shutterbc Posted October 13, 2017 Share Posted October 13, 2017 Just in case this hasn't been posted yet, this is rather interesting / concerning, depending on where you might live. TL;DR: the remote codes are predictable and allow someone to clone your key fob by wirelessly listening to yours. https://www.bleepingcomputer.com/news/security/unpatched-exploit-lets-you-clone-key-fobs-and-open-subaru-cars/ I'm unsure how likely this is to pose a real world threat, but it's not zero. If you have a government agency following you around, you might care about this (among other things). Link to comment Share on other sites More sharing options...
theflystyle Posted October 13, 2017 Share Posted October 13, 2017 Interested to see if Subaru can/will do anything for current owners Link to comment Share on other sites More sharing options...
JF1GG29 Posted October 13, 2017 Share Posted October 13, 2017 I wonder. These are pretty old cars by now. Link to comment Share on other sites More sharing options...
Max Capacity Posted October 13, 2017 Share Posted October 13, 2017 Nice of him to basically tell the internet how to break into our cars. 305,600miles 5/2012 ej257 short block, 8/2011 installed VF52 turbo, @20.8psi, 280whp, 300ftlbs. (SOLD). CHECK your oil, these cars use it. Engine Build - Click Here Link to comment Share on other sites More sharing options...
shutterbc Posted October 13, 2017 Author Share Posted October 13, 2017 Yeah, that's a problem with researching vulnerabilities and then telling someone about your findings. Sometimes it means the world finds out and there's no easy fix available. Link to comment Share on other sites More sharing options...
MilesA Posted October 13, 2017 Share Posted October 13, 2017 The unlock code would only be useful one time right after it was scanned. Once the car is opened again, the code would change. Yes, it is a vulnerability but I think it's not much more risky than an experienced thief with standard tools who wants what's in your car. They can't use this hack to drive the car off. Link to comment Share on other sites More sharing options...
shutterbc Posted October 13, 2017 Author Share Posted October 13, 2017 The unlock code would only be useful one time right after it was scanned. Actually, the keyfob uses a "frequency hopping" scheme that in Subaru's case, is not so random as it should be. So the attack is reproducible. And yes, this isn't new stuff, it's actually pretty common in the older keyless systems. They can't use this hack to drive the car off. Correct. Amount of mental effort I'm going to put into this is minimal. However, next time I park at MIT, I'm gonna check the car a little more carefully because those students get bored sometimes. Also, I've always felt that for some reason, the state of Maine attracts some really talented low-level hackers and this researcher further convinces me of this. Link to comment Share on other sites More sharing options...
MilesA Posted October 13, 2017 Share Posted October 13, 2017 "By receiving a single packet from the key fob (i.e. the user pressed any of the buttons on the fob while the attacker was within range), the attacker can use that packet to predict the next rolling code and use that to lock, unlock, unlock trunk or sound the alarm of the car," Wimmenhove told Bleeping Computer. I interpret that to mean if you have scanned the most recently used code, then you can calculate the next. But you evidently can't keep using the same code since the next time the fob is used the code changes. I suppose if there is a sequential term in the calculation you could try a bunch of codes very rapidly. Link to comment Share on other sites More sharing options...
Phate Posted October 14, 2017 Share Posted October 14, 2017 Nice of him to basically tell the internet how to break into our cars. They've got frameless windows, it's already pretty easy to get into these things. Slide some plastic between the glass and rubber seal, pull the glass slightly away from the car, reach in through the gap with a stiff wire and poke the door lock. Link to comment Share on other sites More sharing options...
solidxsnake Posted October 14, 2017 Share Posted October 14, 2017 Yeah, I don't consider this to be a massive issue. This only makes it "easy" to get into the car, not to start it and defeat the immobilizer. And in all honesty, it's much easier to just unlock the doors through the window like Phate mentioned above. Link to comment Share on other sites More sharing options...
CapnJack Posted October 14, 2017 Share Posted October 14, 2017 A professional security company owner once told me not to give criminals too much credit. They are way more apt to smash and grab then get technical and use their heads. Link to comment Share on other sites More sharing options...
laz Posted October 14, 2017 Share Posted October 14, 2017 I read somewhere that the security system is shared by other manufacturers including Toyota. If that is accurate then this is a problem not only for Subaru but other car manufacturers as well. --- Link to comment Share on other sites More sharing options...
utc_pyro Posted October 14, 2017 Share Posted October 14, 2017 This is just the old Microchip KeeLoq bug. They found this out a LONG time ago, it's just a sensationalized headline because someone bothered to check our cars. There is no fix, and there really cant be one without hardware change. We dont have push to start, so this is really a non issue. If it bother you you can get an aftermarket keyless entry system. Link to comment Share on other sites More sharing options...
laz Posted October 14, 2017 Share Posted October 14, 2017 But but, I can haz your frequencies and take your mph’s whenever I want! --- Link to comment Share on other sites More sharing options...
Regan Walker Posted October 17, 2017 Share Posted October 17, 2017 We dont have push to start, so this is really a non issue. If it bother you you can get an aftermarket keyless entry system. How much of a problem could it be for ones with push to start? Link to comment Share on other sites More sharing options...
MilesA Posted October 17, 2017 Share Posted October 17, 2017 How much of a problem could it be for ones with push to start? There is a transponder in the car ignition key. Push-to-start is usually made so that the transponder needs to be in close proximity to the driver's seat. This hack might enable someone to basically clone your key fob and press any of the buttons on it given they have scanned for the signal when you last used the fob. Without the transponder, they couldn't drive off, though. Link to comment Share on other sites More sharing options...
lockmedic Posted October 17, 2017 Share Posted October 17, 2017 you can't drive off with the car without the transponder the BIU is looking for *and a way to bypass the mechanical ignition lock* In short, yes, as others have said. . .worst they can do is rummage through your car. In my case they may manage to pilfer an android charging cable and a box of Kleenex. In order to accomplish this they would have to be "listening" when you press a button on your remote. A few points for disambiguation: -yes the remote code changes with each use but it's based on an 8 digit number. Any code the remote transmits has to be a derivative of that number. You can program a remote to this system without it even being present so it makes no difference where in the sequence the remote transmits. . .just that the base code agrees with what is stored in the keyless entry module. -it's not used by *that* many other manufacturers. The only other one that comes to mind is Land Rover. Most every other manufacturer I've programmed a remote to requires you to press a button or buttons on the remote to register it. . .which registers the unique base code for that remote and identifies where it is in a rolling code sequence. . . and since the base code isn't written on a sticker and supplied with the remote it's more difficult to crack. -Won't be something subaru will address as it's not that big of a compromise. They're too busy fixing airbags and brake lines. And yes, you'd have to change (at a minimum) the keyless entry module and remotes. If you're really worried about it, put on your tinfoil hat and stop using your remote alltogether or have an aftermarket system installed. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.