Enlarge /. The brand new Toyota Camry. It's lower and wider and slimmer than before, and we think from that point of view it managed to make it look pretty sporty.
In recent years, owners of cars with keyless starting systems have learned to think about so-called relay attacks, in which hackers use radio-controlled keys to steal vehicles without a trace. Now it turns out that millions of other cars that use chip-type mechanical keys are also prone to high-tech theft. A few cryptographic errors in combination with a small, old-fashioned hot-wiring – or even a well-placed screwdriver – let hackers clone these keys and drive them away in a matter of seconds.
Researchers from KU Leuven in Belgium and the University of Birmingham in the UK discovered earlier this week new vulnerabilities in the immobilizer encryption systems, the radio-controlled devices in cars that communicate up close with a key fob to unlock the car's ignition and release start it. In particular, they found problems with the implementation of a Texas Instruments encryption system called DST80 by Toyota, Hyundai, and Kia. A hacker who steals a relatively inexpensive Proxmark RFID reader / transmitter near a car keychain with DST80 inside can get enough information to derive its secret cryptographic value. This in turn would allow the attacker to use the same Proxmark device to pretend to be a key in the car, to deactivate the immobilizer and to start the engine.
The researchers say the affected car models include the Toyota Camry, Corolla, and RAV4; the Kia Optima, the soul and Rio; and the Hyundai I10, I20 and I40. The full list of vehicles where researchers have found that their immobilizers have cryptographic flaws:
University of Birmingham and Ku Leven
Although the list also includes the Tesla S, researchers reported the DST80 vulnerability to Tesla last year, and the company released a firmware update that blocked the attack.
Toyota has confirmed that the cryptographic vulnerabilities discovered by the researchers are real. But their technique is probably not as easy to carry out as the "squadron" attacks that thieves have used to repeatedly steal luxury cars and SUVs. These generally only require a pair of radios to extend the range of a key fob and to open and start a victim's car. You can also pull them through the walls of a building from a distance.
In contrast, the clone attack developed by researchers from Birmingham and KU Leuven requires a thief to scan a target key fob with an RFID reader from just an inch or two away. And because the key cloning technology is aimed more at the immobilizer than the keyless entry system, the thief has to somehow turn the ignition cylinder – the cylinder in which you put your mechanical key.
This adds to the complexity, but researchers find that a thief could simply turn the barrel with a screwdriver or hot wire the car's ignition switch, as car thieves did before the introduction of immobilizers to neutralize these techniques. "They take security down to 80s levels," said Flavio Garcia, a professor of computer science at the University of Birmingham. And unlike relay attacks, which only work within the range of the original key, once a thief has determined the cryptographic value of a trailer, the target car can start and drive repeatedly.
The researchers developed their technique by buying a collection of electronic immobilizer control units from eBay and reverse-engineering the firmware to analyze how they communicated with key fobs. They often found it too easy to crack the secret value that Texas Instruments DST80 encryption used for authentication. The problem is not in the DST80 itself, but in the way the automakers have implemented it: for example, the cryptographic key of the Toyota trailers was based on their serial number and also transmitted this serial number openly when it was scanned with an RFID reader has been. The Kia and Hyundai keychains used 24-bit randomness instead of the 80-bit that the DST80 offers, making their secret values easy to guess. "This is a mistake," says Garcia. "Twenty-four bits are a few milliseconds on a laptop."
When WIRED asked the affected automakers and Texas Instruments for a comment, Kia and Texas Instruments did not respond. In a statement, however, Hyundai stated that none of the affected models are sold in the United States. The company "continues to monitor the field for current exploits and is making significant efforts to stay ahead of potential attackers." It also reminded customers "to be diligent about who has access to their vehicle 's key fob.
Toyota replied in a statement that "the vulnerability described applies to older models because current models have a different configuration." The company added that "this vulnerability poses a low risk to customers because the methodology requires both access to the physical key and a highly specialized device that is not widely available in the market." The researchers disagreed on this point and found that none of their research required hardware that was not readily available.
In order to prevent car thieves from repeating their work, the researchers left certain parts of their method of cracking the key fob encryption of the automakers out of their published article – although this would not necessarily prevent less ethical hackers from reverse engineering the same hardware . With the exception of Tesla, the researchers said none of the cars whose immobilizers they were investigating could fix the program with a software patch that was downloaded directly to cars. The immobilizers could be reprogrammed if the owners take them to dealers. However, in some cases you may need to replace the key fobs. (None of the affected automakers contacted by WIRED mentioned the intention to offer this.)
Nevertheless, the researchers decided to publish their results to reveal the actual state of immobilizer safety and to allow car owners to decide for themselves whether this is enough. Protective car owners with hackable immobilizers could opt for a steering wheel lock, for example. "It's better to be in a place where we know what kind of security we get from our security devices," says Garcia. "Otherwise only the criminals know."
This story originally appeared on wired.com.