Watch a hacker unlock a car WITHOUT touching it - and the whole attack takes just 10 minutes to complete
comments
You may be forgiven for thinking your car is secure, parked on your drive with the doors locked.
But a security researcher has revealed how key fobs can be hacked wirelessly using an everyday laptop, transmitter and a bit of technical knowledge.
Researcher Dr Silvio Cesare demonstrated the hack exclusively to Wired, ahead of presenting his findings at this week's Black Hat conference in Las Vegas.
Scroll down for video
The hack was demonstrated by security researcher Dr Silvio Cesare ahead of his talk at this week's Black Hat conference in Las Vegas. Cesare used a software-defined radio to mimic the same frequency as a key fob. Using this frequency, he was able to guess the code that unlocked the car. Stock image pictured
Dr Cesare's hack involved mimicking the frequency used by key fobs, and wirelessly unlocking the car in minutes.
The equipment used in the hack included a software-defined radio, a transmitter, amplifier and antenna all connected to his laptop.
His whole system cost $1,000 (£600) - but prices could be cheaper if different antennas and transmitters were used.
The radio is designed to pick up frequencies across the FM, Bluetooth and Wi-Fi range.
In the video, Dr Cesare is shown using his laptop, with the antenna and amplifier, to transmit the same frequency used as the key fob.
He then performed what's known as a 'brute force' attack to correctly identify the code needed to force the fob to unlock the car.
In theory, this could be performed with any key fob if the hacker was able to identify and attack the frequency it sits on.
The car used in the attack has deliberately not been revealed, but Dr Cesare told Wired he has contacted the manufacturer, via the Australian Computer Emergency Response Team.
Dr Cesare did caveat his discovery, however, by claiming it's not as straightforward as it seems.
Dr Cesare added that the hacker would need to pick up the car's unique unlock code by 'eavesdropping' on the frequency before being able to attack it
For example, the hacker would need to pick up the car's unique unlock code by 'eavesdropping' on the frequency.
But, he noticed the code in his experiment could be used multiple times before it stopped working, so this eavesdropping could occur well in advance of the attack.
This is the latest hack that exposes weaknesses in the technology being fitted to modern-day cars.
In February, hackers demonstrated a homemade devices called the CAN Hacking Tool (CHT).
The device can be fitted to any car's Controller Area Network 'within minutes' and run malicious code through the vehicle's system.
Once hackers take hold of this network they can control lights, locks, steering and even brakes - and it costs just $20 (£12).
Many cars come with built-in software that run on an operating system in a similar way to phones and computers.
The CAN Hacking Tool (CHT) has four wires that are attached to the different outputs of a car's Controller Area Network.
A 60p ($1) computer chip is used to bypass any encryption on the car before reading and writing data from the flash memory of the vehicle's engine control unit.
In February, Spanish security researchers created the $20 (£12) CAN Hacking Tool (CHT) (pictured) - a device that can be fitted to any car's Controller Area Network 'within minutes' and run malicious code through the vehicle's system. Once hackers take hold of this network they control lights, locks, steering and brakes
Hacking tools can be attached to a car's Controller Area Network (CAN), pictured. This diagram shows the electronic layout of a typical car and the features controlled by the CAN are shown along the black lines including lights, climate, seats, heating and locks
The gadget is smaller than an iPhone, meaning it sits in the palm of the hacker's hand, and can be controlled remotely.
Hackers can use any command they want to program an action via the CHT, and this includes disabling the brakes, deploying the airbag, locking the doors and enabling the alarm.
Put the internet to work for you.
0 comments:
Post a Comment