Luxembourg Uni Researchers Join Honda to Overcome Car Key Fob Attacks – Infosecurity Magazine
Luxembourg Uni Researchers Join Honda to Overcome Car Key Fob Attacks
Researchers at the University of Luxembourg have teamed up with Honda to find a solution to vulnerabilities in passive key fob entry systems which have led to an increase in car thefts.
Two IT experts at the uni`s Interdisciplinary Centre for Security, Reliability and Trust (SnT) will be working to improve the security of the tech, which unlocks the vehicle when the user gets within range and locks it when they walk away.
Such systems have been exposed to so-called ‘relay attacks’ for years. Thanks to kit readily available on the darknet, thieves are able to capture the car-owner`s key signal, amplify it and send it to a vehicle-side relay box, permitting them to unlock and drive away vehicles.
Such attacks are becoming increasingly common across the globe, prompting a December two thousand sixteen warning from the US National Insurance Crime Bureau (NICB).
Automobile associations such as the German ADAC have also developed customer awareness campaigns around the attacks.
It warned that car thieves could carry out a relay attack even with the key fob sitting inwards a user`s house. It claimed the components to carry out such an attack could be bought online for as little as €100.
The ADAC also warned that because the crime leaves no trace of any illegal entry, car owners who report their vehicle missing could come under suspicion of attempted insurance fraud if the vehicle is later found entirely intact.
Researcher Thomas Engel and his team have begun working on a solution that works with a wise device, such as a phone or a clever observe.
It analyzes the “distance bounding protocol” – the time the signal needs to travel from the key to the car – and if it takes too long, foul play is suspected and the car will automatically lock.
«A big challenge will be the amount of interference on the Two.Four GhZ band because almost all wireless devices use this frequency nowadays,» said researcher, Florian Adamsky. «Since the distance bounding protocol is very time-critical, it will also prove difficult to implement that protocol on a normal brainy device.»
Symantec has looked at this problem before, recommending in a two thousand fifteen paper that car-makers concentrate on «digital capture of location, signing data on capture, and using secure boot and code signing to ensure that firmware isn`t tampered.”