Slashdot Mirror
Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars (bleepingcomputer.com)
An anonymous reader writes:
Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes -- called rolling codes or hopping code -- should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars...
The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."
His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.
The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."
His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.
The story isn't that the guy found an exploit. There will always be bugs and exploits in a complex system.
The story is that with many large companies, there is no straightforward way for a member of the public to contact someone who is directly responsible for these kinds of issues, which are rising in importance. And/or that there is not someone in the company who has made it their job to actively go out and publicize that they are interested in hearing about such issues.
It happens. Companies get big and fat and distributed, and no one knows whether a particular issue is important or how to own the solution until it gets so big and attention-grabbing that someone at the top realizes they have to put a person on it...
The best use of this tech would probably not be to steal Subarus but rather to offer low-cost backup fobs. Last time I checked, a replacement fob at the dealer will set you back a couple hundred bucks. I bet you could find a price-point in there where you could sell replacements at a reasonable price and still make bank. You could also offer additional features, like being able to open multiple cars for a two (or more) car family.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Ye olde-worlde definition of ownership. Ahhh, fond memories.
Requiem for the American Dream