There’s a new form of keyless car theft that works in under 2 minutes

Infrared image of a person jimmying open a vehicle.

Enlarge / Infrared image of a person jimmying open a vehicle.

Getty Images

When a London man discovered the front left-side bumper of his Toyota RAV4 torn off and the headlight partially dismantled not once but twice in three months last year, he suspected the acts were senseless vandalism. When the vehicle went missing a few days after the second incident, and a neighbor found their Toyota Land Cruiser gone shortly afterward, he discovered they were part of a new and sophisticated technique for performing keyless thefts.

It just so happened that the owner, Ian Tabor, is a cybersecurity researcher specializing in automobiles. While investigating how his RAV4 was taken, he stumbled on a new technique called CAN injection attacks.

The case of the malfunctioning CAN

Tabor began by poring over the “MyT” telematics system that Toyota uses to track vehicle anomalies known as DTCs (Diagnostic Trouble Codes). It turned out his vehicle had recorded many DTCs around the time of the theft.

The error codes showed that communication had been lost between the RAV4’s CAN—short for Controller Area Network—and the headlight’s Electronic Control Unit. These ECUs, as they’re abbreviated, are found in virtually all modern vehicles and are used to control a myriad of functions, including wipers, brakes, individual lights, and engine. Besides controlling the components, ECUs send status messages over the CAN to keep other ECUs apprised of current conditions.

This diagram maps out the CAN topology for the RAV4:

Diagram showing the CAN topology of the RAV4.

Diagram showing the CAN topology of the RAV4.

Ken Tindell

The DTCs showing that the RAV4’s left headlight lost contact with the CAN wasn’t particularly surprising, considering that the crooks had torn off the cables that connected it. More telling was the failure at the same time of many other ECUs, including those for the front cameras and the hybrid engine control. Taken together, these failures suggested not that the ECUs had failed but rather that the CAN bus had malfunctioned. That sent Taber searching for an explanation.

The researcher and theft victim next turned to crime forums on the dark web and YouTube videos discussing how to steal cars. He eventually found ads for what were labeled “emergency start” devices. Ostensibly, these devices were designed for use by owners or locksmiths to use when no key is available, but nothing was preventing their use by anyone else, including thieves. Taber bought a device advertised for starting various vehicles from Lexus and Toyota, including the RAV4. He then proceeded to reverse engineer it and, with help from friend and fellow automotive security expert Ken Tindell, figure out how it worked on the CAN of the RAV4.

Inside this JBL speaker lies a new form of attack

The research uncovered a form of keyless vehicle theft neither researcher had seen before. In the past, thieves found success using what’s known as a relay attack. These hacks amplify the signal between the car and the keyless entry fob used to unlock and start it. Keyless fobs typically only communicate over distances of a few feet. By placing a simple handheld radio device near the vehicle, thieves amplify the normally faint message that cars send. With enough amplification, the messages reach the nearby home or office where the key fob is located. When the fob responds with the cryptographic message that unlocks and starts the vehicle, the crook’s repeater relays it to the car. With that, the crook drives off.

“Now that people know how a relay attack works … car owners keep their keys in a metal box (blocking the radio message from the car) and some car makers now supply keys that go to sleep if motionless for a few minutes (and so won’t receive the radio message from the car),” Tindell wrote in a recent post. “Faced with this defeat but being unwilling to give up a lucrative activity, thieves moved to a new way around the security: bypassing the entire smart key system. They do this with a new attack: CAN Injection.”

Read More
Dan Goodin

Latest

I’m filling in at The Verge for 6 weeks. Ask me anything!

David Imel is a technology reporter who has been covering the industry since 2007. He co-hosts the Waveform podcast with MKBHD. A former engineer, he now specializes in topics like computational photography and social media protocols. Hello my friends! My protocol pals! My computational compadres! I’m David, a technology reporter and cohost of the Waveform

Is an air-conditioning revolution coming to Europe?

The AC culture wars may be solved by advances in environmentally friendly technology. If you’re reading this while the blinds are drawn against yet another heat wave and wondering whether it’s finally time to buy an air conditioner, you’re far from alone. At the end of June, as temperatures climbed well above 40° Celsius across

CW@60: Living with the digital revolution

Parliamentarian Lord Tim Clement-Jones highlights the growing impact of technology in politics across his career By Lord Tim Clement-Jones Published: 10 Jul 2026 On 22 September 2026, Computer Weekly turns 60. To mark the milestone, we asked some of our friends - experts, parliamentarians, IT leaders and suppliers - for their perspectives on how tech

Circular IT turns sustainability ambitions into measurable technology for UAE organisations

As the UAE accelerates its Net Zero 2050 Strategy, CIOs are embedding sustainability into technology lifecycle management, circular IT and data-driven decision-making to reduce emissions, improve efficiency and tackle the growing challenge of e-waste By Andrea Benito , Computer Weekly Published: 09 Jul 2026 10:30 Sustainability is no longer a standalone environmental initiative, it is

Newsletter

Don't miss

I’m filling in at The Verge for 6 weeks. Ask me anything!

David Imel is a technology reporter who has been covering the industry since 2007. He co-hosts the Waveform podcast with MKBHD. A former engineer, he now specializes in topics like computational photography and social media protocols. Hello my friends! My protocol pals! My computational compadres! I’m David, a technology reporter and cohost of the Waveform

Is an air-conditioning revolution coming to Europe?

The AC culture wars may be solved by advances in environmentally friendly technology. If you’re reading this while the blinds are drawn against yet another heat wave and wondering whether it’s finally time to buy an air conditioner, you’re far from alone. At the end of June, as temperatures climbed well above 40° Celsius across

CW@60: Living with the digital revolution

Parliamentarian Lord Tim Clement-Jones highlights the growing impact of technology in politics across his career By Lord Tim Clement-Jones Published: 10 Jul 2026 On 22 September 2026, Computer Weekly turns 60. To mark the milestone, we asked some of our friends - experts, parliamentarians, IT leaders and suppliers - for their perspectives on how tech

Circular IT turns sustainability ambitions into measurable technology for UAE organisations

As the UAE accelerates its Net Zero 2050 Strategy, CIOs are embedding sustainability into technology lifecycle management, circular IT and data-driven decision-making to reduce emissions, improve efficiency and tackle the growing challenge of e-waste By Andrea Benito , Computer Weekly Published: 09 Jul 2026 10:30 Sustainability is no longer a standalone environmental initiative, it is

Elon Musk SpaceX AI Predicts Incredible Bitcoin Price For Next 30 Days

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  June 13, 2026 Here is the thing about capitulation calls. They only sound

Breitbart Business Digest: Stacking Those $250 Trump Bills

Weekly Wrap: Making It Rain with Trump Bills Welcome back to Friday! This is the Breitbart Business Digest weekly wrap, our septidialogic sweep through the economic and financial news. This week the economy failed to get indigestion from the high price of gas, Treasury Secretary Scott Bessent told us about getting fed at the Fed, Trump

Business seminar in Munich highlights Hong Kong’s strategic roles amidst global shifts (with photos)

Business seminar in Munich highlights Hong Kong's strategic roles amidst global shifts (with photos) ******************************************************************************************      The Hong Kong Economic and Trade Office, Berlin (HKETO Berlin), promoted Hong Kong's unique advantages and strategic roles at the seminar "Hong Kong's strategic role amidst geopolitical tensions" on June 18 (Munich time) in Munich, Germany.             Senior executives, investors

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity