Hackers Now Have Access to Your Car Key Fobs and Immobilizer Systems

Image credit: Delcominfotech.com
Image credit: Delcominfotech.com

As crime takes new forms, crafty thieves have found ways to hack and steal new generation cars.

There were days when cars got stolen by twisting a screwdriver or a needle in the door lock.

Well, today we are experiencing the digital version of car theft. Yes, hackers have found ways to steal cars by hacking the radio-enabled key fobs and it’s giving nightmares to car owners as their high-tech cars and keys are vulnerable to theft.

All it takes is a genius mind and some cryptographic flaws with a little hardware tools, allowing hackers to clone keys and simply drive away.

Studies in UK and Belgium have determined major flaws in the encryption system used in the immobilizers. Immobilizers are the close-range communication devices placed inside the cars to enable ignition.

Specific vulnerabilities were found in how popular brands like Toyota, Hyundai and Kia implement the encryption system – DST80.

These vulnerabilities allow hackers to gain vehicle information just with a simple RFID reader by swiping it close to the key fob. The gained information can be then coded to create a similar key containing the cryptographic value of the original key.

According to the research, the vulnerable car models include:

  • Toyota Camry, Corolla, RAV4.
  • Kia Optima, Soul, Rio.
  • Hyundai i10, i20 and i40.

Toyota has confirmed that these vulnerabilities are “existent”, however, the company claims that it’s not as easy to pull off as the traditional “relay” method of stealing cars.

Wired reported in an article – Toyota responded in a statement that “the described vulnerability applies to older models, as current models have a different configuration.” The company added that “this vulnerability constitutes a low risk for customers, as the methodology requires both access to the physical key and to a highly specialized device that is not commonly available on the market.”

Researchers claim that except for Tesla, no other car immobilizers they studied couldn’t be hacked into by replicating the key fob details and downloading the software onto the device computer. This is primarily because after last year’s discovery of vulnerability, Tesla release a firmware update to block any hacks and intrusion resulting to theft.

Replacing the key fob seems to be the only solution in this scenario. For more information on the key fob hacks, preventions and solutions, you may visit: Toyotanation