In the beginning of the month news got released that the car rental company Sixt got hit by an attack on April 29. According to Sixt, they were able to detect IT irregularities and mitigated the attack at an early stage which resulted only in a temporary disruption of the customer care centres. The type of attack has not been commented nor confirmed, but security researcher Andy Jenkinson, group CEO of CIP, suggested that it could have been an attack exploiting their insecure DNS, which he highlighted in this post. Andy Jenkinson also emphasises that this was not a sophisticated attack, he suggests that many companies who handle big amounts of data are simply targeted because they are “exposed, identified, and then exploited”.

An interesting paper regarding the insecurities in DNS is “Thirty Years of DNS Insecurity: Current Issues and Perspectives” by Giovanni Schmid 2021. The article provides an in-depth overview about the insecurities in DNS as well as an overview of current protocols meaning to protect the communication among name servers. Due to the central role that DNS has, by resolving domain names to IP addresses, it has become the part of the foundation in the digital space as well as a target for attackers. Schmid summarises attacks against DNS systems based on the security properties they violate (confidentiality, integrity, availability) and additionally also reliability. Furthermore, Schmid discusses alternatives for name systems, including the GNU Name System (GNS), which requires fundamental changes, but fulfils all defined requirements.

Another attack on keyless systems
Some fortnights ago we dedicated this newsletter to vulnerabilities in keyless entry systems and countermeasures. This time, the keyless entry solution “Phone-as-a-Key” by Tesla which uses Bluetooth Low Energy (BLE) got hacked. Sultan Qasim Khan, principal security consultant at the UK-based security firm NCC, has published his findings about the found BLE link-layer vulnerability allowing thieves to unlock and start Tesla Model 3 and Y cars.

Sultan Qasim Kahn demonstrated its feasibility by placing an iPhone with the Tesla app (version 4.6.1-891) 25 metres away from the vehicle and relaying the signal using two relay devices. The phone-side relaying device was located 7 metres apart from the phone in a separate room and the vehicle-side relaying device needed to be within a 3-metre radius from the vehicle. More importantly, the company highlights in their report that the attack was still successful when adding an artificial round-trip latency of up to 80ms to the already present latency introduced by the Wi-Fi connection between the two relaying devices. Given this additional latency, the company argues that long-distance attacks over the internet could be possible.­­­

NCC Group suggests the same countermeasures as reported for key fobs, i.e., disabling the passive entry functionality when the phone was stationary for more than a minute or the use of Ultra Wide Band (UWB) solutions.

Short news 

  • The Nigerian Communications Commission (NCC) published a press release informing the public about the high potential of car theft some Honda and Acura car models through remote key fob attacks.
  • The San Francisco Police wants to access the recording of autonomous vehicles for investigations. This may not be news for many; however, it highlights that technology can often be an enabler for unintended use cases as well.

Written by Thomas Rosenstatter

Facebooktwitterredditlinkedinmail