The photos come from the UK and show a Range Rover car in which the thieves overcame the anti-theft system by brutally making a hole in the tailgate in order to get to the CAN harness and use it to perform an electronic attack, open the locks and disarm security. They masked the big hole in the flap with… a sticker.
For those who have recently been following the reports of car thefts, such an unsubtle method of getting into a car may come as a surprise. In times when thieves more and more often have equipment using the “suitcase” method, able to intercept a signal, for example, from a key that is away from the car, at home or in the pocket of the rightful user, or a pocket “game boy”, which seconds makes a virtual car key and allows you to get into the car and start the engine, drilling a hole in the hatch seems a strange idea.
We asked experts who have been studying car security for years. It turns out that the method of forcibly accessing the CAN harness and plugging in a device that disarms security is nothing new. In a similar way, a few years ago, e.g. cars of one of the Japanese brands, although there the burglary mechanism looked a bit more subtle. The vulnerable beam could be accessed by tearing out, for example, the plastic wheel arch cover. In the meantime, however, the thieves got better equipment that made the car stealable without such a hassle.
For people more familiar with the subject, this form of attack may resemble a bit of thieving ways from the 90s, to silence primitive alarms. The thieves broke the lampshade, shorted it and the alarm (also controlling the blinking of the lights) stopped working.
So why did British thieves attack the Range Rover like this? There are at least two reasons. First things first! First of all, Range Rover cars are among the most frequently stolen in the UK – about 5,000 of them disappear every year in the UK. Maybe it’s about their exceptional attractiveness, or maybe it’s about the above-average demand for parts for these cars?
Why did they break the lid instead of stealing “on the suitcase”?
To reduce the problem, the manufacturer has been using the improved “keyless go” system for several years, using the so-called UWB (Ultra Wideband). Standard keyless systems can be easily fooled by using special equipment (“suitcases”) to extend the communication between the car and the key. One of the criminals is standing by the car, the other has to get close to the key, which can be even behind the wall of the building or in the pocket of the car owner walking around the store. The suitcases are used to transmit the signal over a long distance – the system is factory-configured so that the locks open when the key is next to or in the car – and the “suitcases” simulate just that.
In systems that use a wider band (UWB), the electronics precisely measure the time of signal transmission between the car and the key and back. If it is too long (transmission via “suitcases” causes minimal delays), the system locks up. While, for example, Range Rover models from 2015-2016 are very susceptible to suitcase theft, the newer ones require criminals to have at least above-average good equipment, or … take shortcuts. Nowadays, with the widespread availability of powerful battery tools, drilling or cutting a hole in the body is a matter of seconds – it’s often easier than … breaking a strong window!
The second possible reason – the theft was attempted by moderately bright amateurs.
The best proof that the criminals who tried to steal the Range Rover shown in the photos are not masters of their profession is the fact that such photos were taken. The car was recovered thanks to the locator installed in it. Real professionals are usually able to protect a stolen car from being traced.
-By the way, the photos also show anti-theft protection, which is now used in Poland only by pensioners who will praise the habits of the 80s and 90s, i.e. a lock on the steering wheel. As expected, it didn’t work.
More text below the video
Why is it possible to disable the security by getting to the beam in the hatch?
The whole secret lies in how the CAN bus works in the car. CAN-bus, i.e. a serial communication bus, is a method of data transmission in a car that allows on-board devices and controllers to send information to each other. To put it simply – instead of running separate wires to each electrical receiver or actuator in the car to control them, individual receivers are permanently connected to the power supply and to a common bus, through which commands are digitally sent to them. There are modules next to each actuator device, which detect only those signals from the bus that are directed to them.
In such a system, individual devices are ranked according to importance – if they transmit simultaneously, the device with a higher priority has priority.
Depending on the vehicle, there may be several buses, e.g. separate for comfort systems, locks, interior equipment, separate for security systems, and separate for operating electronics controlling the drive. It is enough to plug in any place of the appropriate bus to be able to control all the elements connected to it with the appropriate equipment.
CAN bus: facilitates both theft and protection of the car against theft
The specificity of the car CAN bus can be used in various ways – both to steal a car and to protect it from theft. One of the most effective ways to protect a modern car against theft is to connect a module to the bus that immobilizes one of the components necessary for driving, e.g. by reporting its failure to the controller or blocking the possibility of engaging the gear. This is a much more sophisticated solution than, for example, primitive alarms and immobilizers that used hidden relays. Finding a well-hidden CAN immobilizer is almost impossible, unlike locating and disabling the “control panel” of a traditional alarm.
