Encryption Flaws Leave Millions of Toyota, Kia, and Hyundai Cars Vulnerable to Key Cloning (Mar 5, 2020)
A study published by University of Birmingham and KU Leuvan in Belgium claims that millions of cars with radio-enabled car keys made by Toyota, Hyundai, and Kia may be vulnerable to RFID fob cloning. According to the research, a vehicle highjacker could use an RFID reader device to clone a car’s key fob if within close proximity of a legitimate key fob. The vulnerable device transmits enough information to determine the encryption key, which can be used to clone the device and disable the immobilizer, the part of the key that prevents a car from starting without the key inside the vehicle. According to the researchers, the encryption keys used by the cars were easily discovered by reverse engineering the firmware. According to Wired, Toyota and Hyundai have both made statements, commenting on the “low risk” configuration of older model vehicles and on how they intend to stay ahead of threats.
Recommendation: While this technique of cloning a key fob to hijack a vehicle is quite technically involved, the results of the study show there is a potential risk. Attaching a steering lock can thwart this type of highjacking, and should be used when necessary. Some of the vulnerable vehicles can be reprogrammed to remove the vulnerability, and we suggest checking with the manufacturer for recalls and services that may apply. A non-exhaustive list of impacted models can be found within this article or by accessing the original research through TCHES.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.