A vulnerability disclosed earlier this month and affecting Toyota vehicles is gaining traction in the United States. Bad actors expose the glitch and create crafted devices that can start a car's engine in a matter of seconds. What’s worse is that many of these hacking devices end up online, where anyone can purchase them for a few thousand dollars.
Cybersecurity experts Ken Tindell and Ian Tabor discovered and reported the vulnerability. It allows a hacker to connect to the vehicle’s CAN bus by exposing the wires, most often from the headlight.
Because of the glitch, the hackers can send a forged key validation message to the ECU. For some reason, certain Toyota models, including RAV4, accept messages from other ECUs. As such, what hackers must do is build a device that mimics a secondary ECU, eventually being able to send a crafted message to launch the CAN injection exploit.
Read Article