Cars susceptible to hacks due to immobiliser vulnerability
The vulnerability relates to a transponder called Megamos Crypto, which, according to researchers, has been or is being used in a range of vehicles including a number of Volkswagens, Fiats, Alfa Romeos, and Hondas as well as luxury cars including Ferraris, Bentleys, Maseratis and Porsches.
The The researchers from Radboud University in Holland and Britain’s University of Birmingham, outlined their concerns in their document Dismantling Megamos Crypto: Wirelessly lockpicking a vehicle immobiliser.
They said an electronic car immobiliser consists of three main components: a small transponder chip which is embedded in the plastic part of the car key; an antenna coil which is located in the dashboard of the vehicle, typically around the ignition barrel; and the immobiliser unit that prevents the vehicle from starting the engine when the transponder is absent.
“The transponder uses a 96-bit secret key and a proprietary cipher in order to authenticate to the vehicle. Furthermore, a 32-bit pin code is needed in order to be able to write on the memory of the transponder...we have identified several weaknesses in Megamos Crypto which we exploit in three attacks.” They found that within half an hour they were able to recover the 96-bit secret key of such a transponder.
“Our attacks require close range wireless communication with both the immobiliser unit and the transponder. It is not hard to imagine real-life situations like valet parking or car rental where an adversary has access to both for a period of time,” they said.
Volkswagen were able to gain an injunction on the publication of the report, which was due in 2013, by arguing that it could “allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car”.
The researchers argued that their aim was to improve security for everyone.
Security expert Ryan Kalember, from cyber-security firm Proofpoint said: “This is further proof that it’s a bad idea to write your own cryptography algorithms.
“It’s even more worrying that the supplier relied on the algorithm itself staying a secret — that type of ’security by obscurity’ has a poor track record.”
Mr Kalember added given the nature of the technology, and the inability of car owners to disable the function themselves meant, there was “no real defence” from the issue: “The only thing a sufficiently concerned car owner could do is buy a LoJack [a tracking system that allows cars to be tracked with the aim of recovering them in case of theft. The name was coined to be the opposite of ‘hijack’.]”
Last month, Fiat Chrysler announced it was recalling over 1m vehicles in the US after hackers were able to take control of a Jeep remotely, over the internet.
