Slashdot had a small post about this yesterday but I've spoken with one of the researchers about it so thought I'd add a little more detail.
A group of Israeli and Belgian researchers found a vulnerability in the algorithm that is used to secure anti-theft digital key systems in numerous vehicles, including those made by such companies as Honda, Ford, General Motors, Mercedes Benz and Jaguar. With that information they were able to devise an attack to crack the code of anti-theft keys.
With just an hour of remote access to the digital key of one car made by a manufacturer, the researchers say they are able not only to crack the unique code for that specific key but can also determine the key initialization process used to code the digital keys for all of the cars made by that manufacturer. From there, it's pretty simple for them to crack the unique code of another car made by that company.
"There is one master key from which is derived the key for each car a company makes," says Orr Dunkelman, a researcher from the University of Leuven in Belgium who worked on the project with four colleagues.
No comments:
Post a Comment