This post was last updated on March 11th, 2020 at 11:32 am
Researchers found loopholes in the vehicle’s anti-theft controller’s encryption system. The DST80 keyless startup vulnerability allows hackers to steal the vehicle without leaving any traces by using a radio-enabled key. According to the finding, reports, in the past few years, owners of keyless startup systems have expressed concern about the so-called “relay attack”, which is the use of radio-enabled keys by hackers without leaving any traces. Steal the vehicle.
About DST80 Keyless Startup Vulnerability that Affects Some Toyotas, Kias and Hyundai
Existing facts prove that millions of cars using chip mechanical keys are easily targeted by high-tech thieves. Some password holes, coupled with a bit of old-fashioned “short-circuit ignition”, or even a properly located screwdriver, could allow hackers to clone these car keys and steal the car in seconds.
Researchers at the University of Leuven in Belgium and the University of Birmingham in the UK revealed earlier this week that they had discovered new vulnerabilities in the encryption system of vehicle anti-theft controllers.
Vehicle anti-theft controller is a kind of radio equipment installed in the car, which can make the remote control key unlock the car ignition switch and start the car within a short distance.
Specifically, they found a problem with the DST80 encryption system developed by Texas Instruments used by Toyota, Hyundai, and Kia.
Especially Relevant: How to solve the vehicle’s keyless entry and startup failures
According to the discovery, a hacker can use a relatively inexpensive Proxmark RFID reader/transmitter device to “steal” the key near any remote control key equipped with a DST80 car. In addition to this, they can obtain enough information to obtain the encrypted information.
This, in turn, allowed hackers to use the same proxy marking device to simulate a car’s remote control key, thereby disabling the anti-theft controller in the car and allowing the hacker to launch the vehicle.
Full List of Vehicles Affected by the DST80 Keyless Startup Vulnerability
Basically, the affected vehicle models include Toyota Camry, Corolla and RAV4; Kia Optima, Soul and Rio; Hyundai I10, I20 and I40. The full list of vehicles with encryption flaws found by the anti-theft controllers is as follows:
The list also includes Tesla’s Model S. Sadly, the vehicle also had a DST80 vulnerability. Fortunately, Tesla introduced a firmware update to prevent the vehicle from being attacked.
Toyota has confirmed that the cryptographic vulnerabilities discovered by the researchers are real. However, their technology may not be as easy to implement as a thief using a “relay attack” to steal luxury cars and SUVs.
Under normal circumstances, car thieves usually only need a pair of radio equipment to extend the effective range of the remote control key, so that they can remotely open and start the stolen vehicle, even if there is a wall barrier in the middle.
In contrast, researchers at the University of Birmingham and the University of Leuven developed a “cloning attack” that required the use of an RFID reader to scan a remote key one or two inches away. Because key clone technology is aimed at fixtures rather than keyless input systems. It is important to note that car thieves still need to find ways to turn the vehicle’s ignition switch.
This adds a layer of complexity to stolen vehicles, but researchers have noticed that thieves can simply use a screwdriver or short-circuit ignition to activate the vehicle’s ignition switch.
“This is equivalent to lowering the safety level of the vehicle to the level of the 1980s,” Galesia, a professor of computer science at the University of Birmingham, said in an interview.
Relay attacks are only effective within the range of the original remote key.
However, once the thief has obtained the encrypted information of the remote key, they can repeatedly start and drive the target vehicle.