DST80 Keyless Startup Vulnerability allow Hackers to Start your Car

Researchers found loopholes in the vehicle’s anti-theft controller’s encryption system. The DST80 keyless startup vulnerability allows hackers to steal the vehicle without leaving any traces using a radio-enabled key. According to the findings reports, in the past few years, owners of keyless startup systems have expressed concern about the so-called “relay attack”, which is the use of radio-enabled keys by hackers without leaving any traces. Steal the vehicle.

About DST80 Keyless Startup Vulnerability that Affects Some Toyotas, Kias, and Hyundai

Existing facts prove that millions of cars using chip mechanical keys are easily targeted by high-tech thieves. Some password holes, coupled with a bit of old-fashioned “short-circuit ignition”, or even a properly located screwdriver, could allow hackers to clone these car keys and steal the car in seconds.

Researchers at the University of Leuven in Belgium and the University of Birmingham in the UK revealed earlier this week that they had discovered new vulnerabilities in the encryption system of vehicle anti-theft controllers.

A vehicle anti-theft controller is a kind of radio equipment installed in the car that can make the remote control key unlock the car ignition switch and start the car within a short distance.

Specifically, they found a problem with the DST80 encryption system developed by Texas Instruments and used by Toyota, Hyundai, and Kia.

Especially Relevant: How to solve the vehicle’s keyless entry and startup failures

According to the discovery, a hacker can use a relatively inexpensive Proxmark RFID reader/transmitter device to “steal” the key near any remote control key equipped with a DST80 car. In addition, they can obtain enough information to get the encrypted information.

This, in turn, allowed hackers to use the same proxy marking device to simulate a car’s remote control key, thereby disabling the anti-theft controller in the car and allowing the hacker to launch the vehicle.

Full List of Vehicles Affected by the DST80 Keyless Startup Vulnerability

Basically, the affected vehicle models include the Toyota Camry, Corolla, and RAV4; Kia Optima, Soul, and Rio; and Hyundai I10, I20, and I40. The full list of vehicles with encryption flaws found by the anti-theft controllers is as follows:

The list also includes Tesla’s Model S. Sadly, the vehicle had a DST80 vulnerability. Fortunately, Tesla introduced a firmware update to prevent the car from being attacked.

Toyota has confirmed that the cryptographic vulnerabilities discovered by the researchers are real. However, their technology may not be as easy to implement as a thief using a “relay attack” to steal luxury cars and SUVs.

Don’t Miss: Vehicles/Car Anti-Theft Devices: Their Usefulness & how to select the Best for Protecting Your Vehicle

Under normal circumstances, car thieves usually only need a pair of radio equipment to extend the effective range of the remote control key so that they can remotely open and start the stolen vehicle, even if there is a wall barrier in the middle.

In contrast, researchers at the University of Birmingham and the University of Leuven developed a “cloning attack” that required an RFID reader to scan a remote key one or two inches away. Because key clone technology is aimed at fixtures rather than keyless input systems, it is important to note that car thieves still need to find ways to turn the vehicle’s ignition switch.

This adds a layer of complexity to stolen vehicles, but researchers have noticed that thieves can use a screwdriver or short-circuit ignition to activate the vehicle’s ignition switch.

“This is equivalent to lowering the safety level of the vehicle to the level of the 1980s,” Galesia, a professor of computer science at the University of Birmingham, said in an interview.

Relay attacks are only effective within the range of the original remote key.

However, once the thief has obtained the encrypted information of the remote key, they can repeatedly start and drive the target vehicle.