Thursday, 20 August 2015

Hackers Crack Key Fob Encryption Used by More Than 25 Automakers

Leave a Comment
http://ift.tt/1NnvQkm

Key Fob

Modern transponder-equipped car keys are supposed to be ultra-safe: The chip-keys and key fobs communicate with readers inside the car, only allowing the car to start once a secret digital password has been transmitted. But a team of security researchers says they’ve figured out a way to circumvent the system used by some of the world’s largest automakers—and that Volkswagen Group used a lawsuit to keep their findings from going public for more than two years.

London’s Daily Mail reports that three researchers have found a security loophole in the Megamos Crypto transponder, the in-car electronic device that confirms the key or keyless transponder present inside the car is genuine before allowing the car to start. Megamos Crypto transponders are found in numerous models from Audi, Honda, Volkswagen, Volvo, and many other carmakers.

List of vehicles affected by the Megamos Crypto hack

List of vehicles affected by the Megamos Crypto hack. Models listed in bold were tested by the researchers; the rest were extrapolated since they utilize the affected electronics.

As the Daily Mail explains, the system is supposed to be uncrackable: the 96-bit code exchanged between the key and vehicle means there are “countless billions of possible combinations,” making a random guess virtually impossible. But the hackers discovered that by listening in to the radio communication between the key and the car just twice, they were able to narrow down the number of guesses it would take to crack the code to just 196,607 attempts. For a computerized “brute force” system, which the hackers were able to build, such a feat could take less than 30 minutes—and once the proper code is found, making a duplicate key that works just like the original is easy.

“It’s a bit like if your password was ‘password,'” Flavio D. Garcia, one of the researchers, told the Daily Mail.

The researchers presented these findings in a paper and a lecture at the Usenix digital security conference in Washington, DC, last week. But they first found the vulnerability in the system all the way back in 2012. Why did it take so long for the discovery to go public? When the researchers first discovered the fault, they went to Megamos with their findings, offering to keep their discovery private for nine months while the Swiss chipmaker found a solution. But in 2013, the Daily Mail reports, Volkswagen sued the researchers individually, and the universities that employ them, to block them from publishing their findings.

The settlement which finally led to the research being published hinged around a compromise: The researchers agreed to omit one crucial line from their paper, “a pivotal detail which could allow a non-technical person to work out the hack,” Daily Mail reports. Volkswagen told the paper that the hack takes “considerable complex effort” and that its latest cars aren’t vulnerable.



This hack was revealed on the heels of research by ethical hacker Samy Kamkar, whose RollJam device can crack the code used by some of the most popular keyless entry remotes, and who built a hand-held device that was demonstrated to remote-unlock and start any vehicle connected to the OnStar smartphone app. GM says it’s since fixed the loophole that allowed the latter hack.

This entry passed through the Full-Text RSS service - if this is your content and you're reading it on someone else's site, please read the FAQ at http://ift.tt/jcXqJW.



from Car and Driver Blog http://ift.tt/1JlaBx9
via IFTTT

0 comments:

Post a Comment