Toyota RAV4 2021 - stolen in less than two minutes

This attack isn’t the easiest to pull off, given that it requires a thief to partially disassemble the target car, but it’s powerful when done correctly — entirely bypassing the car’s key, unlike relay attacks that simply extend the key’s radio range. Tindell lists multiple solutions that automakers can implement, most notably the “zero trust” approach — wherein every device, even within a car’s internal CAN bus, needs to verify itself during any communication.


Zero trust would effectively stop these kids of attacks, but it would require a new commitment to security from automakers. As those companies continue to add new tech to cars, we can only hope they’ll start keeping up with securing it.

Check out Tindell’s full explanation of this vehicle vulnerability here. It’s an incredibly technical write-up, but Tindell does a great job of breaking it down so anybody can understand it.