YOUR CAR
CAN BE STOLEN
in under 60 seconds with no alarm triggered
CAN bus injection: the theft method hiding behind your headlight
No key fob involved, no signal to relay or jam. This attack plugs directly into your car’s internal wiring and talks to your engine control unit in a language it already trusts. Here is what that actually means.
How CAN bus injection actually works
Modern cars run on an internal network called the CAN bus, where different modules, the engine control unit, the immobiliser, the lights, all talk to each other using a shared electronic language. A CAN bus injection attack gains physical access to that network, often through the wiring behind a headlight or wheel arch, and sends messages that mimic what a genuine key or module would send.
Some tools used for this are built to look like ordinary electronics, disguised inside everyday-looking housings, specifically so they draw no attention if noticed near a vehicle. Once connected, the device can send the exact message the factory immobiliser expects to hear, and the car authorises a start.
This is a different attack surface entirely from the key fob. No relay is involved, no jamming, nothing to capture from your house. The vulnerability sits inside the car itself.

Why this attack is hard to prevent from the factory side
Speaks the Trusted Language
The factory immobiliser is built to trust CAN bus messages that look genuine. An injected message formatted correctly is simply accepted.
Entry Point Is Physical, Not Digital
Access usually comes through exposed wiring, most commonly around the headlight, which is a known weak point on many models.
No Software Update Fixes Old Wiring
Unlike a phone app vulnerability, this cannot be patched over the air on vehicles already built with exposed wiring runs.
Where a relay immobiliser actually fits into this picture
A relay immobiliser like LockCar’s does not sit inside the same conversation the factory immobiliser and the CAN bus are having. It is a separate, independent switch in the start circuit, authorised only by your paired phone and proximity tag. An injected CAN message can convince the factory system perfectly and still find the LockCar relay open.
CAN bus injection works by successfully impersonating a trusted voice on a network. LockCar’s relay immobiliser is not part of that network’s conversation at all, so there is nothing on the CAN bus for the injected message to convince.
LockCar recommended for this page

- Independent of the CAN bus authorisation entirely
- Movement alerts if the vehicle is still moved
- Live camera stream and remote immobilisation
- No mandatory monthly subscription
- Same independent relay break protection
- For owners who already have a separate tracker
- From £150 fitted, full insurance certificate
Frequently asked questions
Is CAN bus injection the same thing as a relay attack?
No. A relay attack relays your genuine key fob’s signal. CAN bus injection involves physical access to the car’s internal wiring and does not need your key fob’s signal at all.
Does fitting LockCar mean thieves cannot access my CAN bus at all?
LockCar’s relay immobiliser does not stop physical access to the wiring. It stops the outcome that access is used to achieve, by requiring separate authorisation before the engine can start, regardless of what the CAN bus itself has been told.
Are some cars more exposed to this than others?
Exposure depends on the specific wiring layout and factory immobiliser design of each model. If you are unsure about your vehicle, ask your installer during booking.
Add a lock that is not part of the CAN bus conversation
LockCar relay immobilisers are fitted UK-wide, with a full insurance certificate included.
























