All your cars are belong to us

https://aachen.ccc.de/keyless-gone/

Anyone speaking German find anything more in the articles?
Basically they used a relay attack - bridging the gap between car and key with special radio equipment (which isn't difficult to make) and relaying the signals between car and key over a distance. This allows a two-people team to steal a car: The driver stays by the car with one end of the radio bridge, the other follows the car owner with the second end. Car opens, thief enters, radio relay simulates the key being inside the car, thief drives away to safehouse.

The article mentions that they cracked every car they tried with the exception of Audis, but suspect this is only due to using the wrong radio frequency on their proof of concept.

Summary: Nothing new. "Keyless Go" systems are insecure because the principle they work on has a very obvious flaw. I don't know if and how that can be fixed by adding appropiate encryption, and the article doesn't focus on that.

My personal opinion: It's long overdue that insurance companies hit cars with "Keyless Go" features with higher premiums so people stop buying them until the carmakers close the gaping security hole.
 
Last edited:
Summary: Nothing new. "Keyless Go" systems are insecure because the principle they work on has a very obvious flaw. I don't know if and how that can be fixed by adding appropiate encryption, and the article doesn't focus on that.

My personal opinion: It's long overdue that insurance companies hit cars with "Keyless Go" features with higher premiums so people stop buying them until the carmakers close the gaping security hole.

Thanks.
 
Basically they used a relay attack - bridging the gap between car and key with special radio equipment (which isn't difficult to make) and relaying the signals between car and key over a distance. This allows a two-people team to steal a car: The driver stays by the car with one end of the radio bridge, the other follows the car owner with the second end. Car opens, thief enters, radio relay simulates the key being inside the car, thief drives away to safehouse.

The article mentions that they cracked every car they tried with the exception of Audis, but suspect this is only due to using the wrong radio frequency on their proof of concept.

Summary: Nothing new. "Keyless Go" systems are insecure because the principle they work on has a very obvious flaw. I don't know if and how that can be fixed by adding appropiate encryption, and the article doesn't focus on that.

My personal opinion: It's long overdue that insurance companies hit cars with "Keyless Go" features with higher premiums so people stop buying them until the carmakers close the gaping security hole.

If they could design the fobs to have extremely precise response times (doesn't have to be fast, just reliable, like 50 ms +/- 0.1 ?s), they could use that to calculate its real distance from the car, thus foiling any relay attacks.
 
I read part of that yesterday. This is going to hurt JD in the long run.
 
I read part of that yesterday. This is going to hurt JD in the long run.

I think putting software this restrictive into farming equipment in the first place is the thing that will hurt a company like JD in the long run ...
 
So after all of this why the fuck do people want all this damn technology in their cars? Been screaming about this for at least 10 years but I'm really concerned people are too dumb and impressed with all the shiny stuff to see what's happening to them. LOL :)
 
Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars


Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars.

The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations.

Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars.

The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations.

"Currently, I'm using a Raspberry Pi B+ ($25), a Wi-Fi dongle ($2) and a TV dongle ($8), but the Raspberry Pi B+ and WiFi dongle could both be replaced with a single Raspberry Pi Zero W ($10), which has WiFi on board," Wimmenhove told Bleeping.

"Then you need a 433MHz antenna ($1) and an MCX to SMA convertor ($1) to stick the antenna onto the dongle," he added. "Finally, you need something to power the thing. I'm assuming most people have some kind of Lithium-Ion power bank laying around. If not, they don't cost much either."
Several Subaru models affected

Wimmenhove tested the rig on his own 2009 Subaru Forester, but says the exploit should also work on the following models:
2006 Subaru Baja
2005 - 2010 Subaru Forester
2004 - 2011 Subaru Impreza
2005 - 2010 Subaru Legacy
2005 - 2010 Subaru Outback


Subaru is aware but has not patched the issue

The researcher also said he reached out to Subaru about his findings.

"I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told Bleeping. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."

Subaru did not respond to three requests for comment from Bleeping Computer made over 36 hours before publication.

The code needed to run Wimmenhove's attack rig, along with instructions, are now on GitHub. Bleeping Computer is not sharing the link in this article.


 
Sequential codes FFS!!!!
 
Now that is quite clever. Only works once though, once they shut the car off, it will not be able to start again......as the key is physically not present to clone again. However, since all these cars will be parted out anyways, I guess it doesn't matter........
 
Now that is quite clever. Only works once though, once they shut the car off, it will not be able to start again......as the key is physically not present to clone again. However, since all these cars will be parted out anyways, I guess it doesn't matter........

during the relaying, they can't store the keys fingerprint?
so the car thinks the key is present?
 
"In this shocking footage" - shows a slide show of photos
"Store your keys in a metal tin" - why? So thieves don't have to use the signal jammer? How would storing the keys in a metal box prevent someone from using a duplicate key?
That music gave me ear-cancer.
 
Blind_Io;n3546978 said:
"Store your keys in a metal tin" - why? So thieves don't have to use the signal jammer? How would storing the keys in a metal box prevent someone from using a duplicate key?

it wouldn't stop them from lifting your car on a flatbed and taking off either
 
Top