Monday, June 24, 2024

Your Car Could Be Gone In 60 Seconds Too…

- Advertisement -

According to a report published in Bloomberg, hackers are able to target vulnerabilities in electronic locks and immobilisers, accounting for about 42 percent of stolen vehicles in London. High priced vehicles are targeted more often and are at a risk of easy hacking, some even under 60 seconds. Turns out the hack is not just for a single car manufacturer, but for any keyless car employing electronic locks. Theft just moved from jacking to hacking.

Researchers looking into the field have found vulnerabilities in keyless car used by several vehicle manufacturers. Originally identified for the RFID transponders chip, the findings are making rounds for raising the issue of security in vehicles. After all, not everyone’s a millionaire (and the insurance sucks).

Oh! It’s a cold cruel world…

Back in 2012 when the researchers first found a hack into the system. They took it to the manufacturer of the affected chip. And later on to Volkswagen in 2013, who filed a lawsuit to block the publication of the paper. Turns out, filing a lawsuit is easier than solving a mistake that they made in the first place. The paper was finally out in 2015 but with an omission of the exact components of the chip.

- Advertisement -

Looking at the thieving tech

The use of technology and wireless in automobiles has been fascinating to say the least. The ease of operation with keyless car, brings along with it several issues to be considered. The top most would be hacking into the system and making away with the vehicle. Knowledge is after all a double edged sword.

The Bloomberg report listed out some of the vulnerabilities in keyless car. The top problem being the transponder used in the vehicles lacked a pseudo random number generator. The transponder provides repetitive data every time a wireless communication takes place between the lock and key.

Excerpts from the report

Some vulnerabilities

  • Without knowledge of the secret key, but by having only one authentication attempt, it is possible to gather an arbitrary length of keystream bits from the transponder.
  • With probability, 1/4 the output bit of the cipher is determined by only 34 bits of the internal state. As a consequence, (on average) one out of four authentication attempts leaks one bit of information about the secret key.
  • The 48 bit internal state of the cipher is only randomized by a nonce of 32 bits. This means that 16 bits of information over the secret key are persistent throughout different sessions.

Hacking Sessions

  • During the authentication algorithm the transponder does not provide any challenge to the reader. This notorious weaknesses allow an adversary to first acquire keystream and then use it to read or write any block on the card with constant communication and computational complexity
  • The cryptanalysis attack recovers the secret key after briefly communicating with the car and the transponder. It uses a general technique that can be applied to other LFSR-like stream ciphers.
  • The third attack is a custom cryptanalysis of the Hitag2 cipher. It only requires a few authentication attempts from the car and allows an adversary to recover the secret key with a computational complexity of 235 operations

Some build the lock others broke them. The level of sophistication of technology used in hacking into a keyless car has increased significantly. With the use of computers and brute force attacks to cycle through millions of combinations, this is now an automated process. Some speculate the device to be a transmitter operating in the 300-400 Mhz range. The beauty of the system is that all this can be done in under a minute. When David Beckham’s BMW X5 is not safe, where does the others stand?

Researchers working on understanding the system were able to break the 96-bit cryptographic system, by recording two conversations between the transponder and the key. The system tried a total of 196,607 options of secret keys before hitting the jackpot. Granted it took them inwards of half an hour, but if the researchers could break the system with just 2 recorded conversations, one wonders what Randall Raines (Nicolas Cage in Gone in 60 seconds) would do to your vehicle.

Power amplifier extends the range

keyless car operationOther reports explain the tech could be a power amplifier. This is a nifty little device that does things a bit differently and works on the basics of electronics. In keyless entry vehicles, the vehicle searches for the key (wireless). If the key replies back with a secure code, the door is unlocked for you. The traditional system, or the one used in vehicles is effective in distances of about a couple of meter (at most).

What this power amplifier does is, amplify the range of the vehicle. So now instead of a couple of meters, now it can search up to whatever distance the power amplifier allows it to. Meaning, if the keys are kept on the dressing table, and the keyless car is parked behind a fence, you are at a very high risk of the car stolen. Power amplifiers could extend the range to about tens of meters. And I thought hotwiring a car took skill. With easy availability of these systems over e-commerce stores, this is a very major concern.

Taking care of the thieves

With the current sales of vehicles at about 72.37 million (2015) worldwide, this could very well turn into a very serious issue. These are not the thieves who bump into you, pick your pockets, and make away with your vehicle. These thieves are efficient with technology, they taking their time and before you know it, the keyless car is gone. Reminds me of the Italian job. Nick Bilton, in an article for the nytimes, explained his way of securing his vehicle by keeping his keys in the refrigerator. This very practical implementation of one of the complex concepts of science, is known as a Faraday’s Cage.

What’s a Faraday Cage?

A Faraday cage is an enclosure consisting of an electrically conductive outer layer. The shape of the enclosure however can be modeled as per requirement. It can be anything from a handy pouch to cylindrical or cubical boxes. The enclosure can be entirely made out of conductive material, or an alternative would be a cardboard box, wrapped in aluminium foil. All kinds of faraday cage have been employed by our on screen stars ranging from Steve Austin (Condemned) to Jason Bourne to scramble and hide from tracking devices.

A Faraday cage is essentially a metal box, meant to keep signals out (or in). The applied external (or internal) field causes the charges within the cage’s conducting material to be distributed so they cancel the effect on the other side. This phenomenon originally developed for electricity can also be implemented to keep radio signals out.

So you essentially have to walk around with a metal bag to keep your keys in. Sounds difficult? Not so much.

Portable Faraday cage pouch

Turns out there are already products in the market catering to this problem. After all necessity is the mother of invention. One way to keep a keyless car from automatically opening is to keep your keys in the refrigerator as Bilton did. Or you can go for a personal faraday cage. The bags are available over e-commerce stores for as low as ₹ 100. Still too much? Take a piece of aluminium foil in your bag the next time you travel.

Imagine waking up one day to a beautiful sunshine. You go for a run, have a healthy breakfast, get ready to leave for your office. Pack your things, get your keys. Down the stairs and to the parking. Only to find out, there is no car. You look nearby, in hopes of finding it nearby, but it is nowhere in sight. Panic kicks in. If reports are to be believed, that panic can very soon be real and not just imaginary.

Still some areas to look into

This would be one of the safeguards which won’t allow the key and lock to interact. However the system developed by researchers based on cracking the 96 bit encryption, is a whole another issue. That would require the thief to be efficient with computers and notorious in their approach. And judging from the number of hacking attempts on websites, one can very easily judge the number of criminal minds available. Hopefully we can have some changes by automakers in the 300 million cars (estimated) already sold worldwide since the introduction of keyless entry into vehicles.

And possibly hope for some better system in the newer versions.


Unique DIY Projects

Electronics News

Truly Innovative Tech

MOst Popular Videos

Electronics Components