in Check It Out, Meddling, Travels, X-Geek

Our car’s keyfob was hacked – the question is how?

We were out of town over the weekend and at 5:30 AM Saturday I awakened to the sound of one beep of our car’s “alarm” horn. Thinking it was the neighbor’s car and knowing our car was locked, I went back to bed. When we walked to the car later that morning, the hatch was standing wide open. Nothing appeared to be touched or taken.

I was immediately concerned that somehow our keyfob had been hacked. Kelly thought something probably bumped up against one of our keyfobs and that caused it to open. We’ve had the car for years, though, and an “accident” like this has never happened. If something pressed a keyfob button, why would it sound just one beep of the horn alarm? Why not trigger it to sound repeatedly, as would happen if it were a single press of the button? Seems unlikely an accidental press of a button would cause one clean beep and then cause the hatchback to open.

So, naturally I am fascinated with whatever technology was used for this! There are a couple of approaches.

One is a hack called SARA, for Signal Amplification Relay Attack. This involves two crooks working together to extend the victim’s keyfob range using an antenna and amplifier. One crook holds the antenna to the windows of the nearby home or business, hoping to bet within range of the legitimate keyfob. An accomplice holds a smaller device to the door of the vehicle, tricking the car into thinking the keyfob has been presented even though it is still inside the building. Crooks can even start the vehicle using this method.

While SARA is pretty ingenious as far as criminal activity is concerned, I don’t think this was what was used in our situation. Our car’s alarm horn sounded first. If I were a crook who had successfully relayed a keyfob, the alarm button would be the last one I would want to press. This makes me think our attack was some kind of brute-force hack, rolling through signals until it found what it was looking for.

The SARA hack got the press last year but a brute-force method came out years ago but quietly slipped under the radar, possibly because it wasn’t given a sexy exploit name. A story Car and Driver ran in 2015 gives some details:

Modern transponder-equipped car keys are supposed to be ultrasafe: The chip-keys and key fobs communicate with readers inside the car, allowing the car to start only once a secret digital password has been transmitted. But a team of security researchers says they’ve figured out a way to circumvent the system used by some of the world’s largest automakers—and that Volkswagen Group used a lawsuit to keep their findings from going public for more than two years.

Car and Driver quotes London’s Daily Mail, which tells us the crux of the issue:

Tim Watson, Director of Cyber Security at the University of Warwick told Bloomberg: ‘This is a serious flaw and it’s not very easy to quickly correct.’

‘It isn’t a theoretical weakness, it’s an actual one and it doesn’t cost theoretical dollars to fix, it costs actual dollars.’

Researchers broke the transponder’s 96-bit cryptographic system, by listening in twice to the radio communication between the key and the transponder.

This reduced the pool of potential secret key matches, and opened up the ‘brute force’ option, which involved running through 196,607 options of secret keys until they found the one that could start the car.

This took less than half an hour.

Bottom line? The maker of the encryption device, Megamos Crypto, appears to have rolled its own cryptography. This is a gigantic no-no, one of the stupidest things one can do. Encryption protocols should be openly published an exhaustively peer-reviewed to ensure there are no flaws in the math. If the implementation is secure, the protocol can be deemed safe for use. Trying to recreate this enormously-challenging wheel on your own – without having several world-class cryptographers on your staff – is an exercise in futility. Once you commit this once-secret algorithm to silicon your secret is now public and your flaws exposed to the world. Then it is only a matter of time before exploits are developed.

The USENIX paper titled “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer” and authored by Roel Verdult (Radboud University Nijmegen, Netherlands), Flavio D.Garcia (University of Birmingham, UK), and Bar?s ?Ege (Radboud University Nijmegen, Netherlands) lays out how simple it is to attack this crypto. The researchers were aware of this flaw as far back as 2012 but Volkswagon sued them to keep their research under wraps. A UK court sided with VW and barred publication until 2015 with slight changes made in the publication, which savvy engineers can still decode. The karmic irony is that it was 2015 that Volkswagon was caught cheating at emissions tests, costing the company billions.

I probably have the hardware tools needed for this attack. If I can find the rainbow tables and code I could probably replicate it. Yet it seems someone may have already pre-packaged this attack (if indeed it is the same one). I look forward to researching this more.