Thieves are now stealing cars via Headlight Hacking, CAN (Controller Area Network) injection

Wagoner County Sheriff Chris Elliott wanted to pass on some important information about how thieves are coming up with new ways to drive off with your vehicle, and this one is rather creative.

The method of Headlight hacking or (Controller Area Network) CAN Injection theft begins at your car’s headlight module, but the only reason thieves have chosen this point of entry is because it offers them the easiest way to get hooked into a vehicle’s CAN bus system. For those unfamiliar, the CAN bus system of a vehicle is the method by which the numerous (Electronic Control Units) ECU’s throughout a modern vehicle communicate with each other. Thieves are using this central nervous system to their advantage by executing an attack referred to as “CAN injection.”

Someone has developed a tool (disguised as a JBL Bluetooth speaker and sold on the dark web) that when wired into a vehicle’s control CAN bus, can impersonate the vehicle’s key fob.  It is important to note that this vulnerability is not specific to any particular OEM or vehicle model, this is an industry-wide problem at the moment.

Thieves are pulling bumpers and trim pieces away from a vehicle, which allows them access to the CAN bus near the headlight connector. Many of a vehicle’s CAN bus systems will be found hidden deep inside a car, but since modern headlights are so smart these days, they require their own ECUs, which means they’re going to be wired into the whole car’s CAN bus system.

Once thieves find the correct wires to tap into, the theft device does the work for them. A simple “play” button on the fake JBL speaker injection tool is programmed to instruct the door ECU to unlock the doors, as though you have the actual key to the car in your hand. You turn the vehicle on in a similar fashion, and a thief can simply drive away with your car without ever coming into contact with the vehicle’s actual key fob.

If you notice that someone has been tampering with the trim or body panels near/around your headlights, you can contact the Wagoner County Sheriff’s Office at 918-485-3124 to report any information.