Smart cars have been on our radar for decades, but only recently have modern cars entered a newera with features tailored for entertainment, braking, power, and locks. And with additional electronic components, comes risk, says Alan Grau, VP of IoT/embedded solutions, Sectigo.
These brains on wheels have filled our need for connected technology and given us the freedom to explore future-forward ways of travelling. The first so-called “smart key” for unlocking vehicles was developed in 1995 under the name “Key-less Go,” and was the first of its kind; allowing users to lock, unlock, and start their vehicle from a distance.
This technology is becoming increasingly complex and is supporting an array of new features. Key fobs not only unlock the vehicle and enable ignition controls, but they can be used to lower windows, open a sunroof, fold in mirrors, set seat locations, and change radio channels. Tesla Model S and Model X key fobs, for instance, can even be used to initiate automated parking while pressing “Summon” on the key fob, brings the vehicle to you.
As with every technological improvement, the unfortunate downside is that the system is now open to more vulnerabilities.
These new smart features make key fob encryption a very attractive target for cyberattacks. Increased functionality results in more data being transmitted over this interface, presenting more opportunities for hackers to steal and analyse information when trying to break the encryption scheme and clone the key fob.
With more data, hackers have a greater chance of being able to unlock and steal vehicles. This is dangerous and risky enough for stationary cars, but we must consider what could happen if a hack were to happen while someone is in transit.
To understand how someone would be able to ‘hack’ a key fob, we must look at the technology inside. Most key fobs use a Radio Frequency IDentification (RFID) transponder to enable it to unlock the vehicle and perform a variety of additional functions from a distance.
The key fob sends encrypted data to the vehicle; often a rolling code that allows the vehicle to ID the key fob. The vehicle then decrypts this data and uses it to authenticate that this particular key fob should unlock this vehicle.
Authentication is performed by the vehicle immobiliser, an anti-theft system within the car, meaning that the car cannot be started until the immobiliser successfully authenticates a key fob to prevent thieves from hotwiring the vehicle.
A Google search will quickly reveal a large number of failures in key fob encryption. Because automakers often reuse technology across model years, an attack found in one vehicle may impact other vehicle makes and models. This means hackers can fake an authorisation across whole fleets of vehicles—with potentially devastating consequences.
Some of the vulnerabilities found in key fob systems include:
- Encryption keys generated from public data: In some cases, the encryption key is algorithmically derived from publicly readable information from the transponder, such as the transponder serial number. Once the algorithm is discovered, the key can be generated for any transponder.
- Insufficient entropy for generating encryption keys: Security keys must be random, but many key fobs don’t have access to enough random data to enable key generation, resulting in encryption keys that can be predicted.
- Discoverable encryption keys: In one key fob, the encryption key was stored in an 384 byte EEPROM (electrically erasable programmable read-only memory), allowing the key to be discovered using a combination of an attack that read the EEPROM from the key fob and a brute force attack that attempted all sequences of bytes in the EEPROM for the encryption key.
- Deprecated key strength: NIST recommends key lengths of 128 bits or longer for advanced encryption standard algorithms (symmetric encryption). Several key fobs utilise only 40-bit or 80-bit key lengths, resulting in solutions that are easily broken.
How to improve key fob encryption—the right software and PKI
To achieve strong security in key fobs, automakers must invest in hardware that will specifically support asymmetric encryption.
Most security protocols and systems employ both symmetric and asymmetric encryption. Asymmetric encryption uses a key pair consisting of a public key and a private key. Each node or device has its own key pair. The private key must be protected and kept secret, but the public key can be shared with other nodes.
Key pairs for asymmetric encryption are created in such a way that data encrypted with a public key can be decrypted only with the correct private key, and vice versa. If Device A wants to send data to Device B, then Device A can encrypt that data using Device B’s public key. That data can only be decrypted using Device B’s private key. Only Device B knows the private key, so only Device B can decrypt the message.
The dynamic duo
With key fob vulnerabilities existing so close to home, an appropriate solution is needed, and this starts with secure authentication. The use of asymmetric encryption with certificate-based authentication provides a strong solution against key fob attacks.
Implementation requires a PKI solution that is cost effective, scalable and easily maintained to issue and manage digital certificates. In scenarios with implications that threaten life and property, the low-cost or convenient option of weak encryption schemes is simply not good enough, especially if we hope to protect the next generation of smart, autonomous vehicles and their passengers.
The author is Alan Grau, VP of IoT/embedded solutions, Sectigo.