Subaru's wireless keyless entry protocol uses a system of "rolling codes" that jump from one value to another in a way that is supposed to be impossible to predict without possession of a cryptographic secret, shared by both the keys and the cars' firmware.
But an error in the design of this protocol makes it very easy to guess the upcoming codes by listening in on an earlier lock/unlock session. That means that when you bip your Subaru, a nearby eavesdropper with $15-30 worth of radio equipment can intercept the session, do a little math, and figure out what codes will re-open your car after you walk away.
The defect was discovered and documented by Dutch electronics engineer Tom Wimmenhove, who experimented on his own Subaru to make his finding. Wimmenhove tried to report his findings to Subaru but they brushed him off and asked him to fill in a questionnaire in order to become a "partner" before they'd listen to him.
Here are some affected models: Baja (2006); Forester (2005-10); Impreza (2005-11); Legacy (2005-10); Outback (2005-10).
The rig to carry out such attacks is not even expensive, varying from $15 to $30, depending on price and used components.
"Currently, I'm using a Raspberry Pi B+ ($25), a Wi-Fi dongle ($2) and a TV dongle ($8), but the Raspberry Pi B+ and WiFi dongle could both be replaced with a single Raspberry Pi Zero W ($10), which has WiFi on board," Wimmenhove told Bleeping.
"Then you need a 433MHz antenna ($1) and an MCX to SMA convertor ($1) to stick the antenna onto the dongle," he added. "Finally, you need something to power the thing. I'm assuming most people have some kind of Lithium-Ion power bank laying around. If not, they don't cost much either."
Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars
[Catalin Cimpanu/Bleeping Computer]
Shenzhen Gwelltimes Technology Co., Ltd is the white-label vendor behind a whole constellation of Internet of Things networked home cameras sold as security cameras, baby monitors, pet monitors, and similar technologies; these cameras are designed to be monitored by their owners using an app, and because of farcically bad default passwords ("123") and other foolish […]
Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open.
A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations.
While it’s fun to watch Hollywood action heroes hack into cameras to spy on their targets, the thought of an actual cybercriminal using our own security devices against us is chilling for most. That’s what makes the iPM World HD 360 Degree 1080p Wireless IP Camera essential for anyone looking to deter digital and physical intruders […]
Spring came and went, but we’re not here to judge if you didn’t get around to cleaning up your living space. After all, taking the time to vacuum your floors can stretch out into a lengthy task when you’re constantly switching between power outlets and trying to jam your machine into those tight corners. With […]
Projects big and small always go smoother when the whole team is collaborating, but members tend to get lost once the conference call ends. Timelinr is a project management solution that helps keep your stakeholders, team, and clients in the loop with high-level project roadmaps and granular task boards. Subscriptions are available today for $49.99. […]