CAN Injection: keyless car theft

We discussed this vulnerability during Episode 203 on 10 April 2023

At its core, this is pretty easy to understand, and isn’t especially novel, but it is an interesting area, stealing cars so worth covering. The core problem is simply that inside of a modern vehicle you have the Controller Area Network Bus (CAN Bus). All of the various Electronic Control Units (ECUs) in the vehicle are connected to this bus and can send messages to each other. So the Smart key might send out a message to the Door Control ECU indicating the key was pressed to unlock the door.

The problem is that on many vehicles there is no authentication checking, it is assumed that if a message is recieved it is legitimate. Of course, this is a rather closed off network so its not an insane idea that any device communicating on it is supposed to be there, its also difficult to implement meaningful authentication with disparate control units being included in any vehicle (and considering support support for aftermarket devices). None the less, messages are trusted, so an attacker who can find a way to hook into the network and send messages, can impersonate existing devices and send the appropiate commands to unlock and start a vehicle.