Researchers have disclosed two remote keyless system attack methods that can be exploited by thieves to clone entry remotes and unlock millions of cars worldwide.
The fact that various functions of a moving car can be hijacked by a hacker with local or remote access is not a secret, but most attacks are not easy to carry out in the real world. There are, however, certain types of vulnerabilities that have a serious immediate impact – weaknesses that allow thieves to open and start cars.
There have been numerous cases over the past years where thieves used electronic devices to open or start vehicles and manufacturers haven’t always been able to figure out exactly how it’s done. However, security researchers have also discovered some attack methods that might have been used or ones that could be leveraged in the future.
Last year, researchers from Radboud University in the Netherlands and the University of Birmingham in the U.K. disclosed a vulnerability in vehicle immobilizers that could have been exploited to start the engine on various car models, including luxury brands. The issue was discovered in 2012, but Volkswagen filed a lawsuit against the experts to prevent them from making their findings public.
At the USENIX Security Symposium taking place these days in Austin, TX, a team of researchers from the University of Birmingham is disclosing new findings, this time focusing on vulnerabilities in remote keyless entry (RKE) systems.
When a vehicle owner presses the button on the electronic remote to lock or unlock the doors, the command is sent via signals generated by a radio frequency transmitter. In modern vehicles, RKE systems use cryptography and a counter value to generate a rolling code signal. The vehicle decrypts the signal and verifies the counter value to ensure that it’s new in an effort to prevent replay attacks.
The Volkswagen Group has a global market share of roughly 12 percent and owns the Audi, Bentley, Bugatti, Lamborghini, Porsche, SEAT, Skoda and Volkswagen brands. However, researchers found that the company has used only a handful of global cryptographic keys to secure this signal in the past 20 years.
Malicious actors who obtain these crypto keys can use them to decrypt the signal from a victim’s remote control. According to researchers, thieves could intercept the signal from up to 100 meters (330 feet), decrypt it, and use the information to create a clone of the original remote control.
Experts believe a large number of vehicles manufactured by the VW Group between 1995 and 2016 are affected, including Audi, VW, SEAT and Skoda models – many of which have been practically tested by the researchers. The carmaker sold roughly 100 million cars between 2002 and 2015 and a large majority are likely vulnerable. Newer models, such as the VW Golf 7, rely on a new platform that is not affected.
Since completely addressing this security bug is not an easy task for the VW Group, researchers believe the only somewhat practical countermeasure is to deactivate or refrain from using the RKE functionality and resort to the mechanical lock.
A second attack method discovered by researchers involves the Hitag2 rolling code scheme, which is used in many cars, including Alfa Romeo, Chevrolet, Opel, Peugeot, Renault and Ford models. In the case of Hitag2, the scheme does not rely on fixed cryptographic keys, but experts determined that the cryptographic key for a certain vehicle can be recovered based on 4-8 rolling codes.
If an attacker can intercept these rolling codes, they can recover the cryptographic key within minutes using a regular laptop – assuming that they have figured out the algorithm. What makes this attack more difficult is that the thief would need to follow the victim around to capture the signal sent after the button was pressed several times on the remote control.
Another possibility is to selectively jam the signal to prevent the door from locking/unlocking. The victim would likely press the button multiple times, allowing the attacker to intercept the needed codes in quick succession.
“The necessary equipment to receive and send rolling codes, for example SDRs like the USRP or HackRF and off-the-shelf RF modules like the TI Chronos smartwatch, are widely available at low cost. The attacks are hence highly scalable and could be potentially carried out by an unskilled adversary,” researchers said. “Since they are executed solely via the wireless interface, with at least the range of the original remote control (i.e. a few tens of meters), and leave no physical traces, they pose a severe threat in practice.”
Some technical information on these attacks is available in the whitepaper published by the researchers, although some details have not been disclosed in order to prevent abuse.