Key is in the Air: Hacking Remote Keyless Entry Systems

AUT64 is a 64-bit automotive block cipher with a 120-bit secret key used in a number of security sensitive applications such as vehicle immobilization and remote keyless entry systems. In this paper, we present for the first time full details of AUT64 including a complete specification and analysis of the block cipher, the associated authentication protocol, and its implementation in a widely-used vehicle immobiliser system that we have reverse engineered. Secondly, we reveal a number of cryptographic weaknesses in the block cipher design. Finally, we study the concrete use of AUT64 in a real immobiliser system, and pinpoint severe weaknesses in the key diversification scheme employed by the vehicle manufacturer. We present two key-recovery attacks based on the cryptographic weaknesses that, combined with the implementation flaws, break both the 8 and 24 round configurations of AUT64. Our attack on eight rounds requires only 512 plaintext-ciphertext pairs and, in the worst case, just 237.3 offline encryptions. In most cases, the attack can be executed within milliseconds on a standard laptop. Our attack on 24 rounds requires 2 plaintext-ciphertext pairs and 248.3 encryptions to recover the 120-bit secret key in the worst case. We have strong indications that a large part of the key is kept constant across vehicles, which would enable an attack using a single communication with the transponder and negligible offline computation.

Download Full-text

Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2019.i3.66-85 ◽

2019 ◽

pp. 66-85

Author(s):

Lennert Wouters ◽

Eduard Marin ◽

Tomer Ashur ◽

Benedikt Gierlichs ◽

Bart Preneel

Keyword(s):

Low Cost ◽

Mutual Authentication ◽

Proof Of Concept ◽

Reverse Engineer ◽

Commercial Off The Shelf ◽

Remote Keyless Entry ◽

Full Proof

The security of immobiliser and Remote Keyless Entry systems has been extensively studied over many years. Passive Keyless Entry and Start systems, which are currently deployed in luxury vehicles, have not received much attention besides relay attacks. In this work we fully reverse engineer a Passive Keyless Entry and Start system and perform a thorough analysis of its security.Our research reveals several security weaknesses. Specifically, we document the use of an inadequate proprietary cipher using 40-bit keys, the lack of mutual authentication in the challenge-response protocol, no firmware readout protection features enabled and the absence of security partitioning.In order to validate our findings, we implement a full proof of concept attack allowing us to clone a Tesla Model S key fob in a matter of seconds with low cost commercial off the shelf equipment. Our findings most likely apply to other manufacturers of luxury vehicles including McLaren, Karma and Triumph motorcycles as they all use the same system developed by Pektron.

Download Full-text

Design of Intelligent Vehicle Security and Immobilization System

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.178-181.2654 ◽

2012 ◽

Vol 178-181 ◽

pp. 2654-2657

Author(s):

Xiao Feng Huang ◽

Hao Jie Zou ◽

Jun Ling Ten ◽

You Liang Chen

Keyword(s):

Base Station ◽

Integrated System ◽

Intelligent Vehicle ◽

Monitor System ◽

Tire Pressure ◽

Pressure Monitor ◽

Frequency Signal ◽

Vehicle Security ◽

Remote Keyless Entry

An integrated system is proposed of base station module, key module and tire modules, in order to overcome the independence of tire pressure monitor system, remote keyless entry and immobilization of engine. Tire modules or key module communicate base station module with UHF frequency signal of 434MHZ. The transponder PCF7961 in key module and PJF7992 in base station module authenticate mutually with LF frequency signal of 125KHZ. The result is shown that the system can improve the security and controllability of cars, compress system redundancy, reduce produce costs and optimize the skeleton network.

Download Full-text