Slashdot Mirror
Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars (bleepingcomputer.com)
An anonymous reader writes:
Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes -- called rolling codes or hopping code -- should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars...
The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."
His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.
The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."
His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.
This problem affects 2004-2011 cars and not all of them in those years. This means Subaru fixed this problem probably soon after ROLLJAM became popular.
The issue at hand seems to be that they never went back and issued a voluntary recall for their older cars. On top of that, the article doesn't state who he talked to at Subaru. Honestly, they need a specific way for receiving these kinds of issues because joe blow in the call center isn't going to know how to deal with a report like this.
The story isn't that the guy found an exploit. There will always be bugs and exploits in a complex system.
The story is that with many large companies, there is no straightforward way for a member of the public to contact someone who is directly responsible for these kinds of issues, which are rising in importance. And/or that there is not someone in the company who has made it their job to actively go out and publicize that they are interested in hearing about such issues.
It happens. Companies get big and fat and distributed, and no one knows whether a particular issue is important or how to own the solution until it gets so big and attention-grabbing that someone at the top realizes they have to put a person on it...
No legal problem as long as he only opens his own car. Similiar how he can legally break into his own car using a crowbar - and make videos showing how easy that is. When you buy the car it is yours to mess with - including breaking it or spoofing the locks.
Opening a strangers car with a trick device is clearly illegal.