How safe is your vehicle’s keyless system? A group of researchers have discovered two types of attacks that compromise the keyless system and unlock millions of cars, most of which are distributed by Volkswagen.
Car theft is a dynamic field. Thieves devise new methods of stealing cars every day. Nowadays, criminals use electronic devices to unlock cars. The shift in theft process is because most cars now operate like computers. With the discovery of these two new methods of attacks, manufacturers can prevent future theft related to keyless systems.
The first method of attack involves the Volkswagen vehicles. The attack is pretty easy to pull off as it does not warn the driver that the car is under attack. The attack requires the hacker to reverse engineer one of the internal components in the door unlocking system. The researchers claim that they managed to obtain one of the cryptographic key values, which happen to be shared among millions of Volkswagen vehicles.
Apparently, Volkswagen uses only four distinct cryptographic key values. The attacker needs another value, which is easy to obtain by intercepting radio frequency between the remote and the car. To get the value from the target vehicle, you only need to eavesdrop once. With the two values, the attacker can clone a remote control for the vehicle and steal it.
To intercept the radio frequency between the remote and the car, the attacker can be as much as 100 meters away. The Volkswagen group controls 12% of the global automobile market, meaning millions of cars are affected. The Volkswagen Group, apart from Volkswagen models, owns Audi, Skoda, Porsche, Bentley, Lamborghini, SEAT and Bugatti.
The second attack the researchers discovered exploits the HiTag2 cryptographic scheme, which is a little old, but still widely used in vehicles such as Peugeot, Renault, Nissan, Opel, Citroen, Alfa Romeo, Mitsubishi, Ford, Chevrolet and Fiat.
This hack does not need the attacker to extract a key value from the internal components of the vehicle. The attacker will use a radio intercepting tool to intercept eight codes from the transmission between the remote and the vehicle. In modern vehicles, the eight codes change unpredictably with every press. The most successful way to get all the codes is to jam the transmission so that the driver presses the button as many times as required.
With the codes, the attacker will apply cryptographic skills to mimic the remote control of the target vehicle. Like the previous hack, this also affects an overwhelming number of vehicles. The researchers plan to disclose their findings at the USENIX Security Symposium in Austin Texas this week.
The researchers, from the University of Birmingham, are focusing on unlocking the cars. But a thief can do so much after unlocking the car.