CANbus attack?

[50p]

I found this on the Lexus UX forum .. it mentions a cambus attack which can affect all modern Toyotas. Has anyone heard of this at all?

Hope I haven't breached any rules here ...

 

Q) Hoping someone clever can help me figure out this conundrum.
Last night someone stole my UX 250h. We heard a loud thud of something solid breaking (not glass) and went to the window when we saw a man wearing a covid mask swiftly start walking away from the car.
Checked the car was ok and still locked and went to sleep.
Woke up in the morning to find the car gone and notifications on My Lexus app saying Hybrid System Malfunction, Sonar System Malfunction, One or more doors unlocked.
Long story short, the location was still tracking so I immediately went there and took the car back. It’s now at the garage to be re-secured but I cannot figure out how they did it.
Both keys were protected in Faraday pouches.
There was some minor damage to the left side front wheel well and guard was sticking out. The plastic panel under multimedia was ripped off. The left indicator was making a double speed noise. That’s about it - no broken windows or doors!
Please share if you know what happened so I can try to keep my car safe when I get it back.

A) They seem to go for the passenger side wheel well a lot. Chances are the ECU is probably located near there. Or the alarm siren module?
Unfortunately this isn't anything to do with a relay attack with the keys. It is a CAN bus attack - they get to the wiring in the wheel arch and disable alarm/open doors etc. Most modern Toyotas seem to be susceptible - UX, RX, RAV4 etc.
A steering wheel lock is probably going to be the most effective deterrent. Something like a ghost immobiliser would stop them taking the vehicle but they could still do damage before discovering it is immobilised.

Q) Would putting the key fob in standby mode and placing it in a fully working Faraday wallet stop the vehicle been stolen.

A) No, not with the method used to steal OP’s vehicle.

Edited August 22, 2022 by 50p
spelling mistake

[Cyker]

It's CANbus (Control Area Network), and yeah it's an issue not just with Toyotas but with almost all modern cars.

It's a tricky attack to perform as you have to target a very specific vehicle, but as cars integrated more and more computer stuff it's been increasingly a weakness.

TBH manufacturers were warned, as previously they'd have separate CANbus networks for infotainment and engine, but in modern cars they're merged to allow more features and to save money and this is opening them up to new attack vectors.

This isn't even the worst one - Tesla have one of the most integrated systems and it was actually possible to remotely hack into the car and drive it away without even being near it (Difficult in practice since you can't see where you're driving it  ), until they patched out the vulnerabilities.

It's not something I'm too concerned about personally, as the level of technical knowledge and expertise required to do it is so high - Usually such a person would have a well paying job and wouldn't need to resort to the relatively low-paying and high-risk occupation of stealing cars.

So as long as flash22 remains employed we're probably all safe  

 

[Cyker]

Ooops apologies to Tesla, got me vulnerables mixed up! Apparently their one wasn't quite as bad, just hacking the doors to gain entry and start the car.

It was a Jeep that had the really fun remote hacks!

 

 

... but yeah, this is one of the reasons I've been put off cars with always-on internet connections...!

 

[forkingabout]

There are far easier ways to steal most modern vehicles these days then attacking the CAN system.

Theft via OBD port is far easier ( thanks EU law makers 🙄 ) 

As for the Autowatch Ghost it is easy to defeat once found & there are only so many places installers bother to hide it.

FWIW the latest Toyota 80 volt electric counter balance forklift has 3 separate CAN networks due to the necessity of keeping certain systems on separate networks.

[Bernard Foy]

1 hour ago, Cyker said:

It's CANbus (Control Area Network), and yeah it's an issue not just with Toyotas but with almost all modern cars.

It's a tricky attack to perform as you have to target a very specific vehicle, but as cars integrated more and more computer stuff it's been increasingly a weakness.

TBH manufacturers were warned, as previously they'd have separate CANbus networks for infotainment and engine, but in modern cars they're merged to allow more features and to save money and this is opening them up to new attack vectors.

This isn't even the worst one - Tesla have one of the most integrated systems and it was actually possible to remotely hack into the car and drive it away without even being near it (Difficult in practice since you can't see where you're driving it  ), until they patched out the vulnerabilities.

It's not something I'm too concerned about personally, as the level of technical knowledge and expertise required to do it is so high - Usually such a person would have a well paying job and wouldn't need to resort to the relatively low-paying and high-risk occupation of stealing cars.

So as long as flash22 remains employed we're probably all safe  

 

Cyker, Flash is gonna sue the pants off you 😂🤣😂

[Cyker]

Aha! This is why I don't use my real name or location! Bwahaha, oh hold on there's someone at the do-