Feeds

Watch this Aussie infosec bod open car doors from afar

Homes unlocked now car doors popped

Providing a secure and efficient Helpdesk

Silvio Cesare

Silvio Cesare has probably spent enough on home alarm systems at hardware stores to buy a small pacific island. The Canberra hacker has over the last three years embarrassed manufacturers by buying remote alarms, baby monitors and locks from eBay and hardware stores and later developing replay attacks that allow attackers to switch them off.

The newly minted director of anti-malware engineering at Qualys was now set to present his research into opening car doors and boots at Black Hat Las Vegas as part of his new field of interest.

Cesare @silviocesare opened the doors and boot of his 10 year old car over about two hours by capturing and replaying the signals produced from the vehicles' remote key fob with about $1000 worth of equipment.

By contrast, he hacked home alarms with arduino-based kit that cost less than US$50.

While he wasn't revealing the make and model of his car used in the test, he says the attacks would likely work on other older model vehicles.

Silvio Cesare

Silvio Cesare

Worse, he said some cars appear to have a consistent code in the wireless transmission - a backdoor if you will - that would consistently open cars. That backdoor opened his car for a week before it oddly stopped working. He planned more work into the backdoor and thought it was likely specific to car models.

"Once known, unlocking car takes seconds not hours," Cesare said.

Prolific car hackers Charlie Miller (@0xcharlie) of Twitter and Chris Valasek (@nudehaberdasher) of IOActive round out the Black Hat vehicle hacker fest.

They have popped this year's Jeep Cherokee, Infiniti Q50 and the 2015 Escalade due to the large amount of features located on the same network as the main controls such as brakes and steering, the researchers told Dark Reading. The most secure late model cars was this year's Dodge Viper, Audi A8, and Honda Accord because the vehicles had separated networks.

Car hacking research has come thick and fast in recent years, prompting the US Association of Global Automakers to implement an intelligence sharing forum to help squash vulnerabilities.

Spooked drivers could do little else than buying an aftermarket keyless entry device -- or a new car -- since recalls were not feasible. Cesare recommended those buying home wireless alarm systems avoid cheap offerings at K-Mart, Big W and Bunnings, since virtually all of them could be broken, and instead invest in commercial systems that use rolling codes.

"Needless to say, newer cars have stronger security, so upgrading the car is also an option," he said.

"For car makers, a PRNG (pseudo random number generator) could be replaced with a list of codes stored in flash memory that is generated by a true random number generator. Also, obviously, avoid coding in backdoors."

Cesare would now work on silicon-level analysis after he decapsulated the integrated circuits in the car's keyfob which may help recover firmware and the algorithm needed to generate backdoors.

More information about Cesare's car and alarm hacking antics was available in his paper Breaking the secuity of physical devices ®.

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.