Hackers Are Now Pulling Away Bumpers to Steal Your Car

The smarter vehicles are becoming, the more prone they are to hacks, and a security researcher has now uncovered a technique that exposes every new Toyota.
Hacking a RAV4 is easier than you think 12 photos
Photo: Bogdan Popa/autoevolution/Toyota
2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport2023 Toyota RAV4 GR Sport
After his RAV4 was the subject of such an attack, Ian Tabor, an automotive cybersecurity expert from EDAG Group, discovered that hackers can connect to the vehicle using the headlight wiring.

The method is likely to send shivers down Toyota owners’ spines. After finding a Toyota to hack, cybercriminals approach the vehicles and pull away the front bumper. Sure enough, a failed hack would make some drivers believe they were the victim of a hit-and-run.

In fact, such damage could be the result of a hack attack, only that the bad actor either didn’t have the time to complete the exploit or failed to hijack the vehicle.

Together with Ken Tindell, the CTO of Canis Automotive Labs, Tabor discovered that some Toyota models, including the RAV4, trust messages from other electronic control units. This is precisely how hackers attempt to take control of the vehicle.

By exposing the headlight connector and being able to connect to the CAN bus, an attacker attempts to trick the ECU by sending a forged key validation message. This way, the hackers would eventually be able to unlock the vehicle doors and disable the engine immobilizer without a key. Once the exploit is successful, a hacker can jump into the vehicle and drive away.

Needless to say, the method is a no-brainer given Toyota’s vehicles don’t seem to employ any security mechanism to ignore messages from other ECUs. As such, hackers can turn to specially crafted devices to send forged messages and launch the CAN injection exploit. In one case, the attack was launched with a JBL Bluetooth speaker that no longer had the speaker components. With the crafted CAN Injector embedded into the JBL circuit board, the attack would eventually launch from a device whose price comes down to only a few bucks.

The security researcher explains he has already reached out to Toyota. The Japanese carmaker apparently ignored the warnings, so the vulnerability was eventually made public. Toyota does not have a vulnerability disclosure program, but given attacks are already happening in the wild, the carmaker should prioritize hardening the way the ECU handles messages from outside.

A video demonstration of the hack taking place on a 2021 Toyota RAV4 is worrying, to say the least. The whole exploit takes only two minutes, showing just how vulnerable Toyota vehicles are once the necessary hardware for the attack is put together.

The security researchers say they are willing to test their exploit on any car from a different brand, so carmakers are encouraged to reach out to them for such tests.
If you liked the article, please follow us:  Google News icon Google News Youtube Instagram X (Twitter)
About the author: Bogdan Popa
Bogdan Popa profile photo

Bogdan keeps an eye on how technology is taking over the car world. His long-term goals are buying an 18-wheeler because he needs more space for his kid’s toys, and convincing Google and Apple that Android Auto and CarPlay deserve at least as much attention as their phones.
Full profile


Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories