading Lyten Into New Lithium-Sulfur Battery Era — Podcast:
I don't like paywalls. You don't like paywalls. Who likes paywalls? Here at CleanTechnica, we implemented a limited paywall for a while, but it always felt wrong — and it was always tough to decide what we should put behind there. In theory, your most exclusive and best content goes behind a paywall. But then fewer people read it! We just don't like paywalls, and so we've decided to ditch ours. Unfortunately, the media business is still a tough, cut-throat business with tiny margins. It's a never-ending Olympic challenge to stay above water or even perhaps — gasp — grow. So ...