Study reveals how criminals manipulate key-fobs with ease
If you thought only your computers and cell phones were under threat from hackers, think again. Recent research has revealed that not even your cars are safe from cyber-attacks.
A joint study was conducted by the Katholieke Universiteit Leuven (KU Leuven) in Belgium and the University of Birmingham in the U.K., the results were made public earlier this week. The research paper describes how electronic key-fobs, which are used to lock and unlock cars, can be hacked by cybercriminals with surprising ease, and millions of cars are at risk.
The key-fob, or immobilizer, enables the user of a vehicle to lock or unlock their car with the touch of a button. The system was invented to try and control car thefts, which are traditionally executed by bringing together certain wires in the ignition, known as “hot-wiring” the car, which starts the ignition without a key. The research paper points out vulnerabilities in the immobilizers of several models of Hyundai, Toyota, and Kia.
RFID device
According to the report, all a hacker has to do is to use a radio frequency identification (RFID) device within close range of a key-fob, which exploits the vulnerability in the immobilizer system and downloads its secret code to the hacker’s device. Using this information, the hackers can clone the target’s key-fob, use it to unlock the car and drive away without raising any alarm whatsoever. The only challenge that remains after hacking the key-fob is to override the ignition, but car thieves had surpassed that hurdle way back when they invented hot-wiring.
The car models named in the research report include Auris, Camry, Corolla, FJ Cruiser, Fortuner, Hiace, Highlander, Hilux, Land Cruiser, RAV4, Urban Cruiser and Yaris by Toyota, and I-10, I-20, Veloster, IX20 and I-40 by Hyundai.
The report describes how the research team obtained a large number of electronic control units used in immobilizers of several cars and reverse-engineered their firmware — the permanent software programmed in devices — which enabled them to spot the vulnerabilities.
DoS attack
Apart from car thefts, the other possibility pointed out in the report is that of a denial of service (DoS) attack, where hackers can take over a large number of key-fobs and simply not let users unlock their vehicles. On a large enough scale, such an attack could be chaotic.
The report states, “Performing this type of DoS attack can be automated by building a device that repeatedly broadcasts the required commands. While there might be little incentive for someone to do this type of attack, it could lead to bad publicity for the affected car manufacturers and increased revenue for local garage owners.”
“Such hacks prove that cybersecurity is a separate discipline, which is difficult for the IT infrastructure provider to fathom,” Special Inspector General of Police Brijesh Singh said.
Tags:
Hacking