Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars (bleepingcomputer.com) 25
An anonymous reader writes: Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes -- called rolling codes or hopping code -- should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars...
The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them."
His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.
Now all those Subaru car theft gangs will have a leg up.
I see it all the time. There's a Lexus, Toyota, Ferrari, Porshe, Mercedes and car thieves make a bee line for the Subaru!
Happens all the time!
Won't all existing fobs have to be reprogrammed?
this looks like an old SDR hack... next we will see a garage opener...
Wimmenhove could have signed up to the partnership agreement and got paid but seems to have figured that publicity would be worth more, hey they could have told him to take a running jump like so many other vendors...
honestly why doesn't automotive just use standards and we could all move on with our lives, or are they invested in making money out of keys ?
The story is that with many large companies, there is no straightforward way for a member of the public to contact someone who is directly responsible for these kinds of issues, which are rising in importance. And/or that there is not someone in the company who has made it their job to actively go out and publicize that they are interested in hearing about such issues.
