Trending Now

News, Advice, and How-To's From Top Motor Pros

Advertise Here
Menu
Search
Featured
Truck Dash Cam Installation
The Role of Clear Coat in Auto Body Repair – San Antonio | Auto Body and Paint | Collision Repair | Auto Body Repair
Waterless Wash or Quick Detailer – What’s the Difference?
How to Use an Ultrasonic Parts Cleaner for Restoration Perfection
A Wet Start for Pottstown Nights Car Show Series
Legendary Ace Cafe to Open New US Location in Pennsylvania
Bagged C-10 – Spraying on New Bed Liner
Slash Your Auto Insurance Rates
The Importance of Rust Prevention in Auto Body Repair – San Antonio | Auto Body and Paint | Collision Repair | Auto Body Repair

Automotive digital keys raise security issues

Uncategorized
Top Motor Pros

Automotive digital keys raise security issues

However, automotive cybersecurity experts are still determining if digital keys are as secure as the industry claims.

Kent said a rash of recent car thefts in the U.K. targeting new cars with keyless systems that were hacked using relay attacks or “key cloning” demonstrates how the industry underestimates vehicle security.

Automakers have responded to key cloning attacks with keys that go into sleep mode. Vehicle owners have attempted a different strategy, such as keeping keys in a metal container like coffee cans or breath mint tins.

The Kia Boy attacks, which involve thieves popping off the steering wheel column of key ignition in Hyundai and Kia models and using a USB to hot-wire them, offer another example.

Kia and Hyundai — sibling companies — issued a software update to fix the problem, but Automotive News reported Hyundai Motor Group’s solution is not working perfectly.

“It’s not feasible or realistic to attack this key security head-on,” Tindell said.

Car thieves are moving on from key cloning because automakers such as Toyota are placing robust encryption systems between its keys and the smart key electronic control unit, a dedicated chip with software or firmware that controls security and access in its vehicles to authenticate the key, Tindell said.

He likened the hacks and countermeasures between car thieves, hackers and automakers to an arms race.

Car thieves, for example, are developing an attack method called a controller area network injection, Tindell said. The CAN injection circumvents standard antitheft equipment by going around the back.

Car thieves and hackers must physically break into the internal network of a car, which they can do if it is somewhere easy to reach on the vehicle, Tindell said.

In a blog post, Tindell unwrapped how car thieves in the U.K. stole a Toyota RAV4 from Ian Tabor, a cybersecurity researcher and automotive engineering consultant for Switzerland’s EDAG Engineering Group.

Thieves broke into the RAV4’s CAN near the headlights to access its key security’s ECU for its engine and doors.

“In some ways, it’s like a castle with a drawbridge and portcullis and a barbican to secure the front entrance, and an unguarded back door with a cheap padlock,” Tindell said.

Automakers need to have authentication and encryption for the digital messaging between a car’s door and engine to defeat these CAN injection attacks, Tindell said. They need some sort of credential or token system.

“Having your phone say, ‘Are you trying to open the car’ is probably too much, but it’s leaning toward the direction I think it will go,” Kent said.

Section Page News – Automotive News

#Automotive #digital #keys #raise #security #issues

Related Posts

Back To Top