Subaru's wireless keyless entry protocol uses a system of "rolling codes" that jump from one value to another in a way that is supposed to be impossible to predict without possession of a cryptographic secret, shared by both the keys and the cars' firmware.
But an error in the design of this protocol makes it very easy to guess the upcoming codes by listening in on an earlier lock/unlock session. That means that when you bip your Subaru, a nearby eavesdropper with $15-30 worth of radio equipment can intercept the session, do a little math, and figure out what codes will re-open your car after you walk away.
The defect was discovered and documented by Dutch electronics engineer Tom Wimmenhove, who experimented on his own Subaru to make his finding. Wimmenhove tried to report his findings to Subaru but they brushed him off and asked him to fill in a questionnaire in order to become a "partner" before they'd listen to him.
Here are some affected models: Baja (2006); Forester (2005-10); Impreza (2005-11); Legacy (2005-10); Outback (2005-10).
The rig to carry out such attacks is not even expensive, varying from $15 to $30, depending on price and used components.
"Currently, I'm using a Raspberry Pi B+ ($25), a Wi-Fi dongle ($2) and a TV dongle ($8), but the Raspberry Pi B+ and WiFi dongle could both be replaced with a single Raspberry Pi Zero W ($10), which has WiFi on board," Wimmenhove told Bleeping.
"Then you need a 433MHz antenna ($1) and an MCX to SMA convertor ($1) to stick the antenna onto the dongle," he added. "Finally, you need something to power the thing. I'm assuming most people have some kind of Lithium-Ion power bank laying around. If not, they don't cost much either."
Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars
[Catalin Cimpanu/Bleeping Computer]
Google has published the results of a study of the efficacy of standard anti-account-hijacking techniques like two-factor authentication (2FA), secret questions, and passwords: the good news is that when these are used, they are incredibly effective at stopping both automated and targeted attacks, including "advanced" attacks of the sort that are often characterized as unstoppable.
In 2014, Quentin Tarantino sued Gawker for publishing a link to a leaked pre-release screener of his movie "The Hateful Eight." The ensuing court-case revealed that the screeners Tarantino's company had released had some forensic "traitor tracing" features to enable them to track down the identities of people who leaked copies.
Ransomware has been around since the late 1980s, but it got a massive shot in the arm when leaked NSA cyberweapons were merged with existing strains of ransomware, with new payment mechanisms that used cryptocurrencies, leading to multiple ransomware epidemics that locked up businesses, hospitals, schools, and more (and then there are the state-level cyberattacks […]
Heads up: The clock is winding down on a free-entry contest to win not only one of the best smartphones on the market but a handy pair of earbuds. A simple sign-up is all you need to be eligible to win a 256 GB iPhone XS Max, along with AirPods. And while “free” is tough […]
Kudos to those of us who have chosen a less wasteful third option to “paper or plastic” at the supermarket or club stores. Tote bags are reusable, but they can be a pain to tote around. Here’s an upgrade to that planet-saving measure. The Club Cart Lotus Trolley Bag is that rare tote you’ll want […]
Looking for a career in IT, gaming or software development? In the ever-changing world of the internet, versatility is your biggest asset. In other words, mastering Java might not cut it in an interview if you don’t know C#. However, there’s a bundle that covers the essentials in most any language. The Legendary Learn to […]