Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars

An anonymous reader writes: Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes -- called rolling codes or hopping code -- should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars...

The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."
His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.

Itâ(TM)s about price fixing the key market.

I need a new key made for my Late-ish model Subaru and they say itâ(TM)s $350 just for a key. When I demanded to speak to the manager of the parts and service depot and demanded an explanation they only would say âoeitâ(TM)s more secure than the $2.25 key copy you got with your last car at the hardware store.

Clearly thatâ(TM)s not true at all. Can we somehow sue them for price fixing the key market?

Re: illegal hacker

[easyTree]

When you buy the car it is yours to mess with - including breaking it or spoofing the locks.

Ye olde-worlde definition of ownership. Ahhh, fond memories.