Subaru's wireless keyless entry protocol uses a system of "rolling codes" that jump from one value to another in a way that is supposed to be impossible to predict without possession of a cryptographic secret, shared by both the keys and the cars' firmware.
But an error in the design of this protocol makes it very easy to guess the upcoming codes by listening in on an earlier lock/unlock session. That means that when you bip your Subaru, a nearby eavesdropper with $15-30 worth of radio equipment can intercept the session, do a little math, and figure out what codes will re-open your car after you walk away.
The defect was discovered and documented by Dutch electronics engineer Tom Wimmenhove, who experimented on his own Subaru to make his finding. Wimmenhove tried to report his findings to Subaru but they brushed him off and asked him to fill in a questionnaire in order to become a "partner" before they'd listen to him.
Here are some affected models: Baja (2006); Forester (2005-10); Impreza (2005-11); Legacy (2005-10); Outback (2005-10).
The rig to carry out such attacks is not even expensive, varying from $15 to $30, depending on price and used components.
"Currently, I'm using a Raspberry Pi B+ ($25), a Wi-Fi dongle ($2) and a TV dongle ($8), but the Raspberry Pi B+ and WiFi dongle could both be replaced with a single Raspberry Pi Zero W ($10), which has WiFi on board," Wimmenhove told Bleeping.
"Then you need a 433MHz antenna ($1) and an MCX to SMA convertor ($1) to stick the antenna onto the dongle," he added. "Finally, you need something to power the thing. I'm assuming most people have some kind of Lithium-Ion power bank laying around. If not, they don't cost much either."
Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars
[Catalin Cimpanu/Bleeping Computer]
Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world.
Daniel Moghimi, Berk Sunar, Thomas Eisenbarth and Nadia Heninger have published TPM-FAIL: TPM meets Timing and Lattice Attacks, their Usenix security paper, which reveals a pair of timing attacks against trusted computing chips ("Trusted Computing Modules" or TPMs), the widely deployed cryptographic co-processors used for a variety of mission-critical secure computing tasks, from verifying software […]
The privacy-focused web browser Brave has finally launched a 1.0 version, bringing it officially out of beta.
WordPress is a fantastic tool for building web pages – if you know how to use it. Even with all the accessibility, a lot of the deeper features of WordPress are lost in translation to the average user. Enter WP Page Builder, a tool that not only makes WordPress site design easy but also more […]
In this age of ever-shrinking gadgets, it bears reminding that sometimes bigger is actually better. And if you care about audio quality, we can’t think of a better example of this principle than these TREBLAB Z2 Bluetooth 5.0 Noise-Cancelling Headphones. We know tiny Bluetooth earbuds are all the rage right now. But their battery life […]
In this Instagram age, pictures aren’t just worth a thousand words; they can be worth a pretty penny, too, which makes graphic designers a highly sought-after profession. But being a graphic artist takes more than just the ability to draw a picture, and certainly more than the ability to navigate through Photoshop. The School of […]