Key is in the Air: Hacking Remote Keyless Entry Systems
A Remote Keyless Systems (RKS) is an electronic lock that controls access to a building or vehicle without using a traditional mechanical key. Although RKS have become more and more robust over time, in this paper we show that specifically designed attack strategies are still effective against them. In particular, we show how RKS can be exploited to efficiently hijack cars’ locks.
Our new attack strategy—inspired to a previously introduced strategy named jam-listen-replay—only requires a jammer and a signal logger. We prove the effectiveness of our attack against six different car models. The attack is successful in all of the tested cases, and for a wide range of system parameters. We further compare our solution against state of the art attacks, showing that the discovered vulnerabilities enhance over past attacks, and conclude that RKS solutions cannot be considered secure, calling for further research on the topic.
- 1.Gqrx SDR. http://gqrx.dk. Accessed 26 June 2018
- 2.Remote Keyless Systems. https://en.wikipedia.org/wiki/Remote_keyless_system. Accessed 26 June 2018
- 5.van de Beek, S., Vogt-Ardatjew, R., Leferink, F.: Robustness of remote keyless entry systems to intentional electromagnetic interference. In: 2014 International Symposium on Electromagnetic Compatibility, pp. 1242–1245, September 2014Google Scholar
- 7.Di Pietro, R., Oligeri, G.: Freedom of speech: thwarting jammers via a probabilistic approach. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec 2015, pp. 4:1–4:6. ACM, New York (2015)Google Scholar
- 10.Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: Proceedings of the Network and Distributed System Security Symposium (NDSS). Eidgenössische Technische Hochschule Zürich, Department of Computer Science (2011)Google Scholar
- 11.Kamkar, S.: Drive it like you hacked it: new attacks and tools to wirelessly steal cars. In: DEFCON 23 (2015)Google Scholar
- 12.Wang, X., Hou, X., Rios, R., Hallgren, P., Tippenhauer, N.O., Ochoa, M.: Location proximity attacks against mobile targets: analytical bounds and attacker strategies. In: Proceedings of the European Symposium on Research in Computer Security (ESORICS), September 2018Google Scholar