Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Stolen by CAN Injection in 90 seconds

This site may earn commission on affiliate links.
Tam

Tam

Well-Known Member
Nov 25, 2012
13,415
12,424
California
#1
The video recorded how thieves were able to steal Lexus RX in 90 seconds by accessing the headlight through the wheel arch. Headlights are controlled by ECU (electronic control unit). From there, a thief can reprogram the ECU to unlock the door and drive away. Thus, it's called CAN Injection.

www.autoevolution.com

Watch Thieves Steal an SUV in 90 Seconds, the Key Fob Doesn't Need To Be Nearby

It's getting harder and harder to protect your vehicle from being stolen. Not even parking in front of a working surveillance system will deter nefa...
www.autoevolution.com www.autoevolution.com

Wonder if PIN to Drive can deny the thief from driving away away? Or could the thief do some ECU programs to bypass the PIN as well?
 
#2
Toyota was never hard to steal, firsly need to understand whats CAN and how it works. There are different CANs in normal cars like MB or BMW and so on, where they are separated for drivetrain, convenience, peripherial and so on, means. You can't steal it via connecting to headlights' control modules, because there are different bytes fleeing and it would not support bytes thief would send to CAN. All depends on separation of CANs in Tesla. I yet have not found any schematic diagrams for newer teslas
 
#3
1. Tesla headlights do not have a CAN bus connection. They use LIN bus.

2. It depends on the security design of the vehicle in question, and every automaker has their own system. It appears that Toyotas have weak/non existent security in that regard.

For example in a BMW the smart key or immobilizer key authenticates with the CAS module to allow car access (eg door unlock or allows the start button to turn on the car). The CAS module then authenticates with the DME via a direct connection (not over CAN) to allow engine start. These are encrypted rolling authorization codes that are sent between the modules. This type of CAN injection wouldn’t be able to start the car.

Toyota on the other hand has the smart key authenticate with the gateway, but after that seems to just use a generic static authorization message via CAN to tell the ECU an authorized key is present and it’s ok to allow engine start. That’s akin to writing the password to your computer on a post it next to it and wondering how someone gained access to your computer.
 
  • Funny
Reactions: brainhouston
You must log in or register to reply here.

Similar threads

T
20,000 mile USA road trip with a Model 3
Replies
18
Views
7K
Model 3: Driving Dynamics
Patranjo
Patranjo
Fact Checking
Reporting on Tesla by Russ Mitchell (LA Times)
Replies
98
Views
26K
TSLA Investor Discussions
bhzmark
bhzmark
malcolm
Keyless Entry Thefts
Replies
5
Views
4K
Model S: User Interface
FlasherZ
FlasherZ
Wiki
Wiki Model S software/firmware changelog
Replies
184
Views
330K
Wiki
pjw65
pjw65
Slackjaw
Wiki Roadster VDS Messages
Replies
36
Views
41K
Wiki
einhalv
E
Top
Back
Blog
New
Forum list
Marketplace
Menu