Vulnerability in Key Fob Can Let Hackers Open Subaru Cars

Electronics designer Tom Wimmenhove recently uncovered a vulnerability in the key fob system that car manufacturer Subaru uses for several of its vehicles. When exploited successfully, it can enable hackers or thieves to clone the key fob to the access the vehicle. 

Dubbed as the “fobrob” exploit, Wimmenhove noted that the flaw is relatively easy to exploit. Normally, a key fob will send out code as rolling or hopping codes, which keyless entry cars process to unlock doors. These rolling codes are designed to be random to deter their reuse, but Wimmenhove notes that Subaru’s implementation of the algorithm used to generate the code in the keys is flawed, with predictable or sequential codes, rather than randomized. Hackers need only a $25 device to capture the packets of data sent by the car key and retrieve the rolling lock and unlock codes the data generates. These codes can then be duplicated on a Raspberry Pi. 

Affected models include Subaru Baja (2006), Subaru Forester (2005–2010), Subaru Impreza (2004–2011), Subaru Legacy (2005–2010), and Subaru Outback (2005–2010). Wimmenhove also demonstrated the exploit for the vulnerability in a Subaru Forester. 

As of this writing, Subaru has yet to acknowledge the issue or respond to requests for comment. Wimmenhove told BleepingComputer, “I did [reach out]. I told them about the vulnerability and shared my code with them. They referred me to their ‘partnership’ page and asked me to fill in a questionnaire.” 

[READ: Car Hacking Issues Spark Change in the Automotive Industry] 

Vehicle hacking is an increasingly relevant issue as cars become smarter, relying on the internet to provide a gamut of features for its users. And Subaru is just among the many other manufacturers affected by car hacking. As early as 2015, smart car features such as infotainment, Wi-Fi, and mobile connection services, as well as other digital/online features (i.e., radio equipment used in keyless entry) have been used as doorways into a targeted and exposed car. 

In August, a collaborative research from the Politecnico di Milano, Linklayer Labs, and Trend Micro Forward-looking Threat Research (FTR) team took a closer look at the vulnerabilities affecting the Controller Area Network (CAN bus). The CAN standard is an internal, message-based vehicle network that enables the car’s microcontrollers and devices to communicate with each other via applications. The research elaborated how the CAN bus vulnerabilities can disable a device connected to the car’s network such as airbags, parking sensors, and other safety systems. Given that a number of car manufacturers use this protocol, the security flaws have tangible effects on the vehicles’ virtual and physical security, and affect the integrity of the components that power many of their functions.

[From TrendLabs Security Intelligence Blog: Is your car broadcasting too much information?] 

But as automobiles become one of the new frontiers for hackers given the latest technologies introduced to them to make them smarter, note its caveats. Additionally, car manufacturers are taking the initiative by updating or patching the applications they integrate in the vehicles they manufacture, and launching programs to better detect vulnerabilities in their vehicles. Last 2016, U.S.’ Automotive Information Sharing and Analysis Center (Auto-ISAC) collaborated with automobile makers in setting up best practices for smart car security. The European Union did the same by outlining the development of security standards and multi-process certification to ensure data privacy in Internet of Things (IoT) devices, including smart cars.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.