Posted on March 7, 2020 at 2:42 PM
When one thinks of the term “Vulnerable Devices,” you don’t usually consider your automobile to be one of those things. However, the times have changed, and even your car has a suite of digital components streamlining and boosting your car in some way, shape, or form.
An Unexpected Threat
The computerization of your vehicle stretches everywhere, from engine sensors to care keys. As is the case with any new form of technology, unsavory elements within it started to take notice of it pretty quickly, and subsequently devices ways of cracking this technology to give them that edge.
A hacked car sounds terrible, and it very well is, but the genuine threat to vehicles is having the care key itself hacked. Should a digital key fob manage to get itself hacked or otherwise electronically duplicated, the criminal is very much capable of stealing your car.
With this threat, researchers have started to investigate the matter at hand and discovered that the so-called “key cloning” is very much a threat to any modern car owner.
Copying Key Fobs Through RFID Transmitters
Through the new research that the University of Birmingham, as well as KU Leuven in Belgium, has posted, it’s made clear that millions of cars are at risk.
The research concluded that any vehicle with a radio-enabled key fob holds the risk of unauthorized key cloning. Most modern cars have this as an automatic feature, which only makes the number of vulnerable vehicles even higher.
The study revealed that cars made from most major brands, Hyundai, Toyota, Tesla, and Kia have a significant flaw in its encryption. This flaw is exploitable by hackers via a simple RFID transmitter. Should this transmitter be appropriately configured, it can copy the signal that key fobs produce, which hackers can then use to unlock the cars of their victims.
One Key To Do It All
The report itself holds an expansive list of vehicle models within the years of 2009 2017. However, the report was quick to stress the fact that this list isn’t exhaustive. Put simply: There could be more cars that the research just didn’t cover at the time, and thus wasn’t detected by it.
After a hacker unlocks the car, he can leverage the usual techniques to hijack a vehicle, ranging from the Hollywood-style hotwiring to the more popular screwdriver method.
The main reasoning for this flaw is that the key fobs themselves broadcast an encryption key based on a standard serial number. This key is identical to the one that those same fobs broadcast when it unlocks a car, as well.
Proof Of Concept Only For Now
Luckily, there are several key issues when it comes to hacking your key fob in this way since there needs to be particular circumstances for it to happen successfully. The hacker in question would need to be very close in order to clone your key fob, and it’s downright impossible for it to hack it over the internet.
Furthermore, citizens in the US don’t need to worry as much due to the weakness, mainly appearing within Kia, Hyundai, and Toyota vehicles that are both outside the US and are a tad older as well. If anything, this just stands as a proof of concept, with more work needed to do it reliably.
Through bringing this flaw to light, researchers hope that engineers will use it to help develop stronger security and encryption features as the years go on. While the risk of having your car keys hacked is a tad low at this point, should they figure out new ways to enable it, it will prove itself a massive problem in the future.
One of the most critical aspects of cybersecurity is white hat hackers or hackers that leverage their skill to notify companies of weaknesses in their programs. If there weren’t any white hat hackers out there, the cybersecurity sector would’ve been a chaotic mess with no information or “lucky breaks’ to run on besides themselves. Their role in modern cybersecurity is irreplaceable.