Rent a luxury car and crack its transponder to steal it later

Pierluigi Paganini August 20, 2015

Researchers Roel Verdult and Baris Ege, revealed that popular cars, including Ferrari and Porsche,which use Megamos Crypto transponders can be easily stolen.

The level of interest on Car hacking is maximum following the recent hack of the Fiat Chrysler Jeep, news of the day is that a team or experts since 2012 is aware of the presence of security flaws in the Megamos Crypto transponder used in more than 100 cars manufactured by principal automakers.

Audi, Ferrari, Fiat, Cadillac, Volkswagen are just a few names automakers include in a list or  two dozen companies that adopt the flawed components. Hackers can exploit the vulnerabilities to start the cars without needing to use the key, a great news for car thieves.

The researchers tried to present their study at the 22nd USENIX Security Symposium in 2013, but they were prevented from doing so by Volkswagen, who won an injunction by the UK High Court of Justice prohibiting them from publishing key findings of their discovery.

The team of European experts made a reverse-engineer of the software running on the transponder focusing their analysis on the proprietary security mechanisms implemented by the manufactures. The researchers have found three ways to run an attack against the transponder and bypass the authentication mechanism by recovering the 96-bit transponder secret key.

“Our first attack consists of a cryptanalysis of the cipher and the authentication protocol. Our second and third attack not only look at the cipher but also at the way in which it is implemented and poorly configured by the automotive industry.” reads the paper.

“Our second attack exploits a weakness in the key-update mechanism of the transponder. This attack recovers the secret key after 3 × 216 authentication attempts with the transponder and negligible computational complexity. We have executed this attack in practice on several vehicles. We were able to recover the key and start the engine with a transponder emulating device. Executing this attack from beginning to end takes only 30 minutes.

Our third attack exploits the fact that some car manufacturers set weak cryptographic keys in their vehicles. We propose a time-memory trade-off which recovers such a weak key after a few minutes of computation on a standard laptop.””

The researchers explained that their first attack, which works with all vehicles using Megamos Crypto, exploits the following weaknesses:

  • The transponder lacks a pseudo-random number generator, which makes the authentication protocol vulnerable to replay attacks.
  • The internal state of the cipher consists of only 56 bits, which is much smaller than the 96-bit secret key.
  • The cipher state successor function can be inverted, given an internal state and the corresponding bit of cipher-text it is possible to compute the predecessor state.
  • The last steps of the authentication protocol provides and adversary with 15-bits of known plaintext.

The researchers explained that in one attack scenario, they were able to recover the key in just 30 minutes and start the engine with a transponder emulating device.

Another attack requests the attacker has access to both the car and the transponder for a period of time, a circumstance that can occur when the attacker takes a car for rent or the victims parks the vehicle.

“It is also possible to foresee a setup with two perpetrators, one interacting with the car and one wirelessly pickpocketing the car key from the victims pocket,” explained the researcher. “Our attacks require close range wireless communication with both the immobilizer unit and the transponder.”

automakers car hacking

This year the experts had the opportunity to present their findings at the 24th USENIX Security Symposium.

“Although two years have passed, this work remains important and relevant to our community,” Sam King, USENIX Security ’13 Program Chair, and Casey Henderson, USENIX Executive Director, noted in the foreword added to the research paper.

The experts highlighted once again the risks related the Internet of things devices that lack security by design. Researchers like this one must encourage the automotive industry to seriously consider the security as a mandatory requirement for the safety of car owners.

Let me suggest to carefully read the report, despite 3 years have been passed since the first discovery of the flaw, the security issued are still very common in a number of components present in modern connected cars.

(Security Affairs –  car hacking, car safety)

you might also like

leave a comment