
BMW, Audi and Toyota cars can be unlocked and started with hacked radios - bb101
http://www.telegraph.co.uk/technology/2016/03/23/hackers-can-unlock-and-start-dozens-of-high-end-cars-through-the/
======
fernly
This was covered in depth on the Security Now podcast in May 2015 (Transcript
[1]). The Passive Keyless Entry and Start PKES system relies on the assumption
that if the car can "hear" the key, the key is in close proximity. Normally
that's true but it is technically trivial to build a radio system that picks
up and amplifies the car's continuous "ping" transmissions. So the key, which
might be in your pocket in a restaurant, hears its car's ping, it responds,
and the bad guys pick that up and amplify it and the car says, ok, key is
here, open the door.

[1] [https://www.grc.com/sn/sn-508.htm](https://www.grc.com/sn/sn-508.htm)

~~~
kobayashi
I used to enjoy listening to Security Now! quite a bit, but then I began to
feel and read that Steve is not the security expert he claims to be. I'd like
to hear corroborating or opposing views from the HN community.

Side note: if you have a great infosec podcast to recommend, please share!

~~~
functionCall
[http://risky.biz/](http://risky.biz/) is a great security podcast.

For me the earlier stuff from SN was far better, but now it is mainly adverts
and talk about non security stuff.

~~~
Daneel_
A big +1 for risky business - I've been listening to Patrick's podcast for
well over five years and will happily advocate for the quality of the
coverage.

------
sebular
Not my BMW, it's 25 years old and the driver's side door doesn't unlock even
if you use a key :P

All jokes aside (although it's true about my car), it just seems like a
fundamental truth that digitally-secured systems always provide convenience at
the cost of, well, security.

~~~
rashkov
Cool. What's it like having a 25 year old car? Why'd you choose to stick with
it as opposed to getting something newer?

~~~
mappu
My car is about 20 years old. In my country it's far more normal to buy a
cheap car outright (say 2.5k USD) rather than get a lease or a loan for a new
car (say 25k USD).

There's nothing wrong with it, i'm not sure why i'd want a newer one.

~~~
TheSpiceIsLife
Hi from cross the Tasman! My daily driver is a 1988 Mazda 323 hatchback. It
cost me $900 and had just had the autotrans reconditioned and a new radiator
before I bought it. I recently put new front break pads in and will do the
rear breaks shortly.

For my own personal, and endless, amusement: I paid more for my phone than I
did my car.

------
pmille5
The auto manufacturers (and for that matter all the "IoT" creators) couldn't
give two shits about protecting consumers. Building security into this stuff
is trivial and a responsibility.

~~~
big_al337
How would you prevent this type of attack while retaining the keyless start
and entry feature? (just curious)

~~~
xenadu02
Lots of ways. The ECU only goes into pairing mode if it gets a valid
challenge-response from the manufacturer. If put into that mode, it provides a
nonce encrypted with its own pairing mode public key that only the
manufacturer knows (could even base-64 encode it and show it on screen to let
people do this over the phone). You could make it two-phase where it requires
the first response within 5 minutes of starting, then requires a second
response that must come one hour later (also with a 5-minute entry window).
This makes social engineering much more difficult and the delay makes it
impractical for most car thieves, but it won't impact dealers or legit owners
at all. If the registered owner provides a cell phone, the first attempt
should send a text message to let them know the ECU will enter pairing mode
and allow them to reply with "STOP" to cancel any further requests.

Once in pairing mode, the physical key and ECU use standard public-key crypto
(ala SSL) to setup a secure connection, then exchange keys.

In theory you could allow boot-strapping another key so long as an existing
paired key is present which would make the procedure above your failsafe for
when all keys are lost/destroyed. If you wanted to take things a step further
you could use a form of distributed Kerberos where the manufacturer sets up a
physical key with a ticket allowing access to one (or a set) of allowed cars
but that makes the manufacturer's systems a massive target for hacks/social
engineering which is a problem because thousands of dealer technicians need
access to those systems... that's the point of the delays and short acceptance
windows above. An evil tech or hacker can't pre-create a bunch of keys on the
sly.

To unlock or remote start, the key broadcasts a HELLO message, encrypted with
the ECU's public key. The ECU responds with an ACK+nonce encrypted with the
physical key's public key. The physical key decrypts it and replies with an
ACK+nonce encrypted with the ECU's public key. Congrats, you now have a
reasonably secure system that prevents replay attacks.

Ultimately it would require embedded software engineers and company management
who a) understood security and b) gave a shit. Both are in extremely short
supply.

~~~
mcpherrinm
That doesn't fix this exploit at all: This is merely an analog device
amplifying other radio waves.

The only way to secure against the described exploit is to measure round-trip-
time from the car -> key -> car and ensure it's under, say 5 light-meters: aka
16 nanoseconds, plus the carefully calibrated time it takes the key to compute
its response.

16 nanos is a very short amount of time, and it'll be tricky to measure that
reasonably accurately.

The real solution is to require the user to interact with the key in some way,
like pressing a button, or perhaps moving it around (as would happen as you
walked with it in your pocket).

~~~
pandaman
My car seems to be able to tell if the key is inside or outside pretty
accurately so I think it can already figure out the distance to the key
(though might be using something like RFID for that, which is not very
secure).

~~~
csours
The whole point is the the car is using signal strength as a proxy for
proximity, which is unreliable when you can use an transceiver and/or
amplifier to boost the signal strength from a remote key.

~~~
pandaman
Not sure if you've miss-replied, but in case you imply the key location works
on signal strength I doubt that very much.

~~~
csours
Do you have a source for your doubt? It would be more technically accurate to
say that the car is dependent on signal fall-off than signal strength, but
that seems to be a distinction without a difference to me.

>A PKES car key uses an LF RFID tag that provides short range communication
(within 1-2 m in active and a few centimeters in passive mode) and a fully-
fledged UHF transceiver for longer range communication (within 10 to 100 m).
The LF channel is used to detect if the key fob is within regions Inside and
Outside of the car. Figure 2(b) shows the areas in proximity of the car that
must be detected in order to allow a safe and convenient use of the PKES
system. The regions are as follows. [1]

1\. [http://www.syssec.ethz.ch/content/dam/ethz/special-
interest/...](http://www.syssec.ethz.ch/content/dam/ethz/special-
interest/infk/inst-infsec/system-security-group-dam/research/spot/332.pdf)

~~~
pandaman
As you can see on the picture yourself, the inside/outside zones are very
close to each other. Locating a key with such a precision based on the signal
strength alone does not seem possible for following reasons: the key's
transmitter is too small to provide stable signal level, the key is located in
very anisotropic environment, the car itself changes its shape and hence RF
loss from different directions.

~~~
csours
Let's assume that each of us knows what we are talking about.

Yes, the actual key itself is located by the car based on Low Frequency RFID.

The attack described is a relay attack, which means that the key can be
spoofed in real time by relaying short range radio transmissions to two
locations.

The mistaken assumption of the security system is that the short range
communication protocol used by the car and the key requires the key to be in
close proximity to the car.

Since the communication may be relayed, the range assumption is invalid. The
main suggestion is to use high precision timing to determine the range, as it
is very difficult to cheat on the speed of light.

I agree that "signal strength" is not the best way to phrase the above in a
technical discussion.

I have not seen any indication that triangulation or any other physical
location system is used in vehicle PKES.

------
thisrod
I've never used this type of key, and I don't known if I would have noticed
the flaw. But, um, _nineteen_ different manufacturers gave drivers devices
that try their best to unlock the car every minute of every day, and not one
engineer asked what could possibly go wrong?

~~~
csours
Multiple OEMs using systems from 4 or so suppliers[1]. If you carefully
examine the list of vehicles affected you will see at least a couple
duplicates: Toyota and Lexus, as well as Audi and Volkswagen.

This article isn't very good.

1\. [http://www.syssec.ethz.ch/content/dam/ethz/special-
interest/...](http://www.syssec.ethz.ch/content/dam/ethz/special-
interest/infk/inst-infsec/system-security-group-dam/research/spot/332.pdf) See
page 13: Part Providers

------
apawloski
Samy Kamkar had a great talk about radio attacks at DEF CON 23:
[https://www.youtube.com/watch?v=UNgvShN4USU](https://www.youtube.com/watch?v=UNgvShN4USU)

------
ratsbane
A lot of models were not mentioned in that list: Audi A8, any Mercedes, etc. I
wonder if they just weren't tested or if the hack doesn't work with them. (And
if that's the case, what is different about those models?)

~~~
TwoBit
almost certainly those models are affected too. The Audi A7 wasn't listed, but
it's 90% the same as the A6.

------
zurn
This seems the obvious threat model when thinking about a "no action requred"
wireless token, same thing as contactless payments and RFID passports etc.

To be secure against this type of attack, such a device has to be designed
assuming the adversary controls the nearby radio spectrum and can do relaying
and MITM.

To control for distance, a speed of light based latency limit might work,
though I don't know how cheaply it could be implemented. Laser based distance
meters are cheap now, and light travels just 30cm per 1 GHz clock cycle...

~~~
qrybam
You could stick your car keys in a Faraday cage of some sort when at home.

------
massemphasis
Umm... how old is this hack? Over a decade ago, one of my friends used to
drive a somewhat nice car that he modded and fixed up on his own. He always
threw his keys with the alarm dongle thing, etc... in the freezer and I never
asked why.

edit: Although his car was still eventually stolen when the thieves used some
kind of specialized tools to bend his car's hood. The tool allowed them to
bend the hood without triggering the alarm somehow and cut the power sources
to the alarms. Then they put it on a repo/tow truck and drove away. I guess he
showed his alarm to the wrong hot girl he would always bring around when we
all hanged out.

When the police found the car everything was gone except for the car's frame
and bent hood.

------
Qantourisc
"How can I protect my car?" Some keys have a "sleep" mode. For Toyota: hold
down the lock key, press the unlock key twice, the key should blink 2 times,
short pause, 2 times (total of 4 blinks).

~~~
andreamazz
This kinda defeats the convenience of this kind of key free systems though.

~~~
batiste
Actually it defeat both the convenience and the security, because people will
forget to switch it off. This is terrible.

------
post_break
Cars can be "hacked" now to simply program a new key with an ODBII "virtual
keyboard" which basically does all the work you normally do to program a new
key in under 60 seconds.

So here is what you do, amplify the key ping coming from the house, that gets
you into the car. Plug this black box into the ODBII and program a new key.
Now you've gone around the alarm, and the immobilizer. And the car is yours.

[https://www.youtube.com/watch?v=dvmSOEKfkug](https://www.youtube.com/watch?v=dvmSOEKfkug)

------
jakub_g
Pardon my ignorance: so how those key fobs work? They have no buttons and the
car is automatically opening/closing itself based just on the proximity? That
would mean I can not have my car closed when I am drinking beer in a garden
over the street, which would be totally nuts, so I guess it's not how they
work?

~~~
edelans
I guess they just inverted the concept of the remote control key.

Remote control key : you push a button on your key (the transmitter), it sends
a signal to a receiver in your car, your car authenticates the key (probably a
request/response challenge involving some crypto), and opens the door.

Now if you swap the transmitter and the receiver : you put the transmitter
button in your car door's handle, and you move the receiver to your key: you
have your magic key fob.

From what I understand, the security relies on the fact that the power of the
radio signals emitted by the transmitter and receiver are very low, so the
range of usage is limited to a few meters. The thiefs and researchers
exploited this by amplifing the radio signals of both communicating devices to
extend the range up to 90+ meters.

~~~
tremon
The GP's point still stands: if you are within transmitting range of your car,
anyone can push the button on the car door and open it. I doubt that the
transmitter verifies line of sight between it and the car.

~~~
gambiting
I have a car with that system and in my experience you need to be really close
to the car for the system to work. Stand further away than arms length from
the handle and the car won't open even if someone else tries to open it. Also
it looks like the car has independent antennas on each side - even if I stand
very close to the driver side, you can't open the car by pulling the handle on
the passenger's side.

~~~
tremon
Thanks for that. If it is even sensitive to which side of the car you're on,
that implies a really short-range sensor. The potential to use a signal
booster still remains, but at least there is no risk of inadvertently opening
your car just because you're on the other side of a wall.

I really wish car manufacturers would not rely on security through obscurity
for these systems though.

------
dang
Also
[https://news.ycombinator.com/item?id=11334241](https://news.ycombinator.com/item?id=11334241).

------
Cshelton
Car maker's take note: That list is now a list of cars I will not buy. Many
other consumers probably feel the same.

~~~
beeboop
Why is this a deal breaker for you, but windows aren't? Someone can break into
any car through a window using a rock.

~~~
baq
1) a broken window is easily noticeable and a giveaway that the car could be
stolen.

2) breaking a window creates noise, usually.

3) it still takes time to start the car after you break into it. not so when
you hack the radio.

all in all, this hack turns something that would take minutes into something
that takes a couple of seconds and leaves the vehicle intact, i.e. beyond
suspicion.

~~~
beeboop
People are going to be breaking into your car to steal stuff 99% of the time,
not trying to steal the car itself. They are often homeless, or have some sort
of chemical dependency, or are mentally ill. They are not going to have the
foresight, funds, or ingenuity to use some sort of electronic hacking device.
They are not going to make the effort to scout out people as they leave their
cars (of only certain makes and models) and play secret agent to use some sort
of device between the owner and the car. And they break windows in broad
daylight all the time - just smash, grab, and run. It's not like anyone is
going to try to tackle a meth head running away with some stranger's $90 GPS.

Even on the infinitesimal chance they steal the car itself, you have car
insurance. It doesn't really matter aside from the inconvenience, and the odds
are so low it seems like a silly thing to be an absolute deal breaker for
anyone.

~~~
baq
just for the record, i've got a radio key for my car, the convience factor is
much bigger than i anticipated :)

------
edent
Seems a bit weird. The i3 doesn't have an ignition - it is an electric car.

Even if they mean "switch on the electronics which control the motor" \- I
find that hard the believe. There's nothing on the key fob which can do that.

And, even if they did, the battery use of a parked car is negligible.

