Cars – Page 6 – WindowsTechs.com

Hacking Automobile Keyless Entry Systems

Posted on October 17, 2022 by Bruce Schneier

Suspected members of a European car-theft ring have been arrested:

The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away.

As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.

The criminals targeted keyless vehicles from two French car manufacturers. A fraudulent tool—marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob…

Continue reading Hacking Automobile Keyless Entry Systems→

Digital License Plates

Posted on October 13, 2022 by Bruce Schneier

California just legalized digital license plates, which seems like a solution without a problem.

The Rplate can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which can be used to push updates, change the plate if the vehicle is reported stolen or lost, and notify vehicle owners if their car may have been stolen.

Perhaps most importantly to the average car owner, Reviver said Rplate owners can renew their registration online through the Reviver mobile app…

Continue reading Digital License Plates→

Lamp Flashing Module Is Perfect For Automotive Use

Posted on October 1, 2022 by Lewin Day

Modern cars tend to have quite advanced lighting systems, all integrated under the control of the car’s computer. Back in the day, though, things like brake lights and indicators were …read more Continue reading Lamp Flashing Module Is Perfect For Automotive Use→

Relay Attack against Teslas

Posted on September 15, 2022 by Bruce Schneier

Nice work:

Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing key using what is essentially a high-tech walkie-talkie. One thief stands near you while you’re in the grocery store, intercepting your key’s transmitted signal with a radio transceiver. Another stands near your car, with another transceiver, taking the signal from their friend and passing it on to the car. Since the car and the key can now talk, through the thieves’ range extenders, the car has no reason to suspect the key isn’t inside—and fires right up…

Continue reading Relay Attack against Teslas→

Hyundai Uses Example Keys for Encryption System

Posted on August 22, 2022 by Bruce Schneier

This is a dumb crypto mistake I had not previously encountered:

A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples.

[…]

“Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]”.

[…]

Luck held out, in a way. “Greenluigi1” found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like “…

Continue reading Hyundai Uses Example Keys for Encryption System→

‘Let’s Go Hit This Kid:’ Tesla Stans Find Actual Child to Try and Prove Teslas Don’t Run Over Kids

Posted on August 16, 2022 by Chloe Xiang

I think it’s fair to say that fans of Tesla and its CEO Elon Musk trust him with their children’s lives. Continue reading ‘Let’s Go Hit This Kid:’ Tesla Stans Find Actual Child to Try and Prove Teslas Don’t Run Over Kids→

Surveillance of Your Car

Posted on August 2, 2022 by Bruce Schneier

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it.
The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an e… Continue reading Surveillance of Your Car→

Security Vulnerabilities in Honda’s Keyless Entry System

Posted on July 12, 2022 by Bruce Schneier

Honda vehicles from 2021 to 2022 are vulnerable to this attack:

On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN.

[…]

In a phone call, Kevin2600 explained that the attack relies on a weakness that allows someone using a software defined radio—such as HackRF—to capture the code that the car owner uses to open the car, and then replay it so that the hacker can open the car as well. In some cases, he said, the attack can be performed from 30 meters (approximately 98 feet) away…

Continue reading Security Vulnerabilities in Honda’s Keyless Entry System→

Congress Demands Government Investigate Automotive Right to Repair

Posted on June 22, 2022 by Matthew Gault

The investigation would look into the auto industry’s self-regulation on the issue and how the government can keep people safe while letting them repair their own vehicles. Continue reading Congress Demands Government Investigate Automotive Right to Repair→

Hacking Tesla’s Remote Key Cards

Posted on June 14, 2022 by Bruce Schneier

Interesting vulnerability in Tesla’s NFC key cards:

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys—with no authentication required and zero indication given by the in-car display.

“The authorization given in the 130-second interval is too general… [it’s] not only for drive,” Herfurt said in an online interview. “This timer has been introduced by Tesla…in order to make the use of the NFC card as a primary means of using the car more convenient. What should happen is that the car can be started and driven without the user having to use the key card a second time. The problem: within the 130-second period, not only the driving of the car is authorized, but also the [enrolling] of a new key.”…

Continue reading Hacking Tesla’s Remote Key Cards→