Your Car Could Be Gone In 60 Seconds Too…

3137
Advertisement

According to a report published in Bloomberg, hackers are able to target vulnerabilities in electronic locks and immobilisers, accounting for about 42 percent of stolen vehicles in London. High priced vehicles are targeted more often and are at a risk of easy hacking, some even under 60 seconds. Turns out the hack is not just for a single car manufacturer, but for any keyless car employing electronic locks. Theft just moved from jacking to hacking.

Researchers looking into the field have found vulnerabilities in keyless car used by several vehicle manufacturers. Originally identified for the RFID transponders chip, the findings are making rounds for raising the issue of security in vehicles. After all, not everyone’s a millionaire (and the insurance sucks).

Oh! It’s a cold cruel world…

Back in 2012 when the researchers first found a hack into the system. They took it to the manufacturer of the affected chip. And later on to Volkswagen in 2013, who filed a lawsuit to block the publication of the paper. Turns out, filing a lawsuit is easier than solving a mistake that they made in the first place. The paper was finally out in 2015 but with an omission of the exact components of the chip.

Looking at the thieving tech

The use of technology and wireless in automobiles has been fascinating to say the least. The ease of operation with keyless car, brings along with it several issues to be considered. The top most would be hacking into the system and making away with the vehicle. Knowledge is after all a double edged sword.

The Bloomberg report listed out some of the vulnerabilities in keyless car. The top problem being the transponder used in the vehicles lacked a pseudo random number generator. The transponder provides repetitive data every time a wireless communication takes place between the lock and key.

Excerpts from the report

Some vulnerabilities

  • Without knowledge of the secret key, but by having only one authentication attempt, it is possible to gather an arbitrary length of keystream bits from the transponder.
  • With probability, 1/4 the output bit of the cipher is determined by only 34 bits of the internal state. As a consequence, (on average) one out of four authentication attempts leaks one bit of information about the secret key.
  • The 48 bit internal state of the cipher is only randomized by a nonce of 32 bits. This means that 16 bits of information over the secret key are persistent throughout different sessions.

Hacking Sessions

  • During the authentication algorithm the transponder does not provide any challenge to the reader. This notorious weaknesses allow an adversary to first acquire keystream and then use it to read or write any block on the card with constant communication and computational complexity
  • The cryptanalysis attack recovers the secret key after briefly communicating with the car and the transponder. It uses a general technique that can be applied to other LFSR-like stream ciphers.
  • The third attack is a custom cryptanalysis of the Hitag2 cipher. It only requires a few authentication attempts from the car and allows an adversary to recover the secret key with a computational complexity of 235 operations

Some build the lock others broke them. The level of sophistication of technology used in hacking into a keyless car has increased significantly. With the use of computers and brute force attacks to cycle through millions of combinations, this is now an automated process. Some speculate the device to be a transmitter operating in the 300-400 Mhz range. The beauty of the system is that all this can be done in under a minute. When David Beckham’s BMW X5 is not safe, where does the others stand?

Advertisement


Enter your email address:

Delivered by FeedBurner

SHARE YOUR THOUGHTS & COMMENTS

Please enter your comment!
Please enter your name here