Steve Gibson revisites again (he did a couple of times during the last 15 years of the great technical internet/computer video podcast) the dilemma of automakers tying to catch up to the bad guys and security of the car.
The video starts (41:09) just after a question was asked sent in by an avid listener (39:45) about car hacking. He mentioned Canadian Industry Minister François-Philippe Champagne proudly tweeted on Feb. 8th that they are banning the importation, sale and use of hacking devices, such as Flipper Zero, that are being widely used for auto theft.
This topic lasts about 10 minutes.
Below the transcript of Steve Gibson’s view of bad guys hacking the key fob’s issuing codes and later when the car will be parked still have a valid key to access the vehicle which was stolen by spoofing the car and driver.
Steve: Yup. Felipe Mafra said: “Hello, Steve. First of all, I’d like to thank you and Leo for the great show. I’d like to bring you something very interesting that recently happened on this side of the border. The Canadian Industry Minister Franois-Philippe Champagne proudly tweeted on February 8th that they are banning the importation, sale, and use of hacking devices, such as Flipper Zero, that are being widely used for auto theft. This is an attempt to respond to the huge increase in auto thefts here in Canada. Even if I believe it’s good that the government is trying to address this issue, I found myself, rather than blocking the usage of such devices, it would be better if the industry was required to make things right by design. “This pretty much aligns with last week’s Security Now! Episode 960 regarding security on PLCs” – you know, Programmable Logic Controllers – “as we see no commitment from those industries to make their products safe by design. Anyways, I wanted to share this with you and get your perspectives. Thank you again for the show. Looking forward to 999 and beyond. Best regards, Felipe.” Okay. In past years we’ve spent some time looking closely at the automotive remote key unlock problem. What we learned is that it is actually a very difficult problem to solve fully, and that the degree of success that has been obtained by automakers varies widely. Some systems are lame, and others are just about as good as can be. And we’ve seen even very cleverly designed systems, like as good as they could be, fall to ingenious attacks. Remember the one where a system was based on a forward rolling code that was created by a counter in the key fob being encrypted under a secret key, and the result of that encryption was transmitted to the car. This would create a completely unpredictable sequence of codes. Every time the unlock button was pressed, the counter would advance, and the next code would be generated and transmitted. And no code ever received by the auto would be honored a second time. So anyone snooping and sniffing the radio could only obtain code that had just been used and would no longer thus be useful again. So what did the super-clever hackers do? They created an active attack. When the user pressed the unlock button, the active attack device would itself receive the code while simultaneously emitting a jamming burst to prevent the automobile from receiving it. So the car would not unlock. Since that happens when we’re too far away from the car, and it’s not that uncommon, the user would just shrug and press the unlock button again. This time, the active attacking device would receive the second code, emit another jamming burst to prevent the car from receiving the second code, then itself send the first code it had received to unlock the car. So the user would have to press the button twice. But they just figured the first one didn’t make it. The second one unlocked the car. By implementing this bit of subterfuge, the attacker is now in possession of a code that the key fob has issued, thus it will be valid, but the car has never seen it. And it’s the next key in the sequence from the last code that the car did receive. It is diabolically brilliant, and I think it provides some sense for what automakers are up against. From a theoretical security standpoint, the problem is that all of the communication is one-way, key fob to auto. The key fob is issuing a one-way assertion instead of a response to a challenge. What’s needed to create a fully secure system would be for the key fob’s unlock button to send a challenge request to the car. Upon receiving that request, the car transmits a challenge in the form of an unpredictable value resulting from encrypting a counter. Again, the counter is monotonic, upward counting 128 bits, and it will never repeat during the lifetime of the universe, let alone the lifetime of the car or its owner. Security Now! Transcript of Episode #962 Page 12 of 32 So upon receiving that unique challenge code sent by the car, the key fob encrypts that 128-bit challenge with its own secret key and sends the result back to the car. The car, knowing the secret kept by its key fobs, performs the same encryption on the code it sent and verifies that what the key fob has sent it was correct. Now, I cannot see any way for that system to be defeated. The car will never send the same challenge, and the key will never return the same response. And no amount of recording that challenge and response dialogue will inform an attacker of the proper responses to future challenges. If some attacker device blocks the reception, the car will send a different challenge. The key will respond with a different reply. And once that reply is used to unlock the car, the car will no longer accept it again. So the only problem with this system is that now both endpoints need to contain transceivers capable of receiving and transmitting. Previously, the fob only had to transmit, and the car only had to receive. So transceivers add some additional cost, though not much in production since both already contained radios anyway. But what this does mean is that a simple software upgrade to the existing hardware install base will not, and cannot, solve this problem. I doubt it’s possible to create a secure one-way system that’s safe against an active attacker while still reliably unlocking the vehicle without unduly burdening its user. The system I’ve just described is not rocket science, it’s what any crypto-savvy engineer would design. And since this problem is also now well understood, I would be surprised if next-generation systems which fix this in this way once and for all were not already on and off the drawing board and headed into production. But that doesn’t solve the problem which exists, and will continue to exist, for all of today’s automobiles. So now let’s come back to Felipe’s point about Canada’s decision to ban the importation of devices such as the Flipper Zero. We know that doesn’t solve the problem. But will it reduce the severity of the problem? Yeah, probably somewhat. Kits will spring up to allow people to build their own. Canada is a big place. There’s nothing to prevent someone from firing up manufacturing and creating homegrown Flipper Zeros or their like. It’s an open-source device. I mean, like the design is all there. What we keep seeing, however, is that low-hanging fruit is the fruit that gets picked and eaten. And many people won’t take the time or trouble to exert themselves to climb a tree to obtain the higher hanging fruit. Hand ’em a piece? Sure. Work for it? Perhaps later. So I would argue that making car theft even somewhat more difficult will likely be a good thing. And the Flipper Zero is, at best, a hacker’s gadget. It’s not as if it has huge non-hacker applications.