07 March, 2020

Millions of cars anti-theft systems left vulnerable to hacking

Computer scientists have found that cars from manufacturers including Toyota, Kia, and Hyundai have security vulnerabilities in their anti-theft systems.

The “serious flaws” are associated with the immobiliser systems of these cars. The immobiliser system is included in vehicles in order to prevent car theft; the system locks the ignition of a vehicle, preventing it from starting without a key.

“In many cases, the underlying cryptographic primitives used to authenticate a transponder are proprietary in nature and thus not open to public scrutiny,” the researchers wrote [PDF]. They focused on the Texas Instruments DST80 encryption, found in the immobilisers of cars from various manufacturers.

Researchers from the University of Birmingham, UK, and Belgium’s LU Leuven reverse-engineered the firmware and were able to easily find the encryption keys for the immobilisers.

In some Toyota vehicles, the encryption key was based on a serial number also broadcast with the fob signal (significantly reducing the number of random bits a hacker would need to run through in order to find the key). Some Kia and Hyundai cars use 24 random bits of protection, although the DST80 system supports 80 bits. University of Birmingham computer scientist Professor Flavio Garcia told Wired magazine – which first reported the study – that identifying the 24 bits would take “a couple of milliseconds on a laptop”.

This vulnerability could allow an attacker to use a cheap RFID reader/transmitter device near the key fob to trick the immobiliser system into unlocking. This would require the attacker to come close to the legitimate fob, scan it with their own RFID device and then use this information to determine the encryption key and clone it with the same RFID device. This device could then be used to disable the immobiliser.

With the immobiliser disabled, the only obstacle preventing the attacker from starting the engine would be the ignition barrel (key slot), which can be defeated with tried-and-tested hot-wiring techniques.

Models which the computer scientists confirmed to be affected are Toyota’s Camry, Corolla, RAV4 and Highlander vehicles; Kia’s Optima, Soul and Rio; and various Hyundai hatchbacks. However, further models could be affected.

Although the Tesla S previously had the same vulnerability, Tesla has since updated its firmware. The researchers told Wired that this was the only model they had identified as being at risk which had the capability to fix the issue.

Visit the Engineering and Technology website for more information

Link : https://eandt.theiet.org/content/articles/2020/03/millions-of-cars-anti-theft-systems-vulnerable-to-hacking/