Security alert: Millions of cars vulnerable to key cloning

Security alert: Millions of cars vulnerable to key cloning
© Welcomia | Dreamstime.com

Cars probably aren’t the first things you think of when you hear the words “vulnerable devices.” But despite how they look and run, many cars actually come with multiple digital components.

From car keys to engine sensors, there’s no shortage of computerized parts in your vehicle. And where there’s any kind of digital technology, there are hackers waiting to crack them wide open. Tap or click to see how hackers broke into a car’s security system.

As bad as a car hack may sound, they’re much less scary than a car key hack. If a digital key fob gets hacked or electronically duplicated, it means the cybercriminal who did it can steal your car! And now, researchers have discovered “key cloning” is not only possible, but it’s a serious threat.

Attack of the clones

According to new research from the University of Birmingham and KU Leuven in Belgium, millions of cars with radio-enabled key fobs were discovered to be at risk for unauthorized key cloning.

The results of the study revealed cars made by Toyota, Hyundai, Kia and Tesla have a significant encryption flaw hackers can exploit with a simple RFID transmitter. When configured properly, it can copy the signal produced by the key fobs, which hackers could then use to unlock a victim’s car.

The report’s complete list includes a range of model years from 2009 to 2017. The report emphasizes this list is not exhaustive, meaning there could be more cars with the issue that have not been detected.

Once inside, all that’s needed to steal the car are some classic carjacking techniques like hotwiring or the classic screwdriver method to start the ignition. This flaw is possible thanks to the key fobs broadcasting an encryption key based on a standard serial number — which is also broadcast when the fob is used to unlock a car.

Am I at risk of getting carjacked by hackers?

Thankfully, the risk of seeing this hack in the wild is quite low. To clone your key fob, the hacker would need to stand close enough to scan it with the RFID device. This means you don’t have to worry about your car getting stolen over the internet.

In addition, the flaw is mostly applicable to older Toyota, Hyundai and Kia models sold outside of the United States. If anything, this demonstration was a basic proof of concept. Tap or click here to see another proof of concept that uses ultrasound to unlock phones.

Researchers hope that bringing this flaw to light will help engineers develop stronger encryption and security features in the future. Even if the risk isn’t high now, that doesn’t mean it won’t be once hackers figure out new ways to break in.

White hat hackers, or hackers that use their powers for good, are an essential part of the cybersecurity ecosystem. Without their efforts, many of the worst bugs wouldn’t have been discovered. Tap or click here to find out more about white hat hackers.

We can only hope they continue to press manufacturers to step up their games; otherwise, we may end up losing more than just our cars in the future.

Tags: cars, cybersecurity, devices, encryption, hackers, internet, security