車車通訊實在是愈來愈不安全 - 汽車討論

Hedwig avatar
By Hedwig
at 2015-08-15T13:13

Table of Contents

Olivia Solon
August 14, 2015 - 6:49 am ET
LONDON (Bloomberg) -- Thousands of cars from a host of manufacturers have spent years at risk of electronic car-hacking, according to expert research that Volkswagen has spent two years trying to suppress in the courts.

“Keyless” car theft, which sees hackers target vulnerabilities in electronic locks and immobilizers, now accounts for 42 percent of stolen vehicles in London. BMWs and Range Rovers are particularly at-risk, police say, and can be in the hands of a technically minded criminal within 60 seconds.

Security researchers have now discovered a similar vulnerability in keyless vehicles made by several carmakers. The weakness -- which affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers -- was discovered in 2012, but carmakers sued the researchers to prevent them from publishing their findings.

This week the paper, by Roel Verdult and Baris Ege from Radboud University in the Netherlands and Flavio Garcia from the University of Birmingham, U.K., is being presented at the USENIX security conference in Washington, D.C. The authors detail how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by malicious hackers looking to steal luxury vehicles.

The Megamos is one of the most common immobilizer transponders, used in Volkswagen-owned luxury brands including Audi, Porsche, Bentley and Lamborghini, as well as Fiats, Hondas, Volvos and some Maserati models.

'Serious flaw'

"This is a serious flaw and it's not very easy to quickly correct," explained Tim Watson, Director of Cyber Security at the University of Warwick. "It isn't a theoretical weakness, it's an actual one and it doesn't cost theoretical dollars to fix, it costs actual dollars."

Immobilizers are electronic security devices that stop a car's engine from running unless the correct key fob (containing the RFID chip) is in close proximity to the car. They are supposed to prevent traditional theft techniques like hot-wiring, but can be bypassed, for example by amplifying the signal.

In this case, however, researchers broke the transponder's 96-bit cryptographic system, by listening in twice to the radio communication between the key and the transponder. This reduced the pool of potential secret key matches, and opened up the "brute force" option: running through 196,607 options of secret keys until they found the one that could start the car. It took less than half an hour.

"The attack is quite advanced, but VW produces a lot of very high-end vehicles that get stolen to order. The criminals involved are more sophisticated than the sorts who just steal your keys and drive off with your car," said security researcher Andrew Tierney.

There's no quick fix for the problem -- the RFID chips in the keys and transponders inside the cars must be replaced, incurring significant labor costs.

One sentence removed

The research team first took its findings to the manufacturer of the affected chip in February 2012 and then to Volkswagen in May 2013. The car-maker filed a lawsuit to block the publication of the paper, arguing that it would put the security of winning an injunction in the U.K.'s High Court. Now, after lengthy negotiations, the paper is finally in the public domain -- with just one sentence redacted.

"This single sentence contains an explicit description of a component of the calculations on the chip," Verdult said, adding that by removing the sentence it was much more difficult to recreate the attack.

While challenging, determined "organized gangs" may persevere, said Watson.

"If you're a maker of high-end cars I would suggest that the onus is on you to look after your customers' purchases after they've bought them to make sure your systems are resistant to attack," he added.

A VW spokesman responded: "Volkswagen maintains its electronic as well as mechanical security measures technologically up-to-date and also offers innovative technologies in this sector."

Anti-theft protection is generally still ensured, he added, even for older models, because criminals need access to the key signal to hack the immobilizer. "Current models, including the current Passat and Golf, don't allow this type of attack at all," he said.

The Megamos Crypto is not the only immobilizer to have been targeted in this way – other popular products including the DST transponder and KeeLoq have both been reverse-engineered and attacked by security researchers.

Contact Automotive News


All Comments

Mason avatar
By Mason
at 2015-08-20T10:14
Car Communications. Let closer to human communication.

GT-R將出四門版 目標瞄準M Power

Skylar DavisLinda avatar
By Skylar DavisLinda
at 2015-08-14T23:27
日本平面媒體ベストカー在近日以大篇幅報導,下一代Nissan GT-R將會推出四門版, 以擴張市占率。 日本ベストカー提出了四門GT-R的說法,並已經描繪出了預覽圖,立刻引發討論。 而澳洲媒體Motoring也緊接著掀開內幕指出,未來的GT-R確實已經在企劃當中,除了必有 的雙門Coupe之外,並將會使 ...

BMW的SUV始祖?

Agatha avatar
By Agatha
at 2015-08-14T20:57
今天看新聞看到中古車商佔據停車場 其中畫面有閃過一輛老BMW 是休旅車款式,而且年份看起來十分久遠 頭燈看起來至少是E34時期 X5記錄是從1999才開始的 小弟孤陋寡聞, 想不到更早之前的休旅是哪一台 請問這台型號是什麼呢? 抱歉線索有限 也沒拍到圖 感謝 - ...

雲林地區BMW維修

Damian avatar
By Damian
at 2015-08-13T22:46
想請問一下,雲林地區有推薦的BMW維修行嗎 有問到的大部分都跑嘉義總代理,可是到嘉義也是一段距離 想問問有沒有比較近的,可以就近服務 目前是固定在斗六上捷,但是車多常要把車子留在那邊 還有一間是斗南SBBA維修場裡面有在修理 感謝大家.. - ...

地表最強SUV近期登場

Kelly avatar
By Kelly
at 2015-08-13T22:20
Bentayga定裝確定?Bentayga官方「模型照」意外流出,地表最強SUV近期登場 地表最強SUV,Bentely的Bentayga的實車外型終於確定!這次不是間諜照,也不是官方的 預告片,而是Bentayga的實車模型!Bentley預計於9月的法蘭克福車展上發表Bentayga, 為此Bentl ...

Audi與Porsche正在計畫開發新的V6及V8引擎?

Lucy avatar
By Lucy
at 2015-08-12T22:13
外國媒體報導,Audi與Porsche正在開發全新的渦輪增壓V6、V8引擎,預期加入渦輪增壓 引擎陣容之中,目前尚未確定排氣量的定位以及是否採用電子渦輪。 根據媒體Autocar的報導,這具引擎代號為KoVoMo、將會使用一個氣體驅動的渦輪增壓, 但最終仍有可能搭載該公司旗下最具競爭力的新科技”電子渦輪”。 ...