A team of researchers from the COSIC research group at KU Leuven and from the
This makes it easy to clone the key fob transponder. It is likely that millions of cars are affected. Additionally, the research reveals how the second version of the Tesla Model S key fob could be easily cloned.
Movies often depict car theft using hot-wiring, where a few wires tucked away behind the dashboard are shorted together to start the vehicle. Modern cars implement an immobiliser to prevent unauthorised use of the car, which requires radio-frequency identification to be able to start the car. Since 1995, immobilisers are mandatory in all motorised vehicles sold in the
The new study demonstrates security issues in immobiliser systems based on the proprietary DST80 encryption algorithm used by
Brand Period Model
Toyota 2009-2013 Auris (2011)
2010-2013 Camry
2010-2014 Corolla
2011-2016 FJ Cruiser
2009-2015 Fortuner
2010+ Hiace
2008-2013 Highlancer
2009-2015 Hilux (2014)
2009-2015 Land Cruiser
2011-2012 RAV4
2010-2014 Urban Cruiser
Tesla 06/2018-07/2019 Model S (2018)
Kia 2012+ Ceed (2016)
2014 Carens (2014)
2011-2017 Rio
2013+ Soul
2013-2015 Optima
2011+ Picanto
Hyundai 2008+ I10
2009+ I20
2010+ Veloster
2013 I40 (2013)
2016 IX20 (2016)
The researchers revealed that the cryptographic keys in these immobiliser systems are derived from secret constants and/or public information (such as the key fob serial number). As a result, anyone who can come briefly close to the key fob can easily recover the cryptographic key in a matter of seconds and bypass the immobiliser.
'The Tesla Model S key fob was vulnerable to a downgrade attack, which allowed us to force the key fob to use an older, insecure, and proprietary cipher using only half of the full cryptographic key,' said Professor Bart Preneel, from COSIC at KU Leuven. 'An attacker could thus force the key fob to use the insecure cipher and recover the full key in a few seconds.' The issue was discovered in an updated version of the Tesla Model S key fob released in response to earlier research from the team. The downgrade issue was fixed by Tesla in
'We informed
'Our research results in a better understanding of automotive security and hopefully will lead to improved security of future products,' Professor Preneel concludes.
More information
The study 'Dismantling DST80-based Immobiliser Systems' by
More information is available on the COSIC website.
(C) 2020 Electronic News Publishing, source