Put the Brakes on Car Hacking
Author Jeremy McIntyre
In partnership with Breezeline
Car hacking is a growing concern as more and more vehicles are equipped with advanced computing systems that are connected to the internet. Hackers can potentially exploit vulnerabilities in these systems to gain control of a car's functions or steal sensitive information from the vehicle and potentially even the car itself. In this blog post, we will discuss two types of car hacking attacks that attackers can use to gain physical access to a vehicle: rolljam and rollback. Before we discuss these attacks, it is important to understand what rolling codes are and how they're implemented. Rolling codes are a type of encryption that is used to protect the wireless signals that are used to unlock a car's doors and start the engine. The idea behind rolling codes is that the code used to unlock the car changes every time the owner presses the unlock button on their key fob. This makes it difficult for hackers to simply record the signal that is being sent from the key fob and use it to unlock the car at a later time. Rolljam is a type of attack that targets the Automotive Remote Keyless Entry (RKE) systems used to unlock and start a car. The attacker performs this type of attack by jamming the signal that is used to unlock the car's doors, preventing the owner from accessing their vehicle. While the owner is trying to unlock the car, the attacker uses a device to record the signal that is being sent from the owner's key fob. Once the hacker has recorded this signal, they can send the first code they jammed to unlock the door, and save the second code and use it to unlock the car at a later time, but only if the owner has not yet used it. This attack can be quite cumbersome, as the attacker needs to be in close proximity to the car and the owner's key fob in order to perform it. Moreover they are time-constrained as they must use their captured code before the owner. RollBack, however requires no jamming making it much more effective than rolljam. To utilize this attack, the attacker needs to record several consecutive rolling codes that are sent from the key fob. Once they are able to record these codes, they can use them to trigger a resynchronization of the key fob and the car's RKE system. This resynchronization will cause the car to accept a previous code that the attacker then sends, allowing them to unlock the car and gain physical entry. What makes this attack particularly effective is that the attacker does not need to be in close proximity to the car or the owner's key fob in order to perform it. Furthermore, the attack can be performed asynchronously without any impact on the functionality of the victim’s fob, making it undetectable. Both rolljam and rollback attacks are serious threats to the security of modern cars, and they highlight the need for car manufacturers to prioritize cybersecurity in the design of their vehicles - while some models have protections, most do not. In the meantime, car owners should be aware of these attacks and take steps to protect themselves. Since these attacks require the attacker to be in close proximity to the car and the owner's key fob, it is important to be aware of your surroundings. Minimize the number of times you click your fob to unlock your car and the distance between you and your car when you do so. Without the ability to jam the signal or record multiple rolling codes, these attacks are much less effective.
About Jeremy McIntyre : Jeremy is a Cloud Infrastructure and Platform Engineer who has worked in the cyber security sector - formerly at Finite State and presently at SCYTHE. Resource(s): https://www.blackhat.com/us-22/briefings/schedule/index.html#rollback---a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-27185