Subscribe
Share
Share
Embed
As cars become smarter and more connected, the demand for top-tier automotive cyber security has never been higher. With expert insights from PlaxidityX, a leading automotive cyber security company, we’ll guide you through the challenges and solutions protecting millions of vehicles worldwide. Whether you’re an industry expert or just curious about how cars are secured in the digital age, this podcast comprehensively looks at how cyber defenses are developed, tested, and deployed.
We don’t just talk about the technology; we talk about what it means for you—the driver, the manufacturer, the tech enthusiast. We explore how automotive cyber security solutions are applied in real-world scenarios to safeguard everything from onboard infotainment systems to critical vehicle control units.
Tune in to gain a deeper understanding of how manufacturers are staying one step ahead of hackers and ensuring a more secure, connected world.
00:00:00:10 - 00:00:03:13
Welcome to cars, hackers and cybersecurity.
00:00:04:02 - 00:00:07:02
Here we break down the latest in automotive cybersecurity,
00:00:07:02 - 00:00:10:16
helping you stay ahead in building secure connected vehicles.
00:00:12:17 - 00:00:21:17
Hi. Today we'll unpack the evolving security challenges of keyless car entry systems and how they've become targets for sophisticated cyber attacks,
00:00:22:00 - 00:00:33:06
keyless entry and ignition systems began to appear in production in the late 1990s and early 2000, and were initially available only on luxury models and other high end vehicles.
00:00:33:06 - 00:00:39:18
Since then. Remote and passive keyless entry, also referred to as Aki and PKI.
00:00:39:18 - 00:00:48:04
features, have become increasingly common across the industry and are currently available as standard equipment on the vast majority of vehicles sold.
00:00:48:06 - 00:01:00:16
The popularity and convenience of keyless entry technology are indisputable. However, like many other technology driven advancements, Aki and PKI systems are susceptible to attacks from hackers
00:01:00:16 - 00:01:03:01
And in this case, car thieves.
00:01:03:01 - 00:01:14:02
In light of this potential cyber enabled auto theft, vehicle manufacturers, OEMs, and automotive cybersecurity experts are working to find ways to mitigate this threat.
00:01:14:02 - 00:01:18:16
We will examine the nature and evolution of Aki and PKI attacks.
00:01:18:16 - 00:01:29:02
why these technologies are potentially vulnerable to hackers, as well as the measures OEMs can take to mitigate RF attacks and strengthen the overall security of their vehicle fleets.
00:01:29:04 - 00:01:52:21
Remote keyless entry systems. Remote keyless entry refers to entering the car without using a physical key. For example, using a door keypad or from the first RKI key fob, used a coded pulse signal generator and a battery powered infrared radiation emitter. It was configured to transmit a specific signal, and the car was programed to respond to that signal.
00:01:52:21 - 00:01:54:07
The replay attack.
00:01:54:20 - 00:02:19:18
Taking advantage of this unprotected signal, hackers devised the classic replay attack, which uses a device to record and transmit at the same air frequency as the Keyfob. When the driver presses the unlock button, the attacker records the signal and can then replay it at a later time to unlock the doors. Note that this hack can only work if the key fob uses the same unlock signal each time the unlock button is pressed.
00:02:19:20 - 00:02:41:10
To prevent such an attack. A rolling code field was introduced into the message sent from the farm to the car, to make sure the unlock signal does not repeat the car in the key fobs shared two code sequences, one for unlock and one for lock. For example, x n would be the nth rolling code for unlock, while y n would be the nth rolling code for lock.
00:02:41:12 - 00:03:00:08
All sequences are defined using a cryptographically secure pseudo random number generator. When pressing the unlock button for the nth time, the key fob transmits code x n. The car then compares the received rolling code with the expected rolling code, unlocking or locking the car accordingly.
00:03:00:15 - 00:03:08:02
This security improvement triggered a new wave of roll jam attacks, which were designed to bypass these rolling codes.
00:03:08:04 - 00:03:35:01
Roll jam attacks record the rolling codes and jam the RF signal from the keyfob, preventing it from reaching the car. This attack scenario consists of the following steps one. The driver presses the unlock button transmitting x one, which is the first code to unlock the car. The attacker jams the signal and learns the value of x one. The car doesn't receive the signal due to the jamming and remains locked.
00:03:35:03 - 00:04:01:01
Two the driver presses the unlock button again, transmitting x two. The attacker jams the signal and learns the value of x two. Like step one, the car remains locked. Three the attacker transmits x one to unlock the car for the driver. Four after driving, the driver parks and locks the car by transmitting Y1, which is the expected rolling code for lock.
00:04:01:03 - 00:04:10:01
Five. Later that night, the attacker can then transmit code X2, which will unlock the car. From a security standpoint,
00:04:10:01 - 00:04:13:06
The main weakness in the implementation mentioned before.
00:04:13:06 - 00:04:35:15
is that the lock and unlock rolling codes are independent of each other. However, simply sharing the rolling code opens up new variations of the roll jam attack. The attacker can still jam consecutive messages, take the rolling code of an unlock command, and then construct a valid lock command or the reverse scenario, beginning with the jam lock command and constructing an unlock command.
00:04:35:17 - 00:04:53:04
Therefore, in addition to sharing the rolling code, it is important to sign or encrypt the messages to make sure the attacker can't construct messages based on the jammed rolling code. This can be done using a recognized and cryptographically secure message authentication code or Mac,
00:04:53:04 - 00:04:57:04
Such as AC Mac or H Mac with a long shared secret key.
00:04:57:23 - 00:05:25:06
Passive keyless entry systems. Passive keyless entry PKI for short took convenience to a higher level by allowing drivers to enter and start the car without having to take the form out of their pocket. Building on lessons learned from Aki, a basic PKI communication consists of a challenge transmitted by the car to verify the identity of the keyfob and a cryptographically calculated response transmitted by the Keyfob.
00:05:25:08 - 00:05:52:09
In most PKI implementations, the Keyfob and Car share a long random secret key used to generate and verify the response. The Keyfob executes a cryptographic function on the challenge, generating the response, which is subsequently verified by the car. The relay attack. Since PKI implementations are based on proximity of the farm, they have an inherent constraint related to the distance the transmitter can reach.
00:05:52:11 - 00:06:15:21
The infamous relay attack was devised to bypass this distance limitation. Consider a pair of attackers working together. One attacker is near the car and the other is in close proximity to the keyfob. Each attacker uses a transceiver that operates over long distances, for example via 4G or Wi-Fi, to forward the messages transmitted by the car and the farm,
00:06:16:14 - 00:06:31:07
Attacker A triggers the challenge and forwards it to attacker B, who then transmits it to the Keyfob. The Keyfob answers the challenge and attacker B forwards it to the attacker, who then retransmit it to the car.
00:06:32:01 - 00:06:35:02
Best practices for mitigating relay attacks.
00:06:35:20 - 00:06:45:06
Mitigation number one set upper bound on response time. One method for mitigating relay attacks is to set an upper bound on the response time.
00:06:45:08 - 00:07:19:14
Since waves are propagated at the speed of light, it's possible to estimate an upper bound of the distance by measuring round trip time from the car's challenge transmission until the response. Reception. Using technology. A highly accurate measurement can be achieved. Mitigation number two use Rssi to estimate keyfob location. Another mitigation method is to estimate the keyfob location using Rssi receive signal Strength indicator, which identifies the distance between fobs and Car by signal strength.
00:07:19:15 - 00:07:51:12
The car transmits the challenge from multiple antennas. The Keyfob then responds with the RSI values of each of the antennas, and the car will use those values to estimate the location. However, there are still ways for hackers to outsmart the location estimation algorithm. Since Rssi is measured on the keyfob side, a pair of attackers may try to transmit an amplified challenge signal near the Keyfob to enlarge the RSI values and trick the car into believing the keyfob is closer than it really is.
00:07:51:14 - 00:08:18:06
Another issue with this mitigation method is that its values are not signed or encrypted. That means a digital attacker could use a demodulator to extract the data transmitted, modify the RSI values, and then modulate the signal again. If you're using RSI for localization, it's recommended to sign or encrypt these values. Mitigation number three. Integrating motion sensor to try to prevent relay attacks.
00:08:18:06 - 00:08:48:13
Some key fobs integrate motion sensors to detect long idle periods. If after a couple of seconds or minutes no motion has been detected, the keyfob stops answering. Challenges. In other words, if your keyfob is on the kitchen table all night, an attacker can't perform a relay attack on your car. Known challenge relay attack. Another theoretical hacking scenario is a known challenge relay attack, which exploits implementations where the challenges are predictable.
00:08:48:15 - 00:08:55:07
For example, the next challenge is the previous challenge plus 10120
00:08:55:07 - 00:08:59:07
Oxford.
00:08:59:07 - 00:09:16:06
or challenges are generated using a random number generator function that is not cryptographically secured, such as LQG, LFS, SR, etc. in such a case, an attacker who knows the PRNG function or guessed it correctly could construct the full challenge sequence.
00:09:16:17 - 00:09:18:22
Like the classic relay attack.
00:09:18:22 - 00:09:26:04
In this scenario, the keyfob and the car are distant from one another, but this time there is only one attacker.
00:09:26:06 - 00:09:53:05
He triggers the challenge from the car and then tries to predict the next challenge the car will transmit. The attacker then moves close to the keyfob and transmits the predicted challenge. The Keyfob answers with a response. Then the attacker goes back to the car and triggers another challenge. If the triggered challenge is what the attacker predicted, the attacker can solve it by transmitting the response recorded from the keyfob to unlock and start the car.
00:09:53:07 - 00:10:18:08
One strategy to consider for preventing this scenario is to make sure the challenges are not predictable by using a recognized, cryptographically secure pseudo random number generator with high entropy seed. Another suggestion is to have the car sign all challenges in this way, even if the attacker is able to predict the challenge. He can't query the keyfob for the response.
00:10:18:12 - 00:10:24:19
Secure implementation is the name of the game. Vehicle theft has been a problem ever since cars were invented.
00:10:24:19 - 00:10:47:05
Today, the cat and mouse game between security professionals and thieves continues. The only difference being the sophistication of the tools being used. Archy and PKI create numerous security challenges for OEMs. We've seen that insecure archy implementations are exposed to different variations of replay and roll jam attacks, such as the recently discovered rollback attack.
00:10:47:07 - 00:11:16:05
Messages should be signed or encrypted to prevent an attacker from modifying messages recorded from the keyfob. With respect to PKI implementations, it's important to make sure challenges are not predictable by using a high entropy seed for randomization and applying cryptographically secure pseudo random number generator to generate encrypted challenges. If you're using Rssi to estimate location, these values should also be signed or encrypted to prevent tampering.
00:11:16:07 - 00:11:50:17
Moreover, some faulty implementation signs are mitigated by upgraded security countermeasures. In many cases, a software update for either the BCM and or Keyfob may be enough to fix known vulnerabilities. For this reason, OEMs that offer an over-the-air update feature are best equipped to efficiently respond to the inevitable next attack. There is no silver bullet for preventing car theft, but proper implementation of the mitigation methods and practices described above would serve as a strong baseline for avoiding the vast majority of keyless entry hacking attempts.
00:11:53:09 - 00:11:59:07
That's all for today's episode. Keep your engines running smooth and your cyber defense is sharp.
00:11:59:07 - 00:12:03:19
Stay connected by subscribing and visiting placidity. X-Com.
00:12:03:20 - 00:12:07:20
Until next time, stay safe on the road and in the cloud.