Photo: Samy Kamkar
The saga of hackable cars just doesn’t seem to end. It all started with two security advisors who hacked a Jeep to prove a point a couple of weeks back and it seems like the saga will never end.
Tech Insider reports that a hacker managed to build a device that can unlock your car in a matter of seconds and it only costs around $30 to make.
Samy Kamkar is also the man that revealed another device that could breach GM cars wirelessly not too long ago and now he’s back. His latest invention exploits an overlooked flaw left untouched by car makers for a long period of time.
You see, when locking and unlocking a vehicle via a keyless entry fob, the fob sends a code to the car that is unique. This technique, called ‘rolling code’ has been used for decades and involves generating a new, unique code every time it is needed for the two parties to communicate.
The problem is, the codes never expire. They change every time but they never expire and that’s the vulnerability Samy used to build his device in the first place.
Therefore, when using it, his invention will jam the signal coming from the key fob and block the car from receiving it. Instead, it will memorize it. The second time the fob will attempt to communicate with the car, the code will go through, leaving the hacker with an extra code that could be used at any time as the car will recognize it and it won’t expire.
“This has been sort of a theoretical attack for many, many years. This is not by any means brand new or a big surprise. The problem is no one has really demonstrated it, which is funny because the solution to this problem has been known about for more than 20 years online and has been written about many times, but again no one has demonstrated it. So a lot of manufacturers haven’t cared to solve the problem because it didn’t seem like a big enough problem. Unfortunately, I think it is a big problem,” Kamkar said.
We agree with him, unfortunately, especially since it seems like this issue is rather easy to deal with, all the manufacturers have to do is use codes that eventually expire. Of course, that will only solve half the problem but it’s still a small step to making our cars even safer.
The biggest issue we have with the industry as a whole is that most of them use the same technology, as Kamkar said that a most of the cars fitted with this tech are vulnerable. He did perform his individual tests on a Lotus but that's only because that's the car he had access to. He sais that most cars are vulnerable and that should give us something to think about.
Samy Kamkar is also the man that revealed another device that could breach GM cars wirelessly not too long ago and now he’s back. His latest invention exploits an overlooked flaw left untouched by car makers for a long period of time.
You see, when locking and unlocking a vehicle via a keyless entry fob, the fob sends a code to the car that is unique. This technique, called ‘rolling code’ has been used for decades and involves generating a new, unique code every time it is needed for the two parties to communicate.
The problem is, the codes never expire. They change every time but they never expire and that’s the vulnerability Samy used to build his device in the first place.
Therefore, when using it, his invention will jam the signal coming from the key fob and block the car from receiving it. Instead, it will memorize it. The second time the fob will attempt to communicate with the car, the code will go through, leaving the hacker with an extra code that could be used at any time as the car will recognize it and it won’t expire.
“This has been sort of a theoretical attack for many, many years. This is not by any means brand new or a big surprise. The problem is no one has really demonstrated it, which is funny because the solution to this problem has been known about for more than 20 years online and has been written about many times, but again no one has demonstrated it. So a lot of manufacturers haven’t cared to solve the problem because it didn’t seem like a big enough problem. Unfortunately, I think it is a big problem,” Kamkar said.
We agree with him, unfortunately, especially since it seems like this issue is rather easy to deal with, all the manufacturers have to do is use codes that eventually expire. Of course, that will only solve half the problem but it’s still a small step to making our cars even safer.
The biggest issue we have with the industry as a whole is that most of them use the same technology, as Kamkar said that a most of the cars fitted with this tech are vulnerable. He did perform his individual tests on a Lotus but that's only because that's the car he had access to. He sais that most cars are vulnerable and that should give us something to think about.
Google News