Sign up with Google
HAL 9000
Honorary Master
- Joined
- May 27, 2008
- Messages
- 17,306
- Reaction score
- 18,885
In 2012, researchers at Radboud University in the Netherlands discovered a security flaw in a common automotive security chip used in theft prevention by Volkswagen, Audi, Fiat, Honda, and Volvo vehicles.
But after they disclosed their results to the auto manufacturers—a full nine months before they planned to publish them—the automakers sued to keep them quiet.
Today, that suppressed paper is finally being presented at the USENIX security conference in Washington, DC.
Entitled "Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer," the paper details how researchers Roel Verdult, Flavio Garcia, and Baris Ege uncovered weaknesses in the cryptography and authentication protocol used in the Megamos RFID transponder, used in car immobilizers in many luxury vehicles.
The list of impacted cars includes vehicles from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands.
There are a number of ways to bypass these systems, including the use of a radio amplifier to fool the transponder into believing the RFID chip is closer than it actually is.
But the Radboud researchers were able to go further, actually breaking the crypto system used by the Megamos transponder.
By eavesdropping on the radio exchange between the Megamos Crypto system and the key only twice, the researchers were able to dramatically reduce the size of the pool of potential matches to the system's 96-bit secret key.
Because the system allowed unlimited attempts to authenticate, Verdult, Garcia, and Ege were able to recover the secret key within "3 x 2^16" (196,607) tries with "negligible computational complexity." It all took less than 30 minutes.
Some car manufacturers used weaker keys, and the researchers were able to recover the secret key in just a few minutes with a laptop computer.
Read the full article here:
http://arstechnica.com/security/201...k-hack-after-2-year-injunction-by-volkswagen/
But after they disclosed their results to the auto manufacturers—a full nine months before they planned to publish them—the automakers sued to keep them quiet.
Today, that suppressed paper is finally being presented at the USENIX security conference in Washington, DC.
Entitled "Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer," the paper details how researchers Roel Verdult, Flavio Garcia, and Baris Ege uncovered weaknesses in the cryptography and authentication protocol used in the Megamos RFID transponder, used in car immobilizers in many luxury vehicles.
The list of impacted cars includes vehicles from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands.
There are a number of ways to bypass these systems, including the use of a radio amplifier to fool the transponder into believing the RFID chip is closer than it actually is.
But the Radboud researchers were able to go further, actually breaking the crypto system used by the Megamos transponder.
By eavesdropping on the radio exchange between the Megamos Crypto system and the key only twice, the researchers were able to dramatically reduce the size of the pool of potential matches to the system's 96-bit secret key.
Because the system allowed unlimited attempts to authenticate, Verdult, Garcia, and Ege were able to recover the secret key within "3 x 2^16" (196,607) tries with "negligible computational complexity." It all took less than 30 minutes.
Some car manufacturers used weaker keys, and the researchers were able to recover the secret key in just a few minutes with a laptop computer.
Read the full article here:
http://arstechnica.com/security/201...k-hack-after-2-year-injunction-by-volkswagen/
