To anyone with any background at all in computer security, this is such a "duh" moment. If Sony et al can't secure their massively important corporate infrastructure, what are the odds your car's wireless computers are secure in any way? They aren't, they knew it, and you knew it. Sorry.
It'll be interesting to watch the fallout from these obviously-present vulnerabilities. I see three possible outcomes, in decreasing order of likelihood: status quo, where they just "fix" the bugs as they hit the news; some sort of massive push towards real computer security, in this and other industries; or a massive reduction in features to avoid the flaws.
This is really just another symptom of the current state of computer security, best described as "a joke." My guess is in 50 years we'll have decent computer security. There's nothing that precludes it in theory. But it's going to be an ugly, ugly couple of decades while we pay off the wave of computer-security-debt that we have been riding.
Yeah, that's kind of a weird comparison. You can't really tailgate someone through a car door to gain physical access, or social engineer your way to the car's server closet, or spam the car's employees with phishing e-mails.
What I want to know is why the car will continue to accept 100 trial keys per second after the first 100,000 attempts failed.
Shouldn’t there be some kind of exponential back-off after failures? If after the first 1000 failed keys it would only accept e.g. one new try every few seconds, it would then take 2–3 orders of magnitude more time to brute force.
It doesn't: according to the paper, when someone turns the ignition key, they car will generate about 20 challenges to the key fob, and if the fob does not successfully authenticate any of them, the car will give up and not start.
The attack works by overhearing the exchange between the car and the key fob, and then doing an somewhat brute-force analysis to calculate what the secret key on the fob must have been.
Could someone explain why there is no delay after each failed attempt? The system allowed 197k brute force attempts in 30 minutes. I just cannot wrap my head around it.
I tried reading the paper (not an expert). In the recommendation section, it does not suggest implementing a delay either. Is it just not physically possible with RFID?
I mean, a 4 digit pin with a 5 second delay would take 14 hours for all combinations (better than the half hour with Megamos)???
I have to be missing something.....It can't be this easy.....
As the previous comment says, there's a requirement to eavesdrop on at least one successful authentication.
My guess is that they're then doing the brute-forcing "offline", not against the vehicle's system. If you know the algorithm and the keysize, and you can see one successful authentication, you could ship the work of workig out which key replicates the authentication you just saw off to AWS or custom hardware (I wonder how readily Bitcoin mining ASICs can be tweaked to attack embedded or IoT authentication?) (Though it seems there's flaws somewhere in the crypto anyway - they somehow broke a 96bit key with under 2^18 attempts...)
People always say this about physical tech, but the difference is ease and scalability. Slashing all the car tires in a block is harder and more traceable than sending out a small RF signal.
Wouldn’t you need to have a device actively running within a few feet of the vehicle to run such an attack? Couldn’t the car start blaring an alarm or something in that case?
> Wouldn’t you need to have a device actively running within a few feet of the vehicle to run such an attack?
Nope. Just a high-gain antenna.
> Couldn’t the car start blaring an alarm or something in that case?
It could. But that might not help.
For example: you're driving your Mazerati down the road when it suddenly stops and the alarm goes off. The next day you get a letter saying, "If you don't want yesterday's little incident to become a regular event, send BTC500 to the following address...."
If I get out of my car with the engine still running it starts beeping. I don't know if it will actually turn the engine off, but it obviously knows that the key has departed the vehicle.
My car also beeps when it detects that the key has left the car. The engine keeps running, but you obviously cannot turn it on again once you turn it off.
I had it happen without me leaving the seat (e.g. my wife has the keys in her bag/pocket, I had been driving, and she gets off the car to unarm the home alarm). The car is turned on by pressing a button, not by turning the key.
That seems like a reasonable setup. I'm having difficulty imagining how that could be hacked into the blackmail situation described above, since the sure way to avoid the beep is to keep the fob in the car.
What if the car was parked in a handicapped spot near entrance of a football stadium? It could conceivably receive enough incorrect RFID signals to trigger a back-off.
Since this is an anti-theft system, not a safety system, I can totally see that VW made a rational decision "it's better for the anti-theft system to let a thief steal the car 50 times than for one person to legitimately get locked out of their car."
I don't know anything about the protocols involved, but it would be possible for the first message to be "I'm a key that would like to unlock the vehicle with VIN# 123abc...". In that case there would be no mistaken protocol runs.
There is no key as such. The fob for my Hyundai never leaves my pocket. Just by standing next to the car, the unlock button on the door is enabled. So if I walk up and push the button, it unlocks. If I'm not around, the button does nothing.
So there's no discernible event from the fob, as far as I can see. It's just a "this is me" signal.
I guess the Hyundais I've driven were different, in that the unlock button was on the fob rather than on the car door. Could you say, if you have multiple cars, does the fob work with all of them? I doubt that's the case, so I don't see why your "this is me" signal couldn't actually be a "this is me, fob 123ABC..., and I can authenticate with the vehicle with VIN# 123abc...".
your "this is me" signal couldn't actually be a "this is me, fob 123ABC..., and I can authenticate with the vehicle with VIN# 123abc..."
You're right, that might be it.
the unlock button was on the fob rather than on the car door
Let me clarify: the fob does have buttons for lock, unlock, panic, and open trunk. But I don't normally use them. My normal usage is as I described: just walk up with the fob in my pocket, and press the button on the door handle.
I don't think a high traffic spot could ever cause an issue with this, unless each person tried to start your car. I believe this is referring to the immobilizer chip in the key that allows turning the key to start the engine. Incidentally, this is probably the chip that means that if you lose your key, you can't just get a new one cut, you need to get a new chip too.
I assume the software/hardware is so simple and specific that adding something like back off blocking would require memory chips, software, timers etc increasing the complexity dramatically.
According to TFA, they "overheard 2 communications between the keyfob and the transponder", which reduced the number of possible keys to 196,607. This was brute-forceable in half an hour. So the answer is both - the algorithm was flawed enough to reduce the strength, but they were brute forcing it the rest of the way.
2 communications isn't much at all. Getting something from your car and locking it back up is all it takes.
It was a general point about the state of computer security. In 2015, if you're connecting a computer to the internet, you're vulnerable. If your computer has non-trivial wireless functionality (in this case, keyless entry), you're vulnerable. The only question is whether someone cares enough to hack you, in particular.
"I see three possible outcomes, in decreasing order of likelihood: status quo, where they just "fix" the bugs as they hit the news; some sort of massive push towards real computer security, in this and other industries; or a massive reduction in features to avoid the flaws."
Only one of those three is the correct answer, and it is the third one.
Your car does not need a wireless network - since you have a newer, nicer one in your pocket every 18 months.
Neither does your refrigerator nor your smoke detector.
These are self-inflicted problems and they're easy to solve - just remove the gratuitous complexity.
The article isn't about people remotely taking over cars or disabling cars. It's that the anti-theft system has a flaw. That's not nothing, but it doesn't put anyone's safety at risk.
In particular, it's not necessarily worse than the status quo ante. Cars had mechanical locks, which were pickable. A "slim jim" could unlock many cars. Once you were in the door, you could hotwire the ignition. So to be able to defeat a computerized anti-theft system... no gain from the computerization, but is there any loss from it?
The difference is that physical attacks require 1) individual skills and 2) prolonged physical contact in compromising pose.
Where every single thief had to be a skilled lockpicker before, now you just need a few specialized crackers and then you can mass-produce user-friendly hacking devices or even downloadable software.
Where a thief had to spend several minutes in a compromising pose near the car, often carrying suspicious tools, now he can just sit on a bench nearby, wait for the magic click and then choose the right moment to stroll in. A passerby might as well think he's the owner.
a thief had to spend several minutes in a compromising pose near the car
A couple of weeks ago I saw someone using a slimjim, and I did nothing. I have never done anything in reaction to a car alarm. I'm not sure that thief's pose is sufficiently compromising.
Exactly. And it's insanely easy to physically break into a car. If you have the chance, watch a pop-a-lock guy. They essentially bend your car door backward at the upper portion, and then stick something into your car to pull the lock up. Not difficult.
Its not a matter of difficulty, but of reproducibility.
Mechanical locks imply that each individual thief needs to learn how pick locks. With computerized locks, you only need one hacker to crack the security for each model of car, and then a bunch of two-dime thugs will only need to download the app and get going in with the car-thief franchise.
Most people do not have a background in security so this is anything but a 'duh' moment for them. The more news like this that makes it to the mainstream media, the more hopeful I am that regular folks will learn the state of security today.
I have a Passat from late 2013 -- it cannot be remotely started but doors are keyless. Twice in the last 16 months, somebody rummaged through it overnight, without breaking anything. We religiously close the car every night, especially after the first occurrence, but still it happened again. After it happened to my next-door neighbor's 2013 Golf as well, I reported it to VW and they never even bothered getting back to me.
I'm not surprised in the slightest, I think this sort of news will keep popping up all over the place and manufacturers will keep trying hard to suppress it. We know it will never end: good crypto is hard and inconvenient, so it's unlikely that car manufacturers will ever implement it properly. Bad guys get all the info they need, eventually, so it's just a matter of time before any digital lock is broken.
Your anecdote doesn't share anything in common with the article. One of two things are likely - your car wasn't actually locked this nights, or the theirs used a signal amplifier to make the car think your keys inside the house were next to your car.
Neither of those things is VW's fault - if you don't like the wireless automatic door unlocking because the signal can be boosted maliciously, then you should disable it. Otherwise live with the consequences.
No, my anecdote is more about a data point (well, three actually) indicating we don't really know how many ways there are to break into these cars, and that manufacturers are playing dumb, hence me not being surprised at the news that another one was found.
If really the problem was relatively trivial, VW should have warned me on how to avoid it, and they didn't. It can't be a simple amplifier: it's not just proximity, you actually have to press a button on the dongle to open a door, so whatever they were doing, it wasn't just repeating an existing signal; and as I said, I can tell you that making sure the car is locked has become a nightly ritual.
I'd caution you against thinking that having to press a button on a dongle means that there's a required intermediary step.
I can imagine a design where the RF signal is being generated on a very low voltage/low power device that's always/permanently on, and pressing the button enables an integrated antenna that suddenly boosts the signal to a usable signal strength.
In that case, the attacker just has to simulate a increase in signal strength if they are already tapping your signal.
Electronic design doesn't follow the same rules as physical device designs - for example, that power button on your PC, it doesn't really close any circuit! It just tells the motherboard that it's ok to let voltage through a certain electrical pathway, the computer is already permanently on and is trickling power from AC / Mains.
You can use software to tell the motherboard to activate the same way that "pressing the button" does - ie remote server control over pxe, etc.
Most cars are always on trickling power from their battery waiting to hear that signal, I wouldn't be surprised if dongle design follow the same principle.
Well sure, but this is just a RF signal here, the objection to your anecdote is that on the face of it it has nothing whatsoever to do with good crypto
But my point is that it should. Any digital lock should use good crypto, it doesn't matter if for ignition or doors. The fact that it's been proven that they did it badly even when they tried, aligns with my experience that their digital locks are not secure.
Whether my locks open with an easily-spoofable RF signal or with a bruteforceable key, the bottom line is still that they are not doing good crypto in situations where it's clearly necessary.
It doesn't share much in common with the article, but I believe this immediately because the same thing happened three times over the last two years with different people in my street. All with new and rather nice Audi models. Opened without any damage, the dashboard completely rampaged (nav, radio, airbags etc removed)
I won't be surprised if there's another, even more serious vulnerability in Volkswagen locks. The security researcher who found it probably sold it to the bad guys, totally understandable after reading how Volkswagen handles security reports.
A long time ago I heard an anecdote where some guy got locked out of his luxury BMW and called for help. A roadside assistance repairman showed up and knocked on the car in a certain spot with a certain pattern and the car unlocked. Don't know if it's true or not but it wouldn't surprise me if there were (hopefully more secure than that) undocumented backdoors on the modern models.
The second thing - that thieves can use a radio signal amplifier to open your car - is definitely VW's fault. Even if they did not design that system, they chose a supplier for it. A fresh graduate engineer could have reviewed that design and seen that flaw. But would a fresh graduate manager listen to his report ?
I saw a report a while back that if you put your car keys in the freezer or something it blocks enough of the signal from your keys so that someone can't use this signal repeater to unlock your car, it's supposed to act like a Faraday cage (somewhat).
I know it sounds stupid but I remember seeing it on HackerNews a while back. I'm not sure if it was debunked or not.
The "new" (actually 2 years old) thing is the UK courts granting injunctions preventing the publication of security research from a well known UK university. WTF.
> The research team first took its findings to the manufacturer of the affected chip in February 2012 and then to Volkswagen in May 2013. The car-maker filed a lawsuit to block the publication of the paper - arguing that its vehicles would be placed at risk of theft - and was awarded an injunction in the U.K.'s High Court.
But then they don't detail the legal situation that led to the two years of litigation and the eventual release, so I don't know who to be mad at..
People are usually bad understanding counter intuitive notions such as the fact that making security flaws public actually makes consumers more secure, not less.
I disagree. Making a security flaw known forces manufacturers to fix it. As the article states, they went "to the manufacturer of the affected chip in February 2012 and then to Volkswagen in May 2013". Two years later the problem hasn't been fixed, because a recall would be too labor intensive. Meanwhile VWs are still being stolen using this exploit. Now that the exploit is out there VW is forced to act.
And it's not like regular people are going to turn into car thieves because this exploit has been made public. Not even house burglars will turn into car thieves. I would guess that car thieves are very specialized due to the seemingly complicated logistics behind these operations, so it's unlikely that they weren't aware of this exploit.
I'm far from being an expert on the subject, but I don't see how this is a net loss. I see very little potential for a spike in thefts and a high probability of VW finally facing the problem.
The specifics of how to exploit it do not contribute to pushing the manufacturers to fix it. Disclosing the general vulnerability does, the specifics does not.
> Meanwhile VWs are still being stolen using this exploit
Immediately there is but what about long term? If industries know that researchers will post the vulnerabilities all over the net as soon as they find it, it may change their security behavior in a way that is a net positive to security.
Exactly. So how many vulnerable cars are on the roads of the world right now because the UK High Court wanted to "protect consumers". It seems insane. A temporary injunction, sure. But two years (actually three since the original vulnerability report) isn't remotely acceptable.
And getting back to the original point: I'd want to see some coverage of how this disaster happened in the UK courts.
Not everyone buys only new cars. Besides, in a world in which research was not censored, do you really expect that VW would have been slower to fix the issue?
No but I don't think they would of been faster either was my point.
Hence, to answer to the question posed "So how many vulnerable cars are on the roads of the world right now because the UK High Court wanted to "protect consumers""
I would answer 'possibly zero, BECAUSE of that' and once they are manufactured and sold they exist regardless of the owner, till they are destroyed.
but they got the key, so you can safely assume everybody else has or could. publishing it is the kind of pressure the manufacturer need from the public, otherwise people will do the same reasoning, kicking into 'secret = safe' mode even when it's completely pwnd - heck it's not even theoretical there is a paper on it with the extracted keys.
the fact you weren't affected is just because stealing a car is not the hardest part of the ordeal.
Now, after lengthy negotiations, the paper is finally in the public domain - with just one sentence redacted.
"This single sentence contains an explicit description of a component of the calculations on the chip," Verdult said, adding that by removing the sentence it was much more difficult to recreate the attack.
So the immobilizer does not immobilize as much as expected/hoped. While that sure isn't something the manufacturer should be proud of, it is hardly a really critical problem, nowhere close to "stop driving until resolved". Immobilizers may have lowered car theft before, but never fully stopped it. The incentive situation for thieves has shifted a bit, that's all, a gradual change, not a 180 degree bit flip.
The bigger mistake than sourcing imperfect components is the attempted cover-up and I am positively surprised that this is even reflected in the headline. (at least theoretically: the first glance takeaway message for this story will always be "security hole in car!", no matter how much the author tries to put the cover-up in focus)
A recall for what? There's no safety issue here. There's no functional loss.
Unless they advertised the car as being unstealable or anything close there's not even a marketing point that's not working as one could reasonably expect. Carmakers call this a theft-deterrant feature, they don't even call it anti-theft or similar.
The immobilizer is not as secure as one would hope, but nobody ever promised you anything here in the first place.
What keeps your car from being stolen is not the immobilizer. The government and laws are what keep your car from being stolen.
It's obviously not a safety recall, but that doesn't mean it isn't serious.
Other companies have been known to do voluntary recalls defective locks, why is VAG exempted in your mind?
"It barely can even be considered an immobiliser" is almost certainly contrary to reasonable consumer expectations, and it wouldn't surprise me if the EU, at least, had laws regarding this kind of issue.
It's not serious. It still requires someone to specifically target you & your car with special gear and know-how far outside the realm of the typical car thief.
IDK about "far outside the realm of the typical car thief". Not that the typical car thief is going to be trailblazing the research, but once the research is done, it just takes someone putting a black box VW keyless unlocker together, and then it's in the realm of the typical car thief. In fact, at that point you're talking about the break in being the simplest part of the theft, with fencing being much more difficult.
> It's not serious. It still requires someone to specifically target you & your car with special gear and know-how far outside the realm of the typical car thief.
It wouldn't fill me with warm and fuzzies if I were sold a high-end door lock / alarm system / safe that was only exploitable with 'special gear and know-how far outside the realm of the typical thief.'
>It wouldn't fill me with warm and fuzzies if I were sold a high-end door lock / alarm system / safe that was only exploitable with 'special gear and know-how far outside the realm of the typical thief.'
Then you'd better never buy a high-end door lock / alarm system / safe, they all have that in common.
I'm not familiar with the current state of physical security exploitation, but I get the sense that it would take more than 30 minutes and pushing the button on a black box someone built for me to compromise. Unlike this.
The issue with electronic exploitation is that the know-how component is relatively trivially automated. Script kiddies, etc.
If I bought an $80k Porche, I'd be bit miffed that it could be stolen from a parking lot in the time it took me to have a sit-down lunch.
I personally have never gotten that sense, but as both of us are too lazy to check, to each their own.
If you bought an $80k Porshe you knowingly bought something you know will be a target for theft, and probably have enough money to have anti-theft insurance and be able to afford the inconvenience which would be your car vanishing. Yes apparently the ease of it being stolen is slightly greater than you thought when you bought it. But if not having your car stolen was a top priority for you then you would not of bought a car which people would want to steal as much.
As they mention in the article this would of been a difficult thing to fix on existing models, they did however change the system so it doesn't apply to new models.
True, but isn't the whole point of an alarm system to draw attention to the thieves? If a thief can bypass the alarm system or other security measures, it may not look they are stealing the car. This gives them a significant amount of time before law enforcement can be informed and greatly lessens the chance of them being caught.
That's the whole point of an immobilizer. To prevent the typical physical methods (break window, hotwire ignition) from being accepted unless the security token is also present.
I don't think Porche et al are under any illusions their windows are rock-proof. ;)
So has VW taken advantage of the time given to them by the courts to release fixed transponders in new vehicles and slowly replace the current defective ones as part of a routine service?
Otherwise they've just delayed the information getting out which seems pointless?
"There's no quick fix for the problem - the RFID chips in the keys and transponders inside the cars must be replaced, incurring significant labor costs."
What a nightmare. Car manufacturers have to design more resilient systems.
Based on the difficulty to secure hardware systems after deployment, they will be for sure trying to put more and more features on the software-side.
If so, they will also have to think about a quick way to deploy security fixes remotely. One way could be working with connectivity solutions for Embedded Systems (e.g. SigFox).
Well, the advantage of VW is that the car itself is pretty secure.
All messages on the CANBUS are securely signed, there are multiple rings of security where data can always pass only in one direction, etc.
The only thing this exploit enables is that if you already have the car, managed to break the steering wheel lock, managed to replicate the magnetic signature of the key, and managed to start the motor, that you can circumvent the immobilizer that comes after that.
This is a pretty minor flaw compared to the "full control via radio" that competitors had.
Is this a specific feature of VW's implementation of CAN? CAN in general (at least not in 2007 when I last worked in the industry) is not secured. The only real security once you had access to the CAN bus were the separate rings (although several modules bridged). You probably couldn't start the car and keep it started unless you figured out the variant of crypto handshake used between whatever did ignition/skim/rke and the engine (sometimes public key, sometimes symmetric, often with some sketchy cipher implemented by modules that would offer full memory access via debug protocols if you asked the right way). If you had access to the spec for messages for the machines, access to the CAN bus can do some very cool/scary things.
Depending on how the car manufacturer spec'd the engine<->skim handshake, you might get as lucky as to just be able to isolate the offending skim/rke unit and MITM/replay its messages. If the rke and skim units are separate, there's an outside chance that the beacon that is sent after remote-start that lets the engine know not to turn off doesn't contain a secret key itself and can be replayed. In any event, I'd assume that physical access to the vehicle means that a kit could be deployed in minutes to steal the vehicle without any fuss.
Almost all German manufacturers use these variations of CAN.
Bosch recently published how their variants are used to prevent stuff like break-in through the radio.
The system is safe against replay attack (by prepending a timing signal to the encrypted message), has seperate rings of trust (so your gas pedal can control acceleration, but your radio can’t), and is in general quite safe.
And, well, with a physical kit you might be able to start the kit, but the steering wheel lock can not be unlocked without a physical key. And even if you break through that, you need to stop the immobilizer.
So you end up breaking open the door, breaking with large tools a part of the steering wheel lock, (hoping the car does not have an anti-intervention system, usually a cat jumping onto the car already starts a loud alarm), then you have to actually start the car and run this 30-min brute force attack against the immobilizer, after having sniffed the owner before.
It’s theoretically possible, but it's not really a practical attack.
You break door lock, get inside, pop the hood. Alarm starts, you spray polyurethane foam into alarm loudspeaker and it shuts up. You close the hood and go away for 10-20 minutes keeping a lookout on the car. You come back, swap computers, turn on the car and drive away.
All European cars since 1998 will have both, because immobilizers are required by law in most of Western Europe.
On most cars, you'll never notice the immobilizer as it's RFID based, passive, and requires no batteries. The only way you'd find it is if you take apart the key fob or have to service the ignition lock, at which point you'll find the RFID antenna ring around it, or if you try to get the key replaced.
At least in Germany, yes. Usually the key is also secured with multiple other techniques and has a 3-dimensional unique pattern, plus additionally magnetic safety features.
And the fact that the car has a steering wheel lock (the steering wheel is locked in the right-most position) is also standard.
The above mentioned vulnerability only applies to very few models, on the North American market, which have the (very costly) extra of keyless entry.
According to my knowledge, keyless entry is even illegal in Germany. (But I am not a lawyer, so I do not know if that applies at all, or if the legal situation just ends up stating that drunk people owning a car with keyless entry may not be close enough to their car that the immobilizer is deactivated)
As noted in the conversation about the Jeep hacking thread,
This is an example of "better" security by not making the security system reprogammable (its read only). But it does incur this huge cost when you find a problem with it.
I'm sure the time to fix is also made more problematic by the need to fab new chips.
> If so, they will also have to think about a quick way to deploy security fixes remotely. One way could be working with connectivity solutions for Embedded Systems (e.g. SigFox).
Something tells me giving the car's immobilization system a routable IP address is not the best way to "fix security"
I almost want my next car to have a physical key, but a digital one. Back after mechanical keys but before wireless entry/start, there was a short period where you had to plug the entire keyfob into the dash to start the car... I want that back.
Mechanical keys have the "photograph" problem (i.e. a single photograph can be used to reproduce them). Wireless start has the wireless hacking problem (i.e. if you broadcast, that can be intercepted/manipulated/etc). Digital keys have neither of these, and can utilise real challenge/response protocols since the keyfob can be powered by the car while authenticating.
I will say I don't know if wireless entry will ever be secure. Too many technical problems to overcome, soon we'll be reproducing the military's channel hopping.
The mechanical keys used in VWs today can not be reproduced with photographing. They have non-standard cut-ins on both sides and also activate magnetical bolts inside the lock.
If I read this correctly, the vulnerable vehicles are not really left in a worse state because of this defect. If they did not have cryptographic electronic start, they'd simply be vulnerable to old-fashioned hotwiring. I could be wrong, as I haven't been in a recent model, but I assume there is still a physical steering column lock that needs to be disabled, no?
No. The whole point of keyless entry is that you don't need to physically handle a key to enter and start the car. Its presence in your pocket is sufficient to enable the Start button to work. Or, as this article demonstrates, the car's belief that the key is in your pocket is sufficient.
But anyone waiting to spend 30 minutes with an electronic crack is also smart enough to use liquid nitrogen to crack this too.
The difference is that a keyless hack can look natural since there is no physical force for entry or ignition. A funnel and chisel would raise some eyebrows.
This attack is against the RFID immobilizer for the engine, which means an attacker would have to break into the car, break the steering wheel lock and break the physical ignition lock prior to starting the car.
No, it's also an attack on the actual wireless key which is used to open and start the car. It's just making the car "think" that the key is inside, so you just press the Start button and the car starts, after which you drive it away like normal.
Fair, but only on cars which have only passive security (that is - where you don't need to use the fob to unlock the car and you don't need to use a physical key to turn the ignition).
If the article is accurate, avoiding use of the key fob should make it more difficult for the attack to be carried out (which admittedly isn't very useful).
As far as my limited understanding goes using the the key fob for remote central locking does not expose any risk, instead its the immobiliser part, so manually opening your door with the physical key provides no extra safety, its when the key is present near the ignition barrel, thats where the immobiliser kicks in and where this venerability exists
From what I understand, they have to capture two uses of the key fob to be able to brute force, so if you don't use it then they can't capture anything. Or they just captured two uses from a random car and now it'll work on any car. I wish the article went into more detail.
They captured 2 uses of the RFID-based immobilizer. That gets used every time you start the car, regardless of how you unlocked the car. It's completely separate from the UHF-based keyless entry system which you use to unlock the car.
The paper makes this distinction in the first paragraph, but of course the article fails to distinguish.
As bri3d has mentioned, I think you are confused because the key actually has three independent functions and you need to make the distinction between them all.
- Remote central locking via UHF
- Immobiliser authentication via RFID (this is what is vulnerable)
- Key for the ignition barrel or manual unlocking of doors
Theft of newer-model cars is extremely rare and I don't think vulnerabilities will change that much. Anything that requires computers at all is going to be beyond the average car thief.
If you're worried about safety, buy a car with a good crash safety rating. You're far more likely to get into a normal crash due to bad human drivers or mechanical failures than you are to be hacked.
If you're worried about the financial loss from a crash or theft, your best protection is good insurance.
You're making the mistake of assuming car thiefs are unintelligent or unorganized. Successful thefts that return a profit require a network of skilled people to pull off and talent can be found within that pool or recruited.
By saying a thief would have to understand how a computer exploit works, it's saying a thief needed the equivalence of an engineering degree to drive away with a car before computers entered the equation.
Exploit discovery, maybe, but it doesn't take much to execute packaged tools you bought on the blackmarket.
> while popular older cars are stolen in vast numbers
For now. Once they get out of circulation only newer cars will be left and at that time it might be that thieves could buy devices to hack into these cars just as you can rent botnets today.
Well sure, pretty much by definition. Car thieves who can't handle technology will eventually have to stop stealing cars. There are only so many late 90s Honda Accords out there to be stolen, after all, and they aren't making any more.
But I really doubt that all the thieves out there will learn fancy technology so they can steal newer cars. A few will, but most will find other things to steal.
Right now, popular new cars are stolen in amounts of hundreds per year in the US. Older cars (like the Honda Accord) are stolen by the tens of thousands. That's not because older cars are more valuable, it's just because it's a lot easier.
I drive a Hyundai Accent with manual windows and doors.
No one is going to crack that but a guy with the right piece of plastic can still take down a window, get in, and steal the car. If someone wanted to murder me, they'd need physical access to the car to mess with it.
So...yeah. No situation is 100% safe or secure. However, pretty much anything wireless pretty much guarantees any criminal can just make a kit to do X and sell it to actual car thieves claiming he thought they were [legal profession like car repo].
Sort of like how people sell malware/"security tools" now. "Oh, I sold it to a criminal. HOW COULD I HAVE KNOWN?" :p
Something with no wireless features at all(I think the no-feature nissan versa might be that way?). Not because their manufacturer cares about security, but because of less attack vectors.
It's not possible. Make sure your car is well insured. The insurance companies have traditionally put pressure on manufacturers to add better security. In the UK, the car insurers set up this respected research institute which has steadily improved car security:
That Thatcham rating might not be as good as you think; we used to have massive problems with Thatcham certified motorbike chains and locks, eg: https://www.youtube.com/watch?v=VC3hFr8p2ck
Pro-Tip: If you're chaining your bike up, make sure the chain can't touch the floor.
Don't buy a high end car that has a high theft rate. Research theft rates like you would reliability and resale. Buy a plain vanilla mid-level toyota, honda or the like. Insure your car.
It has been this way for about two decades. It is much easier for thieves to slice-and-dice a common vehicle into hard-to-trace parts, since the hot parts will disappear into a sea of legitimate used and reconditioned parts. High-end cars are comparatively rare, and thus harder to dispose of discreetly.
Articles like this make me love my 2000 Subaru even more. I'm gonna hate getting a newer car one day, but maybe by then manufacturers will better secure their cars.
You should look at crash tests results of your 2000 Subaru and a car more modern than 2013 and decide which you'd rather be in in the result of a crash. I'm less scared of a potential hacker cutting power to my car than I am of the millions of poor drivers cutting lanes and changing lanes without signals (or even looking) resulting in an auto accident.
Things started improving in the 90's (falling from 143m to 115m). In 2000 it was at 112m. 2008 saw the sharpest decline - down to 78m. In 2012 it was 65m.
The difference between 112m and 65m is staggering - and is largely due to newer, safer cars being on the road.
Although Subaru has a good track record of safety. I just think the fear is misplaced. For most people driving older cars, I'd be far more scared about my safety during a crash than my safety from a potential hacker.
Newer safety regulations definitely help, but at the same time, I almost feel like we're reaching a point where we're at pendulum overswing to some degree.
That biggest change since 2012 has been increased roof strength requirements. This was driven at least in part due to the popularity of top-heavy, rollover prone vehicles.
Meeting these requirements have required cars to get heavier and incorporate massive roof pillars. This negatively impacts gas mileage (relatively minor concern), but, far more importantly IMO, means that nearly every new car out there has awful rear visibility. So we've bandaided that by requiring backup cameras, but those don't help when you're moving in traffic. We've created a situation where most new cars on the road have huge, terrible blindspots by trying to make the cars safer.
Again, better safety is a good thing, i just think that we just need to do a better job of balancing it with the usability of the vehicles.
Perhaps - but the numbers don't indicate the pendulum swinging back. It looks to be a net gain, even despite that.
Interesting, though. I had noticed this trend - coming from a 2002 Outback, most of the ZipCars I drove seemed to have terrible rear visibility. Now I know why.
"Suchart said he was on his way to give a speech to central bank officials from 17 countries when his ministry-assigned BMW car stalled on a road, not far from his house.
The engine stopped, the air conditioning shut down, the doors got locked and the windows wouldn't roll down, he said, adding that he was trapped for about 10 minutes.
"We couldn't breath because there was no air," he said.
Suchart and his driver waved at passers-by to draw attention to their plight, but it took a while to make them understand that they wanted the windows smashed.
Finally, a guard of a nearby building came to their rescue with a sledgehammer and broke a window. Suchart then climbed out of the car through the hole."
I'm guessing the "no air" thing was a bit of translation error. Presumably he was referring to the ambient temperature in the car rising to dangerous levels in short order.
Is there no physical lock on the BMW? Unless he had the child safety locks on, there should always be a way to manually open the door (even if the latch is somewhat difficult to operate) when the vehicle loses power. It's a huge safety concern if you can be trapped in the car like that.
Maybe he has a driver and was riding in the back with the child safety locks on?
So why were the researchers willing to publish a redacted version now, but were not willing to publish the redacted version 3 years ago when they were researching the issue?
I am actually curious because this is the only part of this whole thing that does not make sense to me. Even if I disagree with Volkswagon's decision to not notify existing owners that there was a vulnerability known or eventually provide them with a fix, the decision at least makes sense because it probably was deemed more profitable for VW.
"The scientists wanted to publish their paper at the well-respected Usenix Security Symposium in Washington DC in August, but the court has imposed an interim injunction. Volkswagen had asked the scientists to publish a redacted version of their paper – Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser – without the codes, but they declined."
It sounds like the same thing was redacted from this version that they asked be redacted from that version as this one doesn't have the specific codes necessary to make it work.
Off topic but a point about the persistence of cults around unreliable vehicles:
<rant>As owner of an 1985 Westfalia, I have nothing but contempt for the inconsistent and poor engineering of this beast. Even with the factory Digijet pro training materials and factory service manual and several mechanics later, this thing still won't idle right when cold or warm. Systemically went through each system (fuel, air, electrical, mechanical, vacuum) individually and triple-checked per procedures and looked at general stuff like grounds and wiring too. Maybe the community factor akin to Mini Cooper owners: ostensible value built on hazing by ostentatious, expensive repairs due to substandard engineering. Sure VW has/had the hippie thing too, perhaps also due to them being difficult/expensive to maintain or being less powerful.</rant>
I'm grateful though the beastie doesn't have OBDII or keyless entry. (Like most German vehicles of this vintage, the drivers' side door doesn't lock without the key to avoid locking oneself out.)
ITT: nobody so far advocating "responsible disclosure", because this is the sort of vendor abusiveness that made "full disclosure" clearly a good idea, and an essential protection for the interests of the end user.
The Internet of Things will recapitulate all the painful experience of how this stuff works out we just spent twenty years getting sorted out in the software field.
Even though these cars aren't a part of the internet of things (yet), situations like these are the exact reasons why I'm not enthusiastic about it. Honestly, I hate it.
Sysadmins will be in work until we're 100 if we want to be, cleaning up after this rubbish. Like elderly COBOL programmers, making the big bucks after retirement.
Unless VW is significantly different than GM and Daimler, Megamos likely had very little control over the protocol and messages being sent. They would be given a simulation of the vehicle bus that they would be expected to duplicate exactly. A full spec would be given providing state diagrams for each message and its handling. Megamos engineers would be able to offer suggestions, but the message structure and overall protocol would have been outside their control.
Right, because VW should blindly build parts into their vehicles without vetting the security they bring (especially when said part is in fact a security component). Tougher to do when vetting such a part requires expertise in the field, but blindly trusting the supplier is never a good practice.
For an analogy you can look inside a car engine take it appart verify its components. But if you take a look inside the software and take it apart you are suddenly potentially breaking license agreements. This agreements violate free speech if you find something you may not tell others about it or risk getting sued.
Honestly I'm not really bothered about the whole "hacking cars" thing. I've spent enough years in dangerous countries that this seems like a non-issue.
I do object to car companies knowing about a safety issue & keeping quiet due to it being "cheaper" to accept a couple of deaths than fix it. That kind of thing should be punished with eye watering fines in my view - not to save those 12 lives but to put the message out there that car companies need to get it right instead of playing the odds.
"There's no quick fix for the problem - the RFID chips in the keys and transponders inside the cars must be replaced, incurring significant labor costs."
...
"A VW spokesman responded: 'Volkswagen maintains its electronic as well as mechanical security measures technologically up-to-date and also offers innovative technologies in this sector.'"
Since they haven't recalled the vehicles and replaced the chips, that would be... not precisely true?
Honestly, everytime I hear about the latest new-and-shiny that car manufacturers try to put in new cars (such as stop-start, keyless ignition) I can't help but roll my eyes at the inevitable fail that this is going to bring. Sure these knick-knacks might look cool now, but what happens eight years down the line, when your electric system goes belly up in middle of the highway or at a traffic signal?
VW is one of the worst offenders in this regard. They are quick to implement useless features without giving any regard to reliability or the idea of graceful failure. The greatest achievement of VW marketing has been in perpetuating the myth about the infallibility of German Engineering. German cars seem to have some of the worst electrical problems which is at least in part due to all the electric and electronic equipment they cram into their cars. I would put greater confidence in the reliability of Japanese or even Korean engineering over them (although even the usually conservative Japs have been tempted to follow these fads of late). One less button on the dash of your bland Toyota, means one less thing that is going to break five years down the line.
I don't think start/stop belongs in your list of useless knick-knacks that are prone to failure -- the Prius has been in production for about 18 years, and it's used start/stop from the beginning to save fuel. But you don't hear of large numbers of Priuses stuck at red lights when their engine computer forgot how to start the engine.
Start-stop can save significant fuel - 3% - 12% by some estimates, and it comes at very little cost and complexity.
True. stop-start might have not been the best example in this case. But still, i would be quite apprehensive of buying a 10-year old european car that has stop-start built in - Much more than an equivalent toyota. Japanese are quite slow to follow in implementing new features and as a result (IMO) their implementations seem to be more reliable. I have experienced European cars to develop serious electrical issues over the years. Couple that with a stop-start system, and you are looking at an undrivable car.
edit: In the past couple of years things seemed to have mixed up a bit in the industry (for example American cars have quite improved in quality). So who knows, maybe today's cars might hold up much better 10 years into their life , than their predecessors. But increasing incorporation of software and electronics into these probably will not help them get there.
The continuous start-stop wears out the engine faster, so it won't last as long as an identical model with the same engine that hasn't that feature.
It's like switching a traditional light bulb on and off in a continuous way - it won't last years (some 100+ old light bulbs still work fine, but the were powered-off just a handful times).
Do you have a reference for that? Cold engine starts cause a lot of wear, but warm engine starts should cause very little wear, especially in an engine designed for start stop.
While a home light bulb may not stand up to continuous on/off cycles, a bulb that's designed to do so (like a low-voltage bulb with a heavy filament) can last for a very long time.
So I wouldn't retrofit an existing car with a start-stop system, but I wouldn't have any qualms about purchasing a car with a start-stop engine as it would have been designed for the purpose.
>The continuous start-stop wears out the engine faster, so it won't last as long as an identical model with the same engine that hasn't that feature.
Yes, that too. Although I imagine it would wear out certain components of the engine (such as starter-motor, and crankshaft?) and battery rather than the engine as a whole.
Total-Cost-of-Ownership-wise, a stop-start might save more in fuel than it would cost in increased repairs (Or it may not, depending on make and model among other things).
The question I have is what VW did after receiving the injunction? Did they work with their customers for the last two years to fix the vulnerability? Or was the injunction their solution by itself?
If it was the latter case, somebody should really serve them a class action suit. Security by gag is not helping the end customer.
Happy to see the GTI not listed on there but why would that be any different from the other models? You think they would use the same across the board.
Source please, as I understand it current VW cars themselves are not vulnerable but some other VAG brands still use these vulnerable immobilizers to this day. That might be bad reporting though. The only reliable detail I have found is from the paper itself. "We understand that measures have been taken to prevent the weak key and partial key update attacks when the transponder was improperly configured."
> It’s long fixed, and only a tiny set of cars (only high-end models with keyless entry) were even affected at all.
Some of the models on the list feature neither keyless entry, nor are high-end (the Audi A2, for example). While the Audi S2 may be considered high-end, it certainly wasn't available with keyless entry, and I wouldn't be suprised if the Audi 80/90 (which the S2 is based on) were affected, too.
Well, that’s nice – you have a car where you now disabled the immobilizer, but you’ll still need at least large tools and half an hour to break the steering wheel lock and the other stopping mechanisms.
Especially in cars without keyless entry the immobilizer is only one of dozens of mechanisms against theft.
Non issue to me. Typical media and security professionals hyperbole.
I have car insurance for my Porsche. According to the list it's vulnerable.
Chance of getting stolen? Quite small. If it does insurance pays in my case the full value not the depreciated value (age of car as only one reason). Not something I am worrying about.
How many cars are actually stolen as a result of this flaw?
Just another example of the security industrial complex fanning the flames...
It wasn't the "security-industrial complex" that caused a security-incompetent vendor to use legal threats to try to suppress disclosure. That's the story here.
It'll be interesting to watch the fallout from these obviously-present vulnerabilities. I see three possible outcomes, in decreasing order of likelihood: status quo, where they just "fix" the bugs as they hit the news; some sort of massive push towards real computer security, in this and other industries; or a massive reduction in features to avoid the flaws.
This is really just another symptom of the current state of computer security, best described as "a joke." My guess is in 50 years we'll have decent computer security. There's nothing that precludes it in theory. But it's going to be an ugly, ugly couple of decades while we pay off the wave of computer-security-debt that we have been riding.