Subaru's wireless keyless entry protocol uses a system of "rolling codes" that jump from one value to another in a way that is supposed to be impossible to predict without possession of a cryptographic secret, shared by both the keys and the cars' firmware.
But an error in the design of this protocol makes it very easy to guess the upcoming codes by listening in on an earlier lock/unlock session. That means that when you bip your Subaru, a nearby eavesdropper with $15-30 worth of radio equipment can intercept the session, do a little math, and figure out what codes will re-open your car after you walk away.
The defect was discovered and documented by Dutch electronics engineer Tom Wimmenhove, who experimented on his own Subaru to make his finding. Wimmenhove tried to report his findings to Subaru but they brushed him off and asked him to fill in a questionnaire in order to become a "partner" before they'd listen to him.
Here are some affected models: Baja (2006); Forester (2005-10); Impreza (2005-11); Legacy (2005-10); Outback (2005-10).
The rig to carry out such attacks is not even expensive, varying from $15 to $30, depending on price and used components.
"Currently, I'm using a Raspberry Pi B+ ($25), a Wi-Fi dongle ($2) and a TV dongle ($8), but the Raspberry Pi B+ and WiFi dongle could both be replaced with a single Raspberry Pi Zero W ($10), which has WiFi on board," Wimmenhove told Bleeping.
"Then you need a 433MHz antenna ($1) and an MCX to SMA convertor ($1) to stick the antenna onto the dongle," he added. "Finally, you need something to power the thing. I'm assuming most people have some kind of Lithium-Ion power bank laying around. If not, they don't cost much either."
Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars
[Catalin Cimpanu/Bleeping Computer]
Over at XKCD, Randall Munroe's predicted the Critical Vulnerabilities and Exposures for 2018, with some pretty solid predictions (especially under the tooltip, which finally reveals a secret that many of us have kept mum about for literal decades -- damn you, Munroe!).
It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.
A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable.
Trains may not be the most popular means of conveyance nowadays, but chances are you grew up playing with toy trains or building a model set to wrap around the Christmas tree. In either case, it’s safe to say that locomotives have long carried a unique sense of awe and scale, especially when they’re hundreds […]
When it comes to redesigning or renovating a living space, envisioning changes before they occur can be tricky for most. Thankfully, the web is home to tools that can remove some of the guesswork, like Live Home 3D Pro for Mac. This app lets you create detailed and furnished floor plans for everything from sheds and […]
For many startups and fledgling businesses, web hosting — and the fees associated with it — can take a sizeable chunk out of the company budget and limit growth down the road. But, that’s not to say there aren’t hosts out there who can get your site online while staying within your budget. Arch Hosting is a […]