Jump to content
Forums Gone... but not forgotten!

Tired of these Ads? Register Today!

  • Welcome to Forever Pontiac

    We are a community of Pontiac enthusiasts. The purpose of our community is to keep alive the Pontiac spirit by sharing (or showing off) our cars, discussing Pontiac, helping each other work on our cars and find information, plus attend various meets/shows/etc... To aid discussion, sharing, event planning and selling of parts/cars/anything, we have various parts of the website to aid this from Forums to an online Garage to Classifieds to even a Document Download Repository. You can find links to these in our navigation above based on what each section helps with (discussion, local events, learning, etc...).

    We invite you to contribute, find help or just view some of our member's amazing cars! Don't forget, we also have great contests from time to time (like our Pontiac of the Month and yearly calendar contest) and our Pontiac This OR That, a fun game where you choose the best of two randomly selected Pontiacs from our online garage.

    We look forward to seeing you around!

Archived

This topic is now archived and is closed to further replies.

FeedBot

Car and Driver: Study: Key Fobs of 100 Million Cars Vulnerable to Easy Hacks

Recommended Posts

Man's at car using remote control key

-

Insurance companies have long suspected that thousands of theft reports from allegedly locked cars in recent years were really nothing more than insurance fraud. New evidence suggests many of those reports may be real.

-

Researchers from the University of Birmingham in the United Kingdom and consulting firm Kasper-Oswald say key fobs for nearly 100 million cars worldwide contain outdated security precautions that leave them vulnerable to thieves. With little more than some technical knowhow and $40 in equipment from Radio Shack, thieves could clone the codes that run keyless entry systems and gain access to cars without leaving a trace.

-

-

Or worse, criminals could easily bypass equally weak security measures in the immobilizers that are supposed to prevent thieves from starting a car’s engine.

-

Much of the research concentrated on vehicles made by the Volkswagen Group, including, Audi, Seat, and Skoda. Researchers say VW’s vehicles are particularly vulnerable because the company has used only four basic schemes for protecting its remote-keyless entry systems since 2002.

-

Attacks could be “highly scalable and could be potentially carried out by an unskilled adversary,” wrote the study’s authors, who are scheduled to present their paper, “Lock It And Still Lose It,” Friday at the USENIX Security Conference in Austin, Texas. “Since they are executed solely via the wireless interface, with at least the range of the original remote control and leave no physical traces, they pose a severe threat in practice.”

-
-
-
We can unfortunately only recommend to stop using or disable/remove the remote keyless entry part of the car key.
-
-
-

This isn’t the first time the University of Birmingham researchers have investigated Volkswagen’s security measures. A previous study, conducted in 2012, unearthed similar problems with a 96-bit code exchanged between the key fob and vehicle. But the researchers didn’t release those findings until last year—Volkswagen sued them to prohibit publication of the results.

-

This time around, the researchers say they’ve omitted information from their publicly available report that would identify cryptographic keys, part numbers of vulnerable electronic control units, and details about their reverse-engineering process, information that would make it easy for criminals to follow in their footsteps.

-

Their latest work examined two specific areas. First, they determined how to eavesdrop upon and clone the signals sent by Volkswagen remote fob and then match the cryptographic algorithms and keys kept on the vehicle’s electronic control units. Second, they found ways to similarly clone signals sent on another type of cryptographic protection called Hitag2, which has been used since 1996 by automakers including General Motors, Peugeot, Renault, Alfa Romeo, and Ford.

-

Salesman holding out car key in automobile showroom

-

The Hitag2 protections are more complex than the four general schemes used by Volkswagen. They rely on rolling codes that change each time car owners press the button on their key fobs. But the researchers found a way to eavesdrop on these exchanges and narrow the possibilities to the point they can break the codes in approximately one minute.

-

Breaching the Hitag2 security required the researchers to intercept at least four of the rolling codes initiated by the press of the key fob button. Researchers suggested a criminal could jam the signal, which would encourage a targeted car owner to keep pressing their key fob buttons and, thus, quickly cycle the codes.

--

Because both the Volkswagen and Hitag2 security measures have been in place for more than a decade, the findings suggest roughly 100 million vehicles are vulnerable worldwide. The researchers say that a large-scale attack targeting Volkswagen vehicles is possible via an automated approach that could affect all cars in a single area, such as a mall parking area or a dealership lot.

-

In a written statement, Volkswagen spokesperson Mark Gillies says the company “takes the security of our customers and their vehicles very seriously. Volkswagen’s electronic and mechanical security measures are continuously being improved. Volkswagen is in contact with the academics mentioned and a constructive exchange is taking place.”

-

But the researchers are skeptical that there’s a simple solution that would better protect current car owners. “We can unfortunately only recommend to stop using or disable/remove the remote keyless entry part of the car key,” they wrote, “and fall back to the mechanical lock.”

-wRpMCYziicM

Read Full Article

Share this post


Link to post
Share on other sites

Tired of these Ads? Register Today!


Tired of these Ads? Purchase Enhanced Membership today to remove them!
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.