A team of researchers from the COSIC research group at KU Leuven and from the University of Birmingham has discovered that a wide range of car models produced by Toyota, Kia and Hyundai use weak cryptographic keys.

This makes it easy to clone the key fob transponder. It is likely that millions of cars are affected. Additionally, the research reveals how the second version of the Tesla Model S key fob could be easily cloned.

Movies often depict car theft using hot-wiring, where a few wires tucked away behind the dashboard are shorted together to start the vehicle. Modern cars implement an immobiliser to prevent unauthorised use of the car, which requires radio-frequency identification to be able to start the car. Since 1995, immobilisers are mandatory in all motorised vehicles sold in the European Union.

The new study demonstrates security issues in immobiliser systems based on the proprietary DST80 encryption algorithm used by Toyota, Kia, Hyundai, and Tesla. A non-exhaustive overview of the affected vehicles is listed below. Tesla has already fixed the issue affecting their key fob, using an over-the-air software update. This means that the update was applied to all the key fobs that were affected.

Brand	Period	Model
Toyota	2009-2013	Auris (2011)
	2010-2013	Camry
	2010-2014	Corolla
	2011-2016	FJ Cruiser
	2009-2015	Fortuner
	2010+	Hiace
	2008-2013	Highlancer
	2009-2015	Hilux (2014)
	2009-2015	Land Cruiser
	2011-2012	RAV4
	2010-2014	Urban Cruiser
Tesla	06/2018-07/2019	Model S (2018)
Kia	2012+	Ceed (2016)
	2014	Carens (2014)
	2011-2017	Rio
	2013+	Soul
	2013-2015	Optima
	2011+	Picanto
Hyundai	2008+	I10
	2009+	I20
	2010+	Veloster
	2013	I40 (2013)
	2016	IX20 (2016)

The researchers revealed that the cryptographic keys in these immobiliser systems are derived from secret constants and/or public information (such as the key fob serial number). As a result, anyone who can come briefly close to the key fob can easily recover the cryptographic key in a matter of seconds and bypass the immobiliser.

'The Tesla Model S key fob was vulnerable to a downgrade attack, which allowed us to force the key fob to use an older, insecure, and proprietary cipher using only half of the full cryptographic key,' said Professor Bart Preneel, from COSIC at KU Leuven. 'An attacker could thus force the key fob to use the insecure cipher and recover the full key in a few seconds.' The issue was discovered in an updated version of the Tesla Model S key fob released in response to earlier research from the team. The downgrade issue was fixed by Tesla in August 2019 using an over-the-air software update.

'We informed Toyota, Kia, Hyundai and Tesla of the identified issues and provided each with a tailored report,' says Lennert Wouters, first author of the study. 'All the involved manufacturers were responsive. Per request of the manufacturers, we redacted some secret constants used in the key derivation algorithms in our paper to prevent malicious use of our research. Additionally, we informed Texas Instruments about our intention of publishing the DST80 encryption algorithm and provided them with details on the downgrade and side-channel attacks.' Texas Instruments updated the description of their DST40 and DST80 products to point to their products using the internationally recognized Advanced Encryption Standard.

'Our research results in a better understanding of automotive security and hopefully will lead to improved security of future products,' Professor Preneel concludes.

More information

The study 'Dismantling DST80-based Immobiliser Systems' by Lennert Wouters, Jan Van den Herrewegen, Flavio D. Garcia, David Oswald, Benedikt Gierlichs, and Bart Preneel was published in IACR Transactions on Cryptographic Hardware and Embedded Systems and is available open access.

More information is available on the COSIC website.

(C) 2020 Electronic News Publishing, source ENP Newswire