U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Rent a luxury car and crack its transponder to steal it later

Researchers Roel Verdult and Baris Ege, revealed that popular cars, including Ferrari and Porsche,which use Megamos Crypto transponders can be easily stolen. The level of interest on Car hacking is maximum following the recent hack of the Fiat Chrysler Jeep, news of the day is that a team or experts since 2012 is aware of the presence of security flaws […]

Rent a luxury car and crack its transponder to steal it later

Researchers Roel Verdult and Baris Ege, revealed that popular cars, including Ferrari and Porsche,which use Megamos Crypto transponders can be easily stolen.

The level of interest on Car hacking is maximum following the recent hack of the Fiat Chrysler Jeep, news of the day is that a team or experts since 2012 is aware of the presence of security flaws in the Megamos Crypto transponder used in more than 100 cars manufactured by principal automakers.

Audi, Ferrari, Fiat, Cadillac, Volkswagen are just a few names automakers include in a list or  two dozen companies that adopt the flawed components. Hackers can exploit the vulnerabilities to start the cars without needing to use the key, a great news for car thieves.

The researchers tried to present their study at the 22nd USENIX Security Symposium in 2013, but they were prevented from doing so by Volkswagen, who won an injunction by the UK High Court of Justice prohibiting them from publishing key findings of their discovery.

The team of European experts made a reverse-engineer of the software running on the transponder focusing their analysis on the proprietary security mechanisms implemented by the manufactures. The researchers have found three ways to run an attack against the transponder and bypass the authentication mechanism by recovering the 96-bit transponder secret key.

“Our first attack consists of a cryptanalysis of the cipher and the authentication protocol. Our second and third attack not only look at the cipher but also at the way in which it is implemented and poorly configured by the automotive industry.” reads the paper.

“Our second attack exploits a weakness in the key-update mechanism of the transponder. This attack recovers the secret key after 3 × 216 authentication attempts with the transponder and negligible computational complexity. We have executed this attack in practice on several vehicles. We were able to recover the key and start the engine with a transponder emulating device. Executing this attack from beginning to end takes only 30 minutes.

Our third attack exploits the fact that some car manufacturers set weak cryptographic keys in their vehicles. We propose a time-memory trade-off which recovers such a weak key after a few minutes of computation on a standard laptop.””

The researchers explained that their first attack, which works with all vehicles using Megamos Crypto, exploits the following weaknesses:

  • The transponder lacks a pseudo-random number generator, which makes the authentication protocol vulnerable to replay attacks.
  • The internal state of the cipher consists of only 56 bits, which is much smaller than the 96-bit secret key.
  • The cipher state successor function can be inverted, given an internal state and the corresponding bit of cipher-text it is possible to compute the predecessor state.
  • The last steps of the authentication protocol provides and adversary with 15-bits of known plaintext.

The researchers explained that in one attack scenario, they were able to recover the key in just 30 minutes and start the engine with a transponder emulating device.

Another attack requests the attacker has access to both the car and the transponder for a period of time, a circumstance that can occur when the attacker takes a car for rent or the victims parks the vehicle.

“It is also possible to foresee a setup with two perpetrators, one interacting with the car and one wirelessly pickpocketing the car key from the victims pocket,” explained the researcher. “Our attacks require close range wireless communication with both the immobilizer unit and the transponder.”

automakers car hacking

This year the experts had the opportunity to present their findings at the 24th USENIX Security Symposium.

“Although two years have passed, this work remains important and relevant to our community,” Sam King, USENIX Security ’13 Program Chair, and Casey Henderson, USENIX Executive Director, noted in the foreword added to the research paper.

The experts highlighted once again the risks related the Internet of things devices that lack security by design. Researchers like this one must encourage the automotive industry to seriously consider the security as a mandatory requirement for the safety of car owners.

Let me suggest to carefully read the report, despite 3 years have been passed since the first discovery of the flaw, the security issued are still very common in a number of components present in modern connected cars.

(Security Affairs –  car hacking, car safety)