Lock It and Still Lose It - On the -In-Security of Automotive Remote Keyless Entry Systems

Explore the vulnerabilities in automotive remote keyless entry systems in this USENIX Security '16 conference talk. Delve into case studies revealing security flaws in VW Group vehicles and the Hitag2 rolling code scheme used by multiple major manufacturers. Learn about cryptographic algorithms, master keys, and novel correlation-based attacks that allow unauthorized access to millions of vehicles worldwide. Understand the potential implications for unsolved insurance cases of theft from allegedly locked vehicles. Gain insights into the history of remote keyless entry, previous attacks, and practical demonstrations of exploits. Discover how these findings affect various vehicle brands and models, and consider the broader implications for automotive security.

Intro
History of RKE: Fix Codes
History of RKE: Rolling Codes
Previous Attacks on RKE
VW Group RKE: Analysis
Example: VW-3
Example: VW-4
VW RKE Demo
Affected Vehicles
Intermezzo
Hitag2 Usage in RKE
Our previous work on Hitag2
In the RKE context
RKE Protocol (simplified)
Our RKE attack requires
Hitag2 Cipher
A fast correlation attack on Hitag2 (simplified)
Practical limitations
Hitag2 RKE Attack Demo
Vehicles we tested using Hitag2 RKE
Conclusions