Major flaw in the encryption of the anti-theft systems of millions of cars

According to the work carried out jointly by researchers from two universities, millions of vehicles of the Toyota, Hyundai and Kia brands have anti-theft systems as vulnerable as those of the 1980s.

In Lille, at the end of January during the International Cybersecurity Forum, Futura met Gaël Musket , a hacker member of the YesWeHack collective. He was worried then about the lack of investment of the automobile manufacturers in cybersecurity

For him, on most vehicles the vulnerabilities are numerous and the manufacturers seem to completely ignore the subject. And the news gives once again reason to this specialist who knows how to divert with little means the assistance systems of cars to transform them into a 100% autonomous vehicle

Thus, at Toyota, Kia and Hyundai, millions of vehicles could be easily stolen by clever thieves equipped with a simple inexpensive reader-transmitter unearthed on e-Bay. With it, it is possible to very easily clone the locking and key start system due to a huge vulnerability in these brands.

The weakness stems from the use of the chip used by these brands to protect vehicles from theft. This is the DST80 from Texas Instruments which can easily be found on the web

Researchers from the University of Birmingham (United Kingdom) and KU Leuven (Belgium), wishing to educate manufacturers on preventing vehicle theft have shown that with their small boxes, they very quickly managed to recover the code for encryption of key operated with this system. The vulnerability does not really come from the DST80, but rather from the way the manufacturers have generated their encryption keys with it. According to the researchers, the codes are rudimentary.