Don’t let anyone invade your CAN!

Last July, news broke about a man who was arrested for driving a stolen Lexus to steal another Lexus, which triggered a lot of talk about how often these types of luxury cars seem to be the targets of thieves in Japan. Personally, the one thing that bothered me about video of that incident was what the suspect was doing down near the wheel.

▼ In the security camera video we see the thief peel back the fender but then they cover up the camera to hide the rest of their work

Now a recent arrest which is said to be among the first of its kind in Japan, might shed some light on why the not-so-humble Lexus seems so theft-prone. The two suspects, a man from Sakai City, Osaka Prefecture, and Saitama City, Saitama Prefecture, are accused of using a “CAN invader” to steal a Lexus RX from a parking lot in Chiba Prefecture on 2 February.

“CAN invader” is the Japanese term for a device car thieves use to hack into a car’s controller area network (CAN) bus, which is the internal network that connects all of its components, from its ignition to its AC. We often don’t think about how computerized the average car has become, but it runs on volumes of coding comparable to that of a desktop operating system. Luxury cars, with all their comfort features, are even more integrated.

However, many automobiles tend to lack the same level of cybersecurity that personal computers enjoy. Even worse, the CAN sends data through the car’s regular wiring, which means it can be accessed simply by patching a CAN invader into any wire a thief can get their hands on. In the case of the those arrested, the headlights were a relatively easy access point from under the front bumper or through the wheel well.

▼ As we can see in this news report about the arrests, CAN invaders also come in stylish pink models

From there the CAN invader simply overrides the car’s security and gains access to everything, especially its locks and ignition, both within minutes and without causing any suspicious damage to the vehicle in the process. If the spate of thefts over the last year or so is anything to go by, it looks as if thieves have figured out the setup for the Lexus CAN bus in particular, and are having a field day stealing them.

▼ Think of it like that scene in Terminator 2 where young John Conner hacks into an ATM, elucidates the plot, and then rocks out to some GNR

The fact that it can be done fairly quickly and without a fuss is also making it very hard for the police to catch thieves who use CAN Invaders. The Hyogo Prefectural Police say that over 192 luxury cars have been stolen in this way all over Japan, amounting to 950 million yen (US$8.6M) in damages.

There are ways to protect against this, however. A trusty steering wheel lock might do the trick if a particular thief’s manual skills don’t live up to their digital ones. Third party engine immobilizers, that shut down the car when a theft attempt is made, are likely not affected by the CAN invader and also protect against the second most common method of relay thefts. This is where thieves boost the remote signal from the owner’s keys to make it seem like they are near the vehicle, thus allowing the doors to open and engine to start.

▼ Demonstration of an immobilizer on a cousin of the Lexus, the Toyota Highlander

But most importantly, it will be up to the manufactures to develop more securely encrypted internal networks for their vehicles in order to keep up with their ever-increasing sophistication. After all, it’s their cars’ reputations that are on the line.

Source: Yomiuri Shimbun, Asahi Shimbun, Chunichi Shimbun
Top image: Pakutaso
● Want to hear about SoraNews24’s latest articles as soon as they’re published? Follow us on Facebook and Twitter!