Why don't car keys use algorithms like RFC 4226?



  • I've been reading a bit into car security and all of the ways cars can be stolen through various alterations of replay attacks. Upon researching whether any of the more modern cars are using anything more secure than "new code after usage", I haven't really found anything satisfying. Which makes me question, why don't car manufacturers just use something like RFC 4226 to secure the cars? It seems like an easy enough solution. Am I missing something here perhaps?



  • RFC 4226 (HOTP) would still be vulnerable to replay attacks in some situations. In the case of old fashioned key fobs, where you have to press a button to unlock the car, imagine someone who has brief access to the key fob while you are out of range of the car. The attacker can press the button once, record the code transmitted by the fob, and then hurry out to your car, replay the recorded code, and gain access to the vehicle.

    Another attack possible on this is the RollJam attack and requires only a $32 device. The device is hidden near the vehicle. When the owner comes by and unlocks the car, the signal sent by the fob is recorded by the device and jammed so the car does not unlock. The owner, naturally, tries again. The signal is recorded and jammed again, but the first signal is then replayed. The car receives the replayed signal and unlocks. Meanwhile, the second signal has still not been seen by the car so it can be used to unlock the car once the owner leaves.

    For more modern key fobs, it gets more complicated. These are designed to be passive so that you don't have to press any button for unlocking the car. As long as the fob is in your pocket, the car will unlock itself when you walk up to it and lock itself when you walk away, no interaction required. Nice, right? Turns out these are a handful to secure. Now if you use HOTP in this case, well then all the attacker has to do is pretend to be the car and request a code while you are out of the car's range. Then record the code, go back to the car, replay it and profit.

    And then there is a DOS vulnerability. Since an attacker can request as many HOTP codes as they want, they can make the internal HOTP counter of the fob drift so far away from the counter in the car, that the fob will no longer be able to authenticate. (Actually, this can be an issue with normal fobs too. What happens if your child starts playing with it and presses the unlock button hundreds of times?)

    In fact, it turns out, these modern keyless fobs take a lot of effort to secure. Early manufacturers decided to implement proprietary challenge-response mechanisms. A cryptographically secure challenge response system, what could go wrong? Well, guess what the car thieves did?

    They simply amplified the signals transmitted by the vehicle and the fob to make the challenge-response mechanism work over much larger distances than it was meant to. So your BMW is parked outside your house and you are snug in bed having a good night's sleep. Someone walks up to your window with a special device. The device relays an amplified challenge from your car to the key fob in your room. The fob thinks the car is nearby, so it computes the response and transmits it back. The device amplifies the response so it reaches the car, and BOOM, when you wake up in the morning, your shiny new BMW is gone.

    So then, the manufacturers had to apply further security measures, like measuring the time it took for the key fob to respond. If it took too long to receive the response, the car would conclude that the fob was out of range. But I guess the car manufacturers have learnt their lesson by now and have more robust security (or perhaps not).



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2