In recent years, increasingly there is information about the hacking of modern cars with fake key. If earlier hackers used keys with remote control, now it turned out that for cloning a protected immobilizer enough screwdriver, skill, and devices that everyone is free to buy.
A new vulnerability was discovered by researchers from KU Leuven in Belgium and University of Birmingham in the UK. They described the possibility of burglary immobilizer with holes in the encryption. This problem was discovered in Toyota cars, Hyundai and Kia, which use encryption system Texas Instruments called DST80.
For hacking hacker you need to get a RFID device Proxmark, which allows us to consider cryptographic information with the immobilizer. After that, he can start the engine of another car without any restrictions. Earlier in the list of affected cars were Tesla S, but the company has released a firmware update that eliminated the problem.
The researchers turned to automakers for comment, but they said that information is either outdated or applies to models, not included on the U.S. market. In addition, they noted the important fact that scanning requires that you bring a hacking device at a distance of not more than five centimeters from the immobilizer.
The list of cars vulnerable to hacking
Researchers do not agree with the conclusions of automakers, indicating that this type of vulnerability is far more dangerous than it seems. According to them, he’s cast a protection system in the 80-ies. Additionally, they analyzed the key automakers on the level of cryptographic protection. The results showed that the cryptographic key Toyota Fobs openly passed on their serial number when scanning with the RFID reader. Trinkets Kia and Hyundai only used a 24-bit encryption and 80-bit DST80 which offers. The researchers note that this is a gross violation of accepted norms, which greatly reduces the security.