
Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys - elorant
https://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys/
======
unnouinceput
Quote: "By contrast, the cloning attack the Birmingham and KU Leuven
researchers developed requires that a thief scan a target key fob with an RFID
reader from just an inch or two away."

Story time: Back in 2005/2006 when I worked for Siemens Automotive on
Immobilizer feature (was involved in Mazda and Ford projects) I got my hands
on the highly secret crypto source...and much to my surprise I've seen they
implemented a Vigenere style of cipher. I was astounded by this. Having some
crypto background as pet projects on previous years I knew this class of
ciphers are at least 1.5 centuries obsolete and they are thought only from
historical perspective. Therefore I prepared and called a panel of higher-ups
(managers, group leaders and even including the hardware department chief)
showing to them that the source code implementation is very dangerous and that
for a criminal group to mass steal cars would be very easy. Including telling
them exactly what the article is talking about - put an RF recorder under the
handle door (how many car owners will check there?), record sessions of radio
communications between key fob and the car, analyze that, extract the crypto
key and steal the car with a duplicate no more then maximum a week after.
Their reply? : "standard in industry call that we also allow mechanical keys
to open doors/start the car, so a criminal group can do them as well much
easier", and that was the end of that meeting.

~~~
tialaramex
Are you sure you aren't misremembering?

DST40
[https://en.wikipedia.org/wiki/Digital_signature_transponder](https://en.wikipedia.org/wiki/Digital_signature_transponder)
used in Fords of that period is a Feistel cipher not a Vigenere cipher. Now, I
wouldn't choose a Feistel cipher for this problem today but it certainly is
not 1.5 centuries obsolete, this type of encryption wasn't even invented until
the mid 20th century and a very famous example would be DES.

~~~
unnouinceput
I am sure yes. Mind you, this was Immobilizer feature, sold by Siemens
Automotive to auto-makers. As to what in rest of their car Ford itself was
using I have no idea, since I was not working for them at the time.

Here is an analogy - Microsoft is Siemens and Ford is IBM. Microsoft sold DOS
to IBM to equip their PC's. As for what IBM implemented/used for BIOS, was not
Microsoft's job, get it?

~~~
o-__-o
An immobilizer simply keeps the ecu from running the fuel pump, thus
preventing the car from starting. The challenge-response from the key is used
to authenticate the ecu. It’s not so much that it’s bad encryption (it is)
it’s just that the access to override such encryption has physical controls
(e.g. if one breaks the glass then one typically has complete access to the
vehicle). Second the cpu of the time where maybe 4mhz in a good case so it
required a system that was fast. This is very similar to the encryption used
to immobilize Mercedes and BMW of early 90s.

Also I can tell you on all current and last gen Ford and Mazda’s, the inter-
car encryption and authentication has vastly improved.

~~~
unnouinceput
<An immobilizer simply keeps the ecu from running the fuel pump>.

Wrong! Immobilizer is just a tiny part of the BCM (Body Control Module), to
which the normal folks usually interact with and call it on-board computer.
The truth is that you have CAN (Controlled Area Network), used by BCM and ECU
to communicate through, at the very least. When you press the start button,
ECU asks BCM "hey dude, can I start the car?", and BCM responds with "yes" or
"no" based on various factors, one of them which is Immobilizer. Even with
correct key fob and authenticated, if your door is opened it will not let you
drive. Of course, all these varies from car maker to car maker. Some will let
you start it but you can't drive for more then 3 meters, others won't even let
you idle the engine. You have a crapload of sensors that are part of BCM
(tire-guard, wipers, door ajar, belt, etc etc) all of which are taken in
consideration to yield that "yes"/"no" response.

And that's just a small part of what BCM does. Also poor ECU, an entire
computer on its own right, reducing him to running the fuel pump is like
saying a house is to shelter you from bad weather.

Saying immobilizer simply keeps the ECU from running the fuel pump is like
saying that all you need to create Witcher 3 game is Visual Studio.

<Also I can tell you on all current and last gen Ford and Mazda’s, the inter-
car encryption and authentication has vastly improved. >

As per article, you can see for yourself this is not really true. My code that
I've worked in those years (2005/2006) were to be deployed in 2007 Mazda RX-2
and 2008 Ford, so in regards to last gen (cca. 2010) I bet you're simply wrong
again. I do hope latest gen has better encryption but I doubt, wanna know why?
Because economics. Lemme tell you first hand experience. Managers care about
economics and that means cheaper parts. Cheaper parts means less memory, less
speed. The goal was always to have the BCM's CPU load between 70% and 90%. Did
a smart code and you reduced the load bellow 70%? The higher-ups were jumping
happily in the air because it meant a big fat bonus for them due to allowing
them to stick a crappier chip on that PCB. That's what they care about, not
strong encryption and elimination of theft. Also read about Ford/GM practices
in 60's when they preferred to allocate about 200 millions USD/year for paying
victims of accidents than have belts. Until they got regulated by law, they
could not care less about lives.

~~~
o-__-o
The BCM is an ECU.

The encryption has been broken already but it’s basically trailing bmw and
Mercedes etc by about 13 years, so definitely money related but likely they
don’t want to or are unable to negotiate patent rights in their technology

~~~
unnouinceput
BCM is Body Control Module. ECU is Engine Control Unit. 2 different parts
(logically). Both are physically PCB's (Printed Circuit Board) that physically
can sit either side by side or in very different sides of the car - that's car
maker decision. I can't explain it simpler than this.

~~~
balp
ECU is usually an Electronic Control Unit. Some OME's name one of there ECU's,
Engine Control Unit to make stuff more complex. Not app manufacturers have
Engine Control Unit or a Body Control Module. The electronic architecture of a
Volkwagen, GM, Volvo or Tesla is very different. Hardly any of the ECU's have
the same name.

It looks like Wikipedia agrees with me and in addition, the Engine Control
Unit article state that they are usually called the Engine Control Module
(ECM) to lower confusion.
[https://en.wikipedia.org/wiki/Electronic_control_unit](https://en.wikipedia.org/wiki/Electronic_control_unit)
[https://en.wikipedia.org/wiki/Engine_control_unit](https://en.wikipedia.org/wiki/Engine_control_unit)

Different OEMs vary in architecture and naming. Making it a bit of a hassle
working in a teir-1 with multiple customers.

~~~
o-__-o
Or PCM (powertrain control module, since the transmission and engine typically
work as one unit) which has been used by Ford (and Mazda) since ODB-2 was
standardized in the 90s.

------
PopeDotNinja
The LockPickingLawyer has done a few recent videos on RFID locks and how one
can bypass them. They were pretty interesting to me:

"[1052] Defeating a RFID System With The ESPKey" =>
[https://youtu.be/0SEHUqkbIjU](https://youtu.be/0SEHUqkbIjU)

"[1056] This Black Box Reads RFID Cards in Your Pocket" =>
[https://youtu.be/dTObKtHzroM](https://youtu.be/dTObKtHzroM)

~~~
tialaramex
[ Edited to insert: 1056 sort-of covers this, that's what I get for not having
seen his latest video ]

The lesson in 1052 sort of misses the point. LPL (his videos are a lot of fun
by the way and I recommend them to anyone who is curious about lock picking)
says:

> So, if you are installing an access control system like this it is really
> important to use one that only transmits encrypted data

This would defeat the ESPKey demonstrated, but of course that product exists
precisely because it's all you need for common systems today. If "encrypted
data" was common the ESPKey's successor would probably be a product that sits
next to the reader and gets its own copy of the raw RFID signal. Not as
convenient, and less fun for doing cool demos, but still plenty effective
enough for crooks.

What you actually need to do to defeat this is a bit more expensive. You need
the token (keyfob, card, etcetera) to be smart enough to use the tiny surge of
power to do local computation, and then produce one-time-only access codes.
That would actually fix the problem, because to get the current code a bad guy
needs to steal the token and that's an ordinary physical security
consideration that humans are used to dealing with. This way an ESPKey gets
the one-time code you just used, but neither replaying it nor copying it to a
card to try later will do anything useful.

Unfortunately this smarter token would be significantly more expensive. We saw
with EMV cards (payment cards) that the smart and secure option (DDA with
changing cryptograms) is expensive enough that providers would often rather
take a risk and give you an insecure cheaper alternative which looks
identical, especially if they believe regulators, courts etc. won't realise
they took the cheap option and so the risk actually lands on their customers
not on them.

~~~
fyfy18
What you are describing is basically MIFARE, which is commonly used by
transport cards. Rather than just being an ID, the card is responsible for
storing and deducting the balance, and often stores other things like trip
history. The allows them to be used without a internet connection on the
ticketing machine (e.g. on a bus).

There have been vulnerabilities found in older versions, but as far as I know,
later versions are still considered secure.

[https://en.m.wikipedia.org/wiki/MIFARE](https://en.m.wikipedia.org/wiki/MIFARE)

~~~
kweks
Apologies if this reply seems a little pedantic; your reply is mostly correct,
but there are some large shortcuts.

MIFARE is not a card type, it's more a family of cards in the 13.56MHz space,
produced by NXP.

There are multiple cards under the banner of Mifare, including:

\- Mifare Classic 1/4k - UID + Storage space, with individual keys and crypto.
Suffers/ed from multiple vulnerabilities. Used mainly in cheaper hotel access
systems, gym cards, etc etc. Can be secure, if your security layer relies on
strong crypto on card contents, as opposed to the crypto of the card itself.
There are no counters in Mifare Classic.

\- Ultralight / Ultralight-C / Ultralight EV1 These cards are low cost,
reduced storage space, and are / were conceived specifically for the transport
industry. They have 'one way' counters that can be used to deduct 'credits' \-
but these can't be re-written - so they fulfill the task of discardable
tickets.

\- Mifare DESFire 3DES / EV1 / EV2 The EV2 is the latest generation - ID +
Storage + "Applications", with AES encryption. The 3DES was cracked with side-
channel power analysis (like the items in this article) - but the EV2 has no
practical attacks to this day.

Information aside, most transport systems do _not_ store value on the cards,
but allow for offline use by forcing sync the next time the card passes by an
online system - IE, limited trust.

~~~
ProZsolt
Do you have any resources on how to secure Mifare Classic against cloning? I
thought it's inherently insecure.

~~~
kweks
You can't secure Mifare Classic directly, it's totally broken.

The best solution is to assume that a card's encryption is or will be broken,
and build a system around it.

That is to say, store encrypted or signed data on the MIFARE card.

VIGIK is a French system that uses RSA signed data in MIFARE cards which has
not been cracked to date.

------
aluminussoma
My reaction: Great! Reproducing these keys costs hundreds of dollars and a
trip to the dealer. Maybe it can finally be affordable again.

I'm less concerned about someone stealing my car. The local police department
takes it seriously, no less because stolen cars are used to commit other
crimes.

~~~
gambiting
Wait, what are you advocating? Return to keys without an immobiliser??? You do
realise that that's the feature that has single-handedly destroyed car theft
that was so rampant by the 90s? That is what made cars so difficult to steal,
but also what makes keys cost what they do and require an approved dealer to
code the keys. Return to the old keys where you only had the key and nothing
else would be......crazy, really.

~~~
Dylan16807
Yeah, if they're overcharging then it would probably be better to go after
that directly. It doesn't need to cost more than $20.

------
jaclaz
Garcia is a professor at the UNI of Birmingham, he already made a paper on
similar topic that in 2012 was blocked by a Court:

[https://www.theguardian.com/technology/2013/jul/26/scientist...](https://www.theguardian.com/technology/2013/jul/26/scientist-
banned-revealing-codes-cars)

------
kweks
For the curious or eagle-eyed, David Oswald, one of the co-authors of this
paper is also one of the co-creators of the ChameleonMini [1], an open source
RFID emulation device which has become the defacto tool for emulation in the
penetrating community.

Well done David, and thank you :)

[1]
[https://github.com/emsec/ChameleonMini/wiki](https://github.com/emsec/ChameleonMini/wiki)

------
sowbug
dang, can we get a ruling? These headlines might not violate the letter of the
"If the title begins with a number or number + gratuitous adjective"
guideline, but they do violate the spirit.

"Hackers Can Clone Toyota, Hyundai, and Kia Keys" gets the same point across
without the sensationalism.

I'm bringing it up because I've seen many of these "millions of [thing that
exists in the millions]" headlines recently, and I think it's more than just
Baader-Meinhoff at work.

~~~
wpietri
I'm not seeing the problem. Your suggested title makes it sound like they
could clone all the keys from those manufacturers which isn't true. And if you
inserted a word like "some", my first question would be, "Well, how many?" To
me "millions" is useful in conveying it isn't just a niche issue, but it isn't
everything, either.

~~~
beatgammit
Why not include a percent? Are we talking about 10% of cars, or more like 80%?
Is it mostly recent cars, or are cars from several years ago also affected?

It's not a terrible headline, but it could also be improved.

~~~
sverhagen
Does it matter at all that this is the original title of the article? How
about quoting it if we don't like it?

------
brownbat
Does Schuyler Towne read hacker news?

He made the point in one amazing talk (that included references to centaurs
and American exceptionalism and possibly ancient sumerian) that we've long
used locks not for security, but as a social symbol of security.

Anyone can just put a cinder block through your window and steal your car. The
barrier isn't technological, it's social. Locks are a great defense against
the kid or confused person who is wandering around and forgets that we have
social mores against making off with thousands of dollars of other people's
property on a whim. They are not designed to defend against dedicated thieves.

We defend against dedicated theives by hiring detectives and prosecutors and
making it in general more hazardous as a profession than other professions
that one might take up. We defend against theft by just generally making it
more lucrative to apply the same amount of ingenuity and dedication to other
endeavors, like giving amazing talks about perfect security and American
centaurs.

I'm probably butchering or overextending his point though, would love for the
man himself to weigh in.

~~~
ianai
Indeed, most locks are societal items instead of actually being difficult to
defeat. It doesn’t make a lot of sense to over engineer one part of a system
that an OoB attack can easily defeat unless that other attack vector is much
more often attacked. I doubt that’s the case here. People should avoid
locations where their cars are likely targets.

------
notlukesky
The essential problem is that static credentials are transmitted and can be
copied. If they used a randomly generated code to unlock the cars (needs to be
generated offline) then that would solve this issue.

There are plenty of offline hardware based solutions already on the market
especially for unlocking computers with MFA. It needs to be offline generation
for computers for NIST DFARS 800-171 compliance.

~~~
_iyig
>The essential problem is that static credentials are transmitted and can be
copied. If they used a randomly generated code to unlock the cars (needs to be
generated offline) then that would solve this issue.

Not necessarily. Relay attacks are very hard to defeat, regardless of your
crypto scheme:

[https://www.wired.com/2017/04/just-pair-11-radio-gadgets-
can...](https://www.wired.com/2017/04/just-pair-11-radio-gadgets-can-steal-
car/)

~~~
jeroenhd
Shouldn't relay attacks be preventable by having the car inspect the timing of
the response? A signal that needs to be received, reprocessed, transmitted,
reprocessed again and then retransmitted should have a noticeable difference
in timing, shouldn't it?

Is there any reason a challenge/response protocol with proper timing filtering
isn't safe against relay attacks?

~~~
yc-kraln
Currently working in the Car industry, previously in the access control
industry (and have developed active RFID systems which include timing
information to prevent relay attacks)

Yes, you can do this. I have done this (restricted the negotiation to about 12
meters)--you're essentially racing the speed of light, see DE102012104955A1.
Most of the reasonable approaches are patented by NXP.

~~~
jeroenhd
I see, very interesting! I could've figured someone would patent something
like this. Thank you for explaining.

------
blankobj
I live in the city and it's extremely common for cars to be broken into and/or
stolen because of key fobs. It's a common topic on our FB neighborhood group.
We store our keys in a Faraday box by the front door now, instead of leaving
them out. Not surprised the attack vectors keep growing here.

------
cosmodisk
Ceo's BMW X5 was stolen last year.He watched the CCTV later on.The guy came to
the car with a laptop and drove away after a minute or so. Police found the
car dumped somewhere on a road,as the car ran out of fuel and apparently it
had some security feature that prevented the thieves from refiling it.

~~~
ryanlol
Sounds like you’re describing a range extender attack on the keyless start.
Almost(I don’t know any that aren’t) all cars with the feature are vulnerable
to this.

~~~
ohmaigad
Latest BMW, Audi, VW and Ford (or at least some models from these
manufacturers) key fobs stop transmitting after X amount of time (based on
motion).

~~~
VectorLock
Interesting. So do you have to put your fob in a bowl so it won't be moving to
prevent it from being relay attacked, or some such?

~~~
ohmaigad
Yes but I would assume that coming home and putting all your keys somewhere to
lay down is a routine for most people.

~~~
VectorLock
Lots of people sure. Mine stay on me til I go to sleep typically.

~~~
daveFNbuck
This feature can still protect you if it works for enough people that it's no
longer worthwhile to attempt to unlock a car this way.

------
muzika
“Though the list also includes the Tesla S, the researchers reported the DST80
vulnerability to Tesla last year, and the company pushed out a firmware update
that blocked the attack.”

------
robomartin
One related and another unrelated though...

First: Auto manufacturers ought to get together and agree on one common key +
entry system standard. It can be a combination of physical key and remote key
if necessary.

The problem: If you have multiple vehicles (and many families do) you end-up
with a keychain full of horrendously large and unnecessarily inconvenient
keys, key-fobs, whatever. Some manufacturers seem intent on making the larges
and most inconvenient boxes they can possibly imagine. This is entirely
unnecessary. In this day and age one ought to be able to have a universal
programmable entry system that gets programmed for your vehicles and that's
that. One device to rule them all.

Second: Auto manufacturers ought to get together and agree on placing the fuel
tank port on the same side.

The problem: Today you have cars and trucks with fuel tank refill ports on the
left and the right. It can be an absolute nightmare to go to a gas station
where most of the cars have ports on the left and you show-up with one on the
right. This is one of the reasons for which I hated driving our BMW. Going to
the gas station was always a game of chicken with cars entering in the other
direction.

~~~
garaetjjte
>was always a game of chicken with cars entering in the other direction

Uh, other direction? Almost always there are hoses from both side of pillar.
Is it some regional thing?

~~~
robomartin
As Dylan said, cars come in from any direction, which makes not having the
port on the same side in every vehicle a complete mess.

From my experience most vehicles have it on the left side, in the US that
would be the driver side.

If you show-up at a busy gas station with a BMW --which has the port on the
right-- well, good luck, it can get ugly. Rather than lining-up behind the car
currently fueling-up, you have to line-up in front of them. Which means that
someone entering the station with a left fuel vehicle often ends-up behind
them --even with you waiting patiently in front way before the third car
showed-up. That's where the problems begin. This has happened to me many
times.

Because the car that finished fueling drives forward to exit, the car behind
it has a natural advantage and the one in front a disadvantage (at the very
least you have to allow plenty of room for them to drive out). The car behind
them, if they want to deny your rightful turn, just crawls forward as the
first car exits. Before you can do anything at all they are in front of you,
took control of the pump and you have to choose between waiting, moving or
getting into an argument with someone you know isn't likely to be a nice
person.

If all fueling ports are on the same side there are no problems.

The alternative is to require that hoses be longer. The problem with this is
that it doesn't work at all for trucks.

~~~
jaclaz
>Second: Auto manufacturers ought to get together and agree on placing the
fuel tank port on the same side. The problem: Today you have cars and trucks
with fuel tank refill ports on the left and the right. It can be an absolute
nightmare to go to a gas station where most of the cars have ports on the left
and you show-up with one on the right. This is one of the reasons for which I
hated driving our BMW. Going to the gas station was always a game of chicken
with cars entering in the other direction.

I would say that in EU (German, French, Italian) cars have it on the right
(like the BMW), i.e. opposite the driver side, I have now an Opel and it is on
the right, and my my previous car was also on the right.

I believe it being on the right is a traditional safety provision, though they
are becoming very rare nowadays (and since several years) a number of fueling
stations (at least in the cities) were not, like it is common nowadays, in a
(large) court, the pumps were simply along the road, at the most in a 3-4
meters enlargement of the road itself.

So it made sense to have it on the right, the only moment where the driver is
exposed to the trafic is when he/she gets out of the car, during the refueling
he/she can stand on the right of the car, i.e. between the car and the
sidewalk (and the same applies to - as it was once most common - to the gas
station service personnel).

~~~
robomartin
That makes sense.

------
amluto
IMO this is what class action lawsuits are for.

------
neuralRiot
Call me old but what is so great about the smart key? Not having to pull it
out of your pocket? I know this is an old rant already but car have reached
the crappyfication curve, when something cannot improve its main purpose
anymore it starts adding unneeded features to be able to push a “new” product.

~~~
slovette
I disagree, when you’ve got 4 kids and both arms full of groceries, when the
doors open automatically or even unlock on their own it’s a godsend. I’d even
say it’s probably saved some lives as the kids race to get in and out of the
parking lot instead of waiting on me to shuffle around for the keys, dropping
bags in the process, and then chasing each other around in blind traffic.

~~~
Dylan16807
Isn't the solution to that situation a shopping cart?

~~~
dabeeeenster
you dont have children

~~~
Dylan16807
I'm not saying dealing with the kids is at all easy. But the kids are there
either way. So I think you have my argument exactly backwards. I'm not saying
something is easy. I think kids plus carried bags sounds _completely
overwhelming_. If you want to say I'm wrong, you're making the argument that
kids plus carried bags is _easier_ than I think. So please, elaborate on how
that's easier than a cart.

~~~
skrebbel
You're basically saying "I cannot, in any way, imagine a situation where the
parent's story is the sensible choice, and therefore I'm entitled to make a
pedantic comment about a situation I wasn't in". Instead, you should give them
the benefit of the doubt.

~~~
Dylan16807
I didn't say it was wrong. I said a cart should make it easier. I'm
legitimately confused by their partial explanation, not being pedantic. It's
fair to want clarification about why a cart doesn't solve this.

Maybe there are no carts at this store for some awful reason. Maybe the story
was so focused on how this type of key solved their problem that they didn't
give a fair shake to other possible solutions. More information is needed.

There are multiple ways I can/do give benefit of the doubt, but doing so
doesn't make the situation any clearer.

------
ck2
Some class-action lawyers will sue and make millions for themselves while
every car owner will get $1 for the unfixable problem.

If only this was deemed as a road safety problem forcing a recall.

Is it possible to remove the antenna or disable the radio receiver in the car
to force physical key use?

------
Russtopia
Great! The dealership charges inordinately for a new key so I would love to be
able to do it myself.

~~~
1123581321
I am married to someone who has lost her keys several times so far. Upgrading
from a car with a $50 fob to one with a $200 fob was not fun.

~~~
webninja
[https://www.thetileapp.com/en-
us/store/tiles/pro](https://www.thetileapp.com/en-us/store/tiles/pro)

If she loses her keys just once it pays for itself many times over.

~~~
code_duck
I assume this person must be losing their keys in public or somewhere unknown.
Otherwise their house must have quite the bonanza of keys waiting for them.

~~~
jjeaff
Those types of systems like tile work in public as well, they use a network of
other users that will inevitably walk by the lost item.

~~~
code_duck
I see, that's interesting and good to know. I thought it was something that
only worked in local range.

------
quantified
Information wants to be free. Including encryption keys.

------
sriram_malhar
Am I the only one still fuming about those two idiots who turned the engine
off on the highway, and the hazard lights as well, with no shoulder to pull
into? Then the idiots smugly claim they would never put anyone's life in
danger. The author also gives them a wide pass. Why? This is such
irresponsible behaviour. They couldn't demo it in some large unused lot?

------
DayDollar
Stolen cars are almost a sale. So good news. Supporting the industry by
lowriding security.

------
maxerickson
Can they do Honda, please?

------
zenlot
And those who steal cars can clone pretty much any car keys. No sensation
here.

~~~
Scoundreller
... except you don't need physical or visual access to clone an electronic
key, just proximity.

Which is straightforward when you want to steal a particular vehicle because
you know where it is and can easily follow its patterns.

~~~
zyztem
And folks with access to Mentor (Advanced Orion) likely can clone keys from
other side of the planet

