News

How to hack any Hyundai, Toyota or Kia cars to steal them

For a couple of years now, cybersecurity firms, manufacturers and mainly car owners with keyless opening and start system have reported multiple incidents of “relay attacks”, which consist of the use of wireless signal repeaters to be able to access a vehicle without the owner’s knowledge that they are being stolen.

As if this threat is not enough, the threat
appears to have widened for owners of chip keyed vehicles, as a recent report
has revealed that it is possible to abuse some cryptographic flaws to create
copies of these keys and access a vehicle without any difficulties.

A team of cybersecurity researchers revealed a report
detailing the finding of serious vulnerabilities in the encryption systems used
by immobilizers in some cars. These immobilizers are radio communication
devices implanted in cars to allow ignition according to the signal sent by the
car key. Some of the affected model manufacturers include Hyundai, Kia and
Toyota, which employ an encryption system known as DST80, from Texas
Instruments
.

The paper’s abstract, elaborated by researchers from University of Birmingham, UK, and Leuven-Heverlee, Belgium

If a hacker could swipe a Proxmark radiofrequency identification(RFID)
reader/transmitter device (within reach of almost any pocket) near the chip key
or DST80 car, they could get enough information about device encryption;
therefore, encryption would no longer be an obstacle between the hacker and the
car, allowing them to start the engine. Below is the list of cars vulnerable to
this attack*:

List of affected manufacturers and car models

*Tesla recently
announced that the vulnerability in the Model S will be fixed with a firmware
update.

While other cybersecurity specialists and even Toyota have recognized the existence of these vulnerabilities and the real possibility of an attack in real environments, it should be noted that exploiting this variant is much more complex than, for example, in a relay attack. In most cases, threat actors only require a couple of devices to replicate the signal transmitted by the smart keychain, plus this attack is stealthier and allows thieves to keep distance from the target.

Moreover, the key cloning attack described by
researchers requires threat actors to scan the target with RFID reader just
inches away. Finally, we must remember that this technique is focused on cars
with a key ignition mechanism, so a hacker who manages to access the vehicle
will still have to find a way to turn the ignition barrel without the car
key.   

While this limits the actions of threat actors,
cybersecurity researchers point out that in some cases it would be enough to
insert a screwdriver into the barrel to turn it over and start the car.
“Manufacturers did not implement the appropriate safety measures in the
mechanical aspects of the auto,” says one of the researchers. For
security, the published report does not have all the technical details to
replicate such an attack in a real-world environment. The different companies
have already been informed, although not all have responded to the finding.

According to the International Institute of Cyber
Security (IICS)
, a potential solution to this threat is the
reprogramming of immobilizers, although some manufacturers would have to
replace the keys with a chip to completely mitigate the risk. However, the
exact steps each company will take to address this problem are still unknown.

You Might Also Like