What If: Targeted Assassination by CAN

2026, March 15    

It's 2023, and you wake up one morning to find your pride and joy has disappeared from the driveway. No sign of broken glass, the keys stored safely inside a lockbox, and yet the vehicle has vanished without a trace. Weeks later you're told that your type of vehicle could be stolen by getting to the wiring behind the headlights and using a cheap device that ties into the controller area network (CAN) bus.

This happened to multiple owners (and still happens today), as protection from this type of type of attack isn't easy. Worse, retrofitting countermeasures to older vehicles is considered costly / impractical, leaving owners out of luck. Given what the CAN bus ties into, there is potential for much worse than a vehicle being stolen...

You wake up one morning to find a CCTV alert from when you were asleep, showing two people on your driveway, seemingly trying to open the door while fiddling with a headlight. After seeing that they were only there for 60 seconds before rushing away, you consider yourself lucky that they couldn't steal your vehicle. A quick check reassures you that everything is fine, however the reality is much worse (you just don't know it yet).

What you didn't see in the footage was that your headlight was removed just enough for an in-line device to be attached, no bigger than an inch in any direction, looking like a car part that wouldn't be out of place if someone looked. The device in question, a microcontroller that is now connected directly to the CAN bus of the vehicle, with access to all of the systems.

Breakfast finished, you get into the vehicle and set off to your work taking the same route that you normally take, including the fast road with the lack of safety barriers and only a small kerb to keep you from a significant drop (or worse, nothing keeping you from the vehicles on the opposite side). 20 minutes into your uneventful journey (as you approach another vehicle at speed), your vehicle sharply steers off the road in less than a second, applying full force to both the steering and the nearside front wheel (leaving you with zero control / chance to override).

10 seconds later, your vehicle finally comes to an abrupt stop (after rolling multiple times), with every aspect of it (especially the front) obliterated. As the smoke begins to settle, your vision goes dark and you take your last breath. There is no happy ending for you here...

The accident investigation team arrive to examine what remains of the vehicle and to determine what happened. A lone tyre mark shows sharp braking, which aligns with your dashcam footage showing the sharp turn off the road. The wreckage is assessed as much as it can be given the time constraints, and the verdict is that the driver overreacted upon getting close to the vehicle in front (likely from being distracted), applied the brakes (which locked a wheel), and caused the vehicle to swerve off the road. Case closed.

As for the programmed device, be it the company that handled the wreckage, the commonly used scrapyard, or even someone investigating the scene, it gets removed quicker than it was fitted, leaving no trace that it was even there. After all, how often is the ECU of a vehicle checked after an accident to see if a rogue device was present / if signals were being injected? A quick reprogram and its ready for the next target vehicle.

For those skeptical of the viability of this, chips to interface with the CAN bus are very cheap and very small. There are even open source projects for controlling the different systems in a vehicle using a controller, which can be used as a footprint to start from. As the bus has access to the speed / location / time, it doesn't take much to program the logic for when to apply the brakes / steering / throttle etc.

Gone are the days of cutting a brake pipe...