Security researchers have found a major vulnerability in the car remote key system, allowing a thief to unlock and steal almost any vehicle. Once the thieves get access to the secret radio signals your keyfob sends to the car, it is forever compromised.
Remote controls are incredibly convenient for locking and unlocking cars from a distance. Sometimes they can do more, but most of the time, they are just supposed to be a safe way of accessing your vehicle. This is not the case anymore, as more security vulnerabilities are discovered. This means thieves can enter and steal almost any car in a matter of seconds, exploiting the loopholes in the system.
Although car remotes have been with us for a long time, the system hasn’t evolved much. This has allowed the criminals to catch up with the security measures baked into the system, rendering any car prone to stealing. To protect the vehicles from thieves, the remote access system relies on so-called “rolling codes” that alter the signal every time a keyfob button is pressed. The critical take on this system is that the car knows what to expect with every new key press, however random it might seem.
Sometimes, the keyfob and the car get out of sync, most probably because of repeated key presses while away from the vehicle. In that case, the signal the keyfob sends to the car differs from the one expected. But that doesn’t mean the owner loses access to their vehicle. A clever resyncing sequence is used to make the car recognize when two consecutive key presses fall within a database of allowed signals. Then everything is good, and you can lock and unlock it at will.
Unfortunately, this is also the system’s biggest problem. It’s precisely this database that is exploited by thieves. One of the attack methods is called RollJam, which consists of jamming the radio transmission between the keyfob and the car, prompting the owner to press the key on their remote twice. This allows a thief to break into a vehicle using the second signal. Fortunately, the second signal is valid only until another key is pressed on the remote, after which it becomes useless.
Don’t pop that champagne yet, because the hackers have found a better way. Instead of keeping one of the codes, they keep both. Having that sequence of codes is enough to prompt a resync of the remote system database at any time. The more sophisticated attack is called RollBack because it can initiate a resync of the database to that sequence recorded in the past, and the car would obey.
The vulnerability was demonstrated during the Black Hat USA 2022 security event. The researchers pointed out that the vulnerability is nasty because having two series of the remote code compromises a vehicle forever. The owners don’t even know the codes have been recorded, and the thieves can come back anytime to steal their cars.
After his childhood dream of becoming a "tractor operator" didn't pan out, Cristian turned to journalism, first in print and later moving to online media. His top interests are electric vehicles and new energy solutions. Full profile
Would you like AUTOEVOLUTION to send you notifications?
Google News