ESCAR EU took place in Brussels in November 2018 and contained several interesting talks. This is a summary of the sessions. Please note that this is an interpretation of the presentations and may differ from the presenter’s views. If you would like to have a more detailed report about the conference, feel free to contact professor Tomas Olovsson at Chalmers.
Access to full papers and lectures is possible after registration on the ESCAR home page.
A couple of talks focused on keyless access to vehicles and the (in)security of these cards. Typically, a vehicle equipped with keyless access cards (RFID cards) broadcast their ID periodically and a keycard in the vicinity will respond and get a challenge from the vehicle to encrypt.
Lennert Wouters et.al. from KU Leuven (Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars) reverse engineered Tesla model S key cards and found a way to clone key cards. They discovered that it is possible to talk to any key card and give it a challenge which it will answer. They selected a fixed challenge (40 bit long, 0x636f736963) which they encrypted with all possible keys and the results were stored in a file for easy reverse-lookup. Then (somewhat simplified, exact details are omitted here) it is possible to talk to any key card, give it the challenge and look up what key it has. Card access and lookup takes just a second or two and cloning a key are now trivial. This method is not limited to Tesla vehicles but works with other brands using the same techniques.
More talks are available in the ESCAR Europe 2018 Summary.
The report was written by Prof. Tomas Olovsson, Chalmers.