Sicherheit von Funkschlüsseln für Fahrzeuge

Unsere kürzliche Veröffentlichung über die Sicherheit von Funkschlüsseln für Fahrzeuge, vorgestellt am 12.8.16 auf der Usenix Security Konferenz in Texas, USA fand ein breites internationales Medienecho.

Publikation

Lock It and Still Lose It – On the (In)Security of Automotive Remote Keyless Entry Systems. Flavio D. Garcia, David Oswald, Timo Kasper, Pierre Pavlidès. 25th USENIX Security Symposium — USENIX Security 16. Austin, Texas, USA. PDF

Presse (Deutschland)

11.08.2016 Funkfernbedienungen: Sicherheitslücke bei 100 Millionen Autos – Süddeutsche

11.08.2016 Sicherheitslücken bei Funkschlüsseln – Tagesschau

11.08.2016 Sicherheitsforscher knacken Funkschlüssel von VW und anderen Herstellern – heise online

11.08.2016 Forscher knacken Funkschlüssel von 100 Millionen Autos – Zeit Online

11.08.2016 Funktschlüssel: Sicherheitslücke bei 100 Millionen Autos entdeckt – Wirtschaftswoche

11.08.2016 Gravierende Sicherheitslücke: Millionen Autos mit Funkfernbedienung lassen sich knacken – Focus

11.08.2016 So einfach lassen sich unsere Autos knacken – Welt

11.08.2016 Funkschlüssel: 100 Millionen Autos mit Sicherheitslücke – Automobilwoche

11.08.2016 100 Millionen Funkschlüssel geknackt: Diese Autos sind betroffen – Chip

11.08.2016 Vor allem VW betroffen: IT-Experten knacken 100 Millionen Autos – n-tv

11.08.2016 Sicherheitslücke: Forscher knacken Funkschlüssel von 15 Auto-Herstellern – N24

Presse (International)

12.08.2016 ‚Millions‘ of Volkswagen cars can be unlocked via hack – BBC NEWS
11.08.2016 Bought a Volkswagen in the last 20 years? It can probably be unlocked by hackers – The Telegraph
12.08.2016 Millions of Volkswagen‎ cars are at risk from a new security hack – Wired
12.08.2016 Remote Door Controls Are Car Security Flaw – Scientific American
12.08.2016 Another blow for VW owners: millions at risk for key hack – CBS News
12.08.2016 Volkswagen keys are insecure, but so are everyone else’s – The Verge
12.08.2016 Security experts reveal $40 device that would allow thieves to wirelessly unlock nearly every Volkswagen made since 1995 – DailyMail
11.08.2016 Keyless systems of older VW Group cars can be hacked: researchers – Business Insider
12.08.2016 Millions of cars at risk as keyless entry systems can be hacked, report says – The Guardian
11.08.2016 Millions of Volkswagen cars could be hacked and stolen thanks to 20-year-old security bug – Mirror

FAQ

Auf dieser Seite möchten wir einige der uns am häufigsten gestellten Fragen beantworten (aktuell nicht in Deutsch verfügbar).

Abbreviations

ECU = Electronic Control Unit
RKE = Remote Keyless Entry
OBD = On-Board-Diagnosis
PKES = Passive Keyless Entry and Start
RF = Radio Frequency
RFID = Radio Frequency Identification

Questions

Q: Which technical measures are used today to secure modern cars against theft?

A: In most cars, three separate mechanisms are present: A mechanical key is used to operate the steering and ignition lock and open the doors. In addition, an immobilizer transponder in the car key is used to electronically verify the authenticity of the key: The engine cannot be started in case of a missing or invalid transponder. The RFID transponders of immobilizers usually operate bi-directional at a frequency of 125 kHz and perform a cryptographic challenge-response protocol. The third part, the uni-directional RKE system allows to open or close doors, and at the same time switch off or on the anti-theft alarm system upon a user interaction (pressing the button). Most of these long-range RKE systems in Europe operate in the 433 MHz or 868 MHz frequency band, or on 315 MHz, e.g., in the USA or Japan.
As an upgrade / comfort feature, many manufacturers offer a PKES system for operating the doors and performing the authentication to start the car without a user interaction, simply by detecting the presence of a valid car key nearby the car. Often, PKES systems use the already available RF components: The 125 kHz RFID uplink from the car to the key ensures the proximity, while the 433 MHz downlink relies on the radio module originally used by the RKE system. Note that PKES systems are usually not a replacement but an upgrade for the RKE system, since car owners want to find their car on a parking from a distance by pressing a button on the remote control.
Q: How secure are the anti-theft mechanisms?

A: The protection of mechanical keys and locks used in cars is relatively easy to circumvent. Likewise, most RFID transponders used for the immobilizer rely on outdated ciphers and/or other security problems and can be cloned or manipulated. Given access to the interior of the car, various tools exist that exploit in-car security vulnerabilities, e.g. via the diagnosis port, and can be used to circumvent the immobilizer or add new transponders in order to start the engine of the car. The missing piece of the puzzle, the security of RKE systems to open doors and switch off the installed alarm system, has now been analyzed by us in the case studies presented at the Usenix Security Symposium 2016.
Q: Can you briefly summarize the results of this research?

A: The paper consists of two case studies of widespread RKE systems. We show that it is possible to clone remote controls from dozens of meters via the RF interface. For some car makers, monitoring only one RF signal suffices to create a duplicate of the original remote control. With the duplicate, the car can be opened or closed an arbirary number of times, just like with the original remote control.
Q: What is the range of the eavesdropping attack?

A: An attacker can monitor the respective RF signals from of a distance of several ten meters from the transmitting remote control. The exact range (usually between 20 meter to 100 meter) depends on the state of the battery of the remote control and other environmental parameters.
Q: How do RKE systems and Rolling Codes work?

A: The remote control sends unidirectional messages to the receiver within the car. The first systems employed messages including just a fixed identifier (therefore called fixed code) and a command (open, close…). The receiver would then accept all messages including this identifier. As technically educated attackers could simply record and repeat these signals (replay attack), more modern RKE systems employ so-called Rolling Code schemes. This new technology does not use a fixed value, but instead a deterministically changing code. In the most simple (and most common) variant this is a simple counter value increasing for each message from the remote. The receiver will now only accept codes, that include codes within a short range after the last seen valid code, i.e., the next counter values. The replay attack now does not work anymore but an active attacker could still eavesdrop a counter value and then figure out the next valid values to send without any bigger efforts. This is where crypto comes into play: Rolling Codes do not send their codes unencrypted, but in encrypted form, thus an attacker cannote see and interprete the content of the messages sent to the car. For this to work the remote and car share cryptographic key material ensuring that only the remote and the receiver can access the content of the messages. For an attacker there is no way to predict the next valid Rolling Code values without knowledge of the cryptographic secrets and she is limited to guessing the correct code. Given codes of sufficient length, blocking mechanisms to handle events with invalid codes (= potential attacks) and a reasonably strong selection of cryptographic algorithms these systems can be considered secure.
More advanced RKE schemes may even use public key cryptography, message integrity protection measures and time-stamps, but the systems covered by our research can be well described as basic Rolling Codes.
See these slides (PDF) for a short overview of the described RKE systems.
Q: Which manufacturers are affected?

A: Our findings affect amongst others the following VW Group vehicles manufactured between 1995 and 2016. Cars that we have practically tested are highlighted in bold. Note that this list is not exhaustive, as we did not have access to all types and model years of cars, and that it is unfortunately not clear if and when a car model has been upgraded to a newer scheme.
- Audi: A1, Q3, R8, S3, TT, various other types of Audi cars
- VW: Amarok, (New) Beetle, Bora, Caddy, Crafter, e-Up, Eos, Fox, Golf 4, Golf 5, Golf 6, Golf Plus, Jetta, Lupo, Passat, Polo, T4, T5, Scirocco, Sharan, Tiguan, Touran, Up
- Seat: Alhambra, Altea, Arosa, Cordoba, Ibiza, Leon, MII, Toledo
- Škoda: City Go, Roomster, Fabia 1, Fabia 2, Octavia, Superb, Yeti
- Ford: Galaxy
Note that identical VW Group cars are sold under different names in other countries, e.g., some Golf versions were sold as “Rabbit” in North America.
For the Hitag2 results we found the following models being affected by the discovered security risks. The cars printed in bold have been practically tested, the other cars listed here are presumably also implementing the Hitag2 RKE scheme (as suggested by the availability of compatible after-market universal remote controls):
- Abarth: 500, Punto Evo
- Alfa Romeo: Giulietta, Mito
- Citroen: Jumper, Nemo
- Dacia: Duster, Logan II
- Fiat: 500, Bravo, Doblo, Ducato, Fiorino, Grande Punto, Panda, Punto, Punto Evo, Qubo
- Ford: Ka
- Lancia: Delta, Musa
- Mitsubishi: Colt
- Nissan: Micra, Navara, Note, Pathfinder, Qashqai, X-Trail
- Opel: Astra, Combo, Corsa, Meriva, Vectra, Zafira
- Peugeot: 207, Boxer, Expert
- Renault: Clio, Master, Modus, Trafic, Twingo
Q: What is the difference between the VW system and Hitag2?

A: The VW system is vulnerable because a few world-wide cryptographic keys are used to secure millions of vehicles. Extracting one of these global keys from one car or remote control thus enables to clone the remote controls of millions of cars via the RF interface. The attack requires to monitor one RF signal of the original remote control, does not require breaking the underlying cryptography and altogether it takes less than a second to duplicate the original remote control.

In contrast, Hitag2 is normally used with diversified crypto keys that are unique per vehicle or car key. For Hitag2, however, the cryptographic algorithm is weak, which allows to carry out an efficient key recovery attack. After eavesdropping eight signals of the remote control to copy, the cryptanalytic attack recovers the cryptographic secret in a short run-time on a fast PC.
Q: Does an attacker need physical access to my vehicle (control units, CAN bus)?

A: No, the attack can be carried out over-the-air without physical access to control units or the CAN bus.
Q: How difficult are the attacks?

A: Building a device for receiving and transmitting respective RF signals can be done by any technically skilled person with off-the-shelf components. Obtaining the „ingredients“, i.e. cryptographic secrets and algorithms from the elecronic circuitry is much harder (it took about 20 years since the weak RKE systems have been deployed until to our publication). Hence exploiting the Volkswagen vulnerability requires a security expert with a background in implementation attacks and reverse engineering. After this one-time process the attacks scale very well, as the barrier for mounting the attack knowing the employed algorithms and secret keys is rather low.
Q: Do the attacks leave (physical) traces?

A: No, due to their wireless nature the attacks leave no physical traces. However, if a vehicle has been opened and closed again by an attacker, the original remote control has to be pressed three times in order to open the door.
Q: Can an attacker destroy my car with a DoS (Denial of Service) attack?

A: No, it is impossible to destroy the car via the remote control interface. In the worst case, the original remote control will be blocked. This may happen if the car receives an outdated signal from the original remote control. In consequence, the RKE system is deactivated for this remote control and the car has to be opened mechanically. Often, the remote control can be re-synchronized according to instructions in the respective car’s user manual. In rare cases, the synchronization has to be performed by means of a diagnostic cable.
Q: Is this related to RollJam (aka intelligent jamming) attacks?

A: No. The technique dubbed RollJam due to Samy Kamkar’s talk at Defcon2015 was known for a long time (originally published by Spencer Whyte in March 2014) and is based on a combination of intelligent jamming and replaying. However, for most RKE systems, RollJam cannot be used to change the contents of an RKE signal, i.e., the attacker cannot convert a „lock“ to an „unlock“ command. An attacker obtaining a „lock“ signal can only use it to close the car again, not to open it. When the potential victim comes back to the car and unlocks it, all previously intercepted rolling codes are invalidated. The same applies when the attacker obtains an „open“ signal: Once the victim has locked the car, the attacker’s „open“ signal is already outdated. So in practice RollJam is a very limited threat. In contrast, our attacks target the implemented cryptography on which the RKE system relies – thus, a potential attacker exploiting the described weaknesses can arbitrarily change and generate new signals at any time.
Q: Can someone steal my car now?

A: Usually, the immobilizer and the RKE part of a car key are fully separated (VW group) or at least use different cryptographic keys (Hitag2). This research focuses on RKE only, i.e., an attacker can only unlock the vehicle (and thus disarm the alarm if present), but not bypass the immobilizer. So the main risk of theft affects valuables left in the locked car. However, having physical access to the inside of the car facilitates attacks e.g. via the OBD interface. See Question #2 „How secure are the anti-theft mechanisms?“.
Q: How can I protect my vehicle?

A: Unfortunately, there is relatively little you can do without replacing the RKE system itself. An obvious countermeasure is to permanently stop using the RKE remote and use the physical key only. In times of key blades being hidden inside the car key and key holes being designed for emergency access only, this is quite impractical. We also advise against using most aftermarket RKE systems as found on auction and shopping websites – these usually employ similarly broken cryptography (for example KeeLoq). As of today, if you own an affected car, the best protection is to never leave any valuables in your vehicle.
Q: Can this vulnerability be fixed by the car manufacturer?

A: In principle, yes. But fixing these security issues would first require a redesign of the RKE system. After that, an update or exchange of both the car keys and the respective control unit in the car would be necessary. So while the vulnerabilities can be mitigated, we think it is rather unlikely that this will happen in practice.
Q: Does this also affect passive keyless entry and start systems (aka smart keys aka Keyless Go)?

A: PKES uses a low-frequency link for sending a challenge to the car key, which then sends back a cryptographic response over the high-frequency link also used for RKE. We have not further investigated if the algorithms for RKE are used for PKES in a similar way. However, car and car key transceive the respective RF signals without a user interaction, thus by design PKES is susceptible to relay attacks, which has turned out to be a practical security threat for all PKES-enabled cars. Further, in most cars a long-range RKE system is implemented in addition to the PKES. Hence, car owners pressing the respective button to open or close their PKES-enabled cars are just as prone to the RKE attacks as car owners without PKES.
Q: What about new cars?

A: While we found the vulnerable systems in vehicles with model year 2016, manufacturers are slowly addressing these issues in general. For example, VW cars using the MQB platform (e.g. Golf 7 and similar) use, according to VW, a re-designed RKE system employing secure cryptography and individual cryptographic keys. If implemented properly, this would prevent the attacks presented in the paper.
Q: What about other manufacturers?

A: We are aware of many other RKE systems used by major manufacturers worldwide that are just as vulnerable as the system used by Volkswagen group, i.e., monitoring one signal allows to clone the remote control from a distance. We are in the process of responsible disclosure in this regard.
Q: Lock it and still lose it?

A: We have shown that appropriatly locking your car, watching the lights and making sure that the car is locked (to protect from jamming attacks) is not sufficient when using a vulnerable remote control.
Q: Where can I find the paper?

A: here.

Sicherheit von Funkschlüsseln für Fahrzeuge

Publikation

Presse (Deutschland)

Presse (International)

FAQ

Abbreviations

Questions

Q: Which technical measures are used today to secure modern cars against theft?

Q: How secure are the anti-theft mechanisms?

Q: Can you briefly summarize the results of this research?

Q: What is the range of the eavesdropping attack?

Q: How do RKE systems and Rolling Codes work?

Q: Which manufacturers are affected?

Q: What is the difference between the VW system and Hitag2?

Q: Does an attacker need physical access to my vehicle (control units, CAN bus)?

Q: How difficult are the attacks?

Q: Do the attacks leave (physical) traces?

Q: Can an attacker destroy my car with a DoS (Denial of Service) attack?

Q: Is this related to RollJam (aka intelligent jamming) attacks?

Q: Can someone steal my car now?

Q: How can I protect my vehicle?

Q: Can this vulnerability be fixed by the car manufacturer?

Q: Does this also affect passive keyless entry and start systems (aka smart keys aka Keyless Go)?

Q: What about new cars?

Q: What about other manufacturers?

Q: Lock it and still lose it?

Q: Where can I find the paper?