Subaru's wireless keyless entry protocol uses a system of "rolling codes" that jump from one value to another in a way that is supposed to be impossible to predict without possession of a cryptographic secret, shared by both the keys and the cars' firmware.
But an error in the design of this protocol makes it very easy to guess the upcoming codes by listening in on an earlier lock/unlock session. That means that when you bip your Subaru, a nearby eavesdropper with $15-30 worth of radio equipment can intercept the session, do a little math, and figure out what codes will re-open your car after you walk away.
The defect was discovered and documented by Dutch electronics engineer Tom Wimmenhove, who experimented on his own Subaru to make his finding. Wimmenhove tried to report his findings to Subaru but they brushed him off and asked him to fill in a questionnaire in order to become a "partner" before they'd listen to him.
Here are some affected models: Baja (2006); Forester (2005-10); Impreza (2005-11); Legacy (2005-10); Outback (2005-10).
The rig to carry out such attacks is not even expensive, varying from $15 to $30, depending on price and used components.
"Currently, I'm using a Raspberry Pi B+ ($25), a Wi-Fi dongle ($2) and a TV dongle ($8), but the Raspberry Pi B+ and WiFi dongle could both be replaced with a single Raspberry Pi Zero W ($10), which has WiFi on board," Wimmenhove told Bleeping.
"Then you need a 433MHz antenna ($1) and an MCX to SMA convertor ($1) to stick the antenna onto the dongle," he added. "Finally, you need something to power the thing. I'm assuming most people have some kind of Lithium-Ion power bank laying around. If not, they don't cost much either."
Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars
[Catalin Cimpanu/Bleeping Computer]
Iowa state court officials contracted with Coalfire to conduct "penetration tests" on its security; as part of those tests, two Coalfire employees broke-and-entered the Adel, Iowa courthouse, and were caught by law-enforcement, whose bosses in Dallas County were not notified of the test.
Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product.
For decades, people (including me) have predicted that cyberinsurers might be a way to get companies to take security seriously. After all, insurers have to live in the real world (which is why terrorism insurance is cheap, because terrorism is not a meaningful risk in America), and in the real world, poor security practices destroy […]
Your smartphone’s GPS is a modern necessity for some trips, but how do you use it safely? It’s been a problem ever since phones went mobile. A certain phone mount even shelled out the money for a commercial during the Big Game, so clearly there’s a market for the solution. Turns out there are a […]
There’s reading for pleasure, and then there’s reading for fuel; absorbing the great ideas in nonfiction books so you can apply them in your own life. In today’s hectic pace, it can be difficult to find the time to do that reading – especially for the entrepreneurs and professionals who can benefit the most from […]
Breaking into the big leagues as a project manager isn’t done overnight, but there are principles that anyone can learn, and they’re applicable to nearly any business. No matter what your field, if there are multiple teams working toward a common goal, you’re going to need a roadmap. The Project Management Professional Certification Training Suite […]