I was humbled to death to learn that thieves are sometimes as intelligent (regarding vehicle security) as are we professional technicians who frequently address these same systems.
According to Zac Palmer of Autoblog, thieves are now using a tactic referred to as CAN injection to infiltrate and steal vehicles. The technique involves gaining access to any point in the CAN bus network and by simply injecting a security clearance message, can broadcast to all ECUs on the CAN bus network.
A less recent strategy called "relaying" involved recording the key fob's unlock message and playing it back to the vehicle (like a voice memo) to gain access. Thieves would have to be close enough to first record that message before using it to steal the vehicle. Now, the CAN injection strategy eliminates that requirement and instead uses a covert tactic involving printed circuit boards (as inconspicuous looking as a basic Bluetooth handheld radio) to gain access.
Thieves are now finding it easier to access the CAN bus, which once required them to be in the vehicle where the ECUs were located. However, with today's active headlamp technology, the headlamps are driven by a dedicated ECU. And unfortunately for the consumer, the ECUs are located in close proximity to the headlamps themselves.
Thieves simply rip the front fascia and/or wheelhouse liner back exposing the headlamp ECUs (and associated CAN bus wiring they communicate with the rest of the vehicle on). This offers premium access to the vulnerable CAN bus — like an exposed spinal cord. CAN injection doesn't request permission to access the vehicle and start the engine; it grants permission.
Unfortunately, there is nothing to be done to counter this tactic but to be more diligent in where you choose to park your vehicle. Thieves will never cease to amaze as they continually find new and innovative ways to bypass the security systems that keep our vehicles and content safe.
