Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

Credit to Author: Andy Greenberg| Date: Thu, 05 Mar 2020 12:00:00 +0000

Over the past few years, owners of cars with keyless start systems have learned to worry about so-called relay attacks, in which hackers exploit radio-enabled keys to steal vehicles without leaving a trace. Now it turns out that many millions of other cars that use chip-enabled mechanical keys are also vulnerable to high-tech theft. A few cryptographic flaws combined with a little old-fashioned hot-wiring—or even a well-placed screwdriver—lets hackers clone those keys and drive away in seconds.

Researchers from KU Leuven in Belgium and the University of Birmingham in the UK earlier this week revealed new vulnerabilities they found in the encryption systems used by immobilizers, the radio-enabled devices inside of cars that communicate at close range with a key fob to unlock the car's ignition and allow it to start. Specifically, they found problems in how Toyota, Hyundai, and Kia implement a Texas Instruments encryption system called DST80. A hacker who swipes a relatively inexpensive Proxmark RFID reader/transmitter device near the key fob of any car with DST80 inside can gain enough information to derive its secret cryptographic value. That, in turn, would allow the attacker to use the same Proxmark device to impersonate the key inside the car, disabling the immobilizer and letting them start the engine.

The researchers say the affected car models include the Toyota Camry, Corolla, and RAV4; the Kia Optima, Soul, and Rio; and the Hyundai I10, I20, and I40. The full list of vehicles that the researchers found to have the cryptographic flaws in their immobilizers is below:

A list of the cars the researchers say are vulnerable to their immobilizer-disabling attack. Although the list includes the Tesla S, Tesla pushed out an update last year to address the vulnerability.

Though the list also includes the Tesla S, the researchers reported the DST80 vulnerability to Tesla last year, and the company pushed out a firmware update that blocked the attack.

Toyota has confirmed that the cryptographic vulnerabilities the researchers found are real. But their technique likely isn't as easy to pull off as the "relay" attacks that thieves have repeatedly used to steal luxury cars and SUVs. Those generally require only a pair of radio devices to extend the range of a key fob to open and start a victim's car. You can pull them off from a fair distance, even through the walls of a building.

By contrast, the cloning attack the Birmingham and KU Leuven researchers developed requires that a thief scan a target key fob with an RFID reader from just an inch or two away. And because the key-cloning technique targets the immobilizer rather than keyless entry systems, the thief still needs to somehow turn the ignition barrel—the cylinder you slot your mechanical key into.

That adds a layer of complexity, but the researchers note that a thief could simply turn the barrel with a screwdriver or hot-wire the car's ignition switch, just as car thieves did before the introduction of immobilizers neutered those techniques. "You're downgrading the security to what it was in the '80s," says University of Birmingham computer science professor Flavio Garcia. And unlike relay attacks, which work only when within range of the original key, once a thief has derived the cryptographic value of a fob, they can start and drive the targeted car repeatedly.

The researchers developed their technique by buying a collection of immobilizers' electronic control units from eBay and reverse-engineering the firmware to analyze how they communicated with key fobs. They often found it far too easy to crack the secret value that Texas Instruments DST80 encryption used for authentication. The problem lies not in DST80 itself but in how the carmakers implemented it: The Toyota fobs' cryptographic key was based on their serial number, for instance, and also openly transmitted that serial number when scanned with an RFID reader. And Kia and Hyundai key fobs used 24 bits of randomness rather than the 80 bits that the DST80 offers, making their secret values easy to guess. "That's a blunder," says Garcia. "Twenty-four bits is a couple of milliseconds on a laptop."

"You're downgrading the security to what it was in the '80s."

Flavio Garcia, University of Birmingham

When WIRED reached out to the affected carmakers and Texas Instruments for comment, Kia and Texas Instruments didn't respond. But Hyundai noted in a statement that none of its affected models are sold in the US. It added that the company "continues to monitor the field for recent exploits and [makes] significant efforts to stay ahead of potential attackers." It also reminded customers "to be diligent with who has access to their vehicle’s key fob.

Toyota responded in a statement that "the described vulnerability applies to older models, as current models have a different configuration." The company added that "this vulnerability constitutes a low risk for customers, as the methodology requires both access to the physical key and to a highly specialized device that is not commonly available on the market." On that point, the researchers disagreed, noting that no part of their research required hardware that wasn't easily available.

To prevent car thieves from replicating their work, the researchers say they left certain parts of their method for cracking the carmakers' key fob encryption out of their published paper—though that wouldn't necessarily prevent less ethical hackers from reverse-engineering the same hardware the researchers did to find the same flaws. With the exception of Tesla, the researchers say, none of the cars whose immobilizers they studied had the ability to fix the program with a software patch downloaded directly to cars. The immobilizers could be reprogrammed if owners take them to dealerships, but in some cases they might have to replace key fobs. (None of the affected carmakers contacted by WIRED mentioned any intention of offering to do so.)

Even so, the researchers say that they decided to publish their findings to reveal the real state of immobilizer security and allow car owners to decide for themselves if it's enough. Protective car owners with hackable immobilizers might decide, for instance, to use a steering wheel lock. "It's better to be in a place where we know what kind of security we're getting from our security devices," Garcia says. "Otherwise, only the criminals know."

https://www.wired.com/category/security/feed/