We’ve reported and updated you about the insecurities in keyless entry systems of modern vehicles before. And it is still an ongoing problem following Upstream’s Global Automotive Cybersecurity Report about 2021 which says that the most common attack vector for connected vehicles are wireless key fobs. Following up on this, the German Automobile Club ADAC has updated their evaluation of vehicle models vulnerable to this attack. The report shows that only 5% (23) of the 501 tested vehicle models are sufficiently protected against replay attacks used to unlock and start the vehicle.

In replay attacks the signal is forwarded from the key to the vehicle in order to cover a greater distance for unlocking and starting the vehicle. Once the engine is started the key doesn’t need to be in close proximity to the vehicle anymore and therefore can be driven large distances. The required hardware needed to perform this attack is just around 100$, making it an attractive attack for criminals to steal cars.

Car manufacturers have implemented different ways to cope with relay attacks, however, the UWB (Ultra-Wideband) technology is the most secure mechanism to cope with relay attacks. Its accuracy for measuring the distance to the vehicle cannot be tricked with current devices used for relay attacks. Other mechanisms are (i) to include a motion sensor in the key so that it turns off when it is not moved for a few minutes (37 of the tested models) and (ii) to allow the keyless feature to be only used for starting the car and require interaction with the key in order to open it (3 of the tested models). However, using a motion detector is not sufficiently secure as relay attacks can be still performed when the key is in motion, e.g., when the owner walks.

More news on ransomware attacks on the automotive supply chain

  • In the last newsletter we reported on the Kojima-Toyota incident where attackers focused on disturbing the supply chain. This attack wasn’t the only one targeting Toyota. Denso, another important supplier for Toyota, also got attacked. More specifically the network of its German company, DENSO Automotive Deutschland GmbH, got subject of an attack by the Pandora group. The group announced on Sunday 13/3 that they stole classified information and threatened to release it.
  • The US subsidiary of the Japanese tire manufacturer Bridgestone also got hit by a ransomware attack on 28th February according to their press release from last week.

More automotive security news

Written by Thomas Rosenstatter