Car thieves now use the vehicle's headlamp ECU to bypass security systems

May 3, 2023

Have you heard about 'CAN injection,' an infuriatingly brilliant tactic thieves are now implementing to infiltrate and steal modern vehicles?

Brandon Steckler

I was humbled to death to learn that thieves are sometimes as intelligent (regarding vehicle security) as are we professional technicians who frequently address these same systems.

According to Zac Palmer of Autoblog, thieves are now using a tactic referred to as CAN injection to infiltrate and steal vehicles. The technique involves gaining access to any point in the CAN bus network and by simply injecting a security clearance message, can broadcast to all ECUs on the CAN bus network.

A less recent strategy called "relaying" involved recording the key fob's unlock message and playing it back to the vehicle (like a voice memo) to gain access. Thieves would have to be close enough to first record that message before using it to steal the vehicle. Now, the CAN injection strategy eliminates that requirement and instead uses a covert tactic involving printed circuit boards (as inconspicuous looking as a basic Bluetooth handheld radio) to gain access.

Thieves are now finding it easier to access the CAN bus, which once required them to be in the vehicle where the ECUs were located. However, with today's active headlamp technology, the headlamps are driven by a dedicated ECU. And unfortunately for the consumer, the ECUs are located in close proximity to the headlamps themselves.

Thieves simply rip the front fascia and/or wheelhouse liner back exposing the headlamp ECUs (and associated CAN bus wiring they communicate with the rest of the vehicle on). This offers premium access to the vulnerable CAN bus — like an exposed spinal cord. CAN injection doesn't request permission to access the vehicle and start the engine; it grants permission.

Unfortunately, there is nothing to be done to counter this tactic but to be more diligent in where you choose to park your vehicle. Thieves will never cease to amaze as they continually find new and innovative ways to bypass the security systems that keep our vehicles and content safe.

About the Author

Brandon Steckler | Technical Editor | Motor Age

Brandon began his career in Northampton County Community College in Bethlehem, Pennsylvania, where he was a student of GM’s Automotive Service Educational program. In 2001, he graduated top of his class and earned the GM Leadership award for his efforts. He later began working as a technician at a Saturn dealership in Reading, Pennsylvania, where he quickly attained Master Technician status. He later transitioned to working with Hondas, where he aggressively worked to attain another Master Technician status.

Always having a passion for a full understanding of system/component functionality, he rapidly earned a reputation for deciphering strange failures at an efficient pace and became known as an information specialist among the staff and peers at the dealership. In search of new challenges, he transitioned away from the dealership and to the independent world, where he specialized in diagnostics and driveability.

Today, he is an instructor with both Carquest Technical Institute and Worldpac Training Institute. Along with beta testing for Automotive Test Solutions, he develops curriculum/submits case studies for educational purposes. Through Steckler Automotive Technical Services, LLC., Brandon also provides telephone and live technical support, as well as private training, for technicians all across the world.

Brandon holds ASE certifications A1-A9 as well as C1 (Service Consultant). He is certified as an Advanced Level Specialist in L1 (Advanced Engine Performance), L2 (Advanced Diesel Engine Performance), L3 (Hybrid/EV Specialist), L4 (ADAS) and xEV-Level 2 (Technician electrical safety).

He contributes weekly to Facebook automotive chat groups, has authored several books and classes, and truly enjoys traveling across the globe to help other technicians attain a level of understanding that will serve them well throughout their careers.