Abstract
A Remote Keyless Systems (RKS) is an electronic lock that controls access to a building or vehicle without using a traditional mechanical key. Although RKS have become more and more robust over time, in this paper we show that specifically designed attack strategies are still effective against them. In particular, we show how RKS can be exploited to efficiently hijack cars’ locks.
Our new attack strategy—inspired to a previously introduced strategy named jam-listen-replay—only requires a jammer and a signal logger. We prove the effectiveness of our attack against six different car models. The attack is successful in all of the tested cases, and for a wide range of system parameters. We further compare our solution against state of the art attacks, showing that the discovered vulnerabilities enhance over past attacks, and conclude that RKS solutions cannot be considered secure, calling for further research on the topic.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gqrx SDR. http://gqrx.dk. Accessed 26 June 2018
Remote Keyless Systems. https://en.wikipedia.org/wiki/Remote_keyless_system. Accessed 26 June 2018
Alrabady, A.I., Mahmud, S.M.: Some attacks against vehicles’ passive entry security systems and their solutions. IEEE Trans. Veh. Technol. 52(2), 431–439 (2003)
van de Beek, S., Leferink, F.: Vulnerability of remote keyless-entry systems against pulsed electromagnetic interference and possible improvements. IEEE Trans. Electromagnet. Compat. 58(4), 1259–1265 (2016)
van de Beek, S., Vogt-Ardatjew, R., Leferink, F.: Robustness of remote keyless entry systems to intentional electromagnetic interference. In: 2014 International Symposium on Electromagnetic Compatibility, pp. 1242–1245, September 2014
Di Pietro, R., Oligeri, G.: Jamming mitigation in cognitive radio networks. IEEE Netw. 27(3), 10–15 (2013)
Di Pietro, R., Oligeri, G.: Freedom of speech: thwarting jammers via a probabilistic approach. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec 2015, pp. 4:1–4:6. ACM, New York (2015)
Di Pietro, R., Oligeri, G.: Silence is golden: exploiting jamming and radio silence to communicate. ACM Trans. Inf. Syst. Secur. 17(3), 9:1–9:24 (2015)
Di Pietro, R., Oligeri, G.: Enabling broadcast communications in presence of jamming via probabilistic pairing. Comput. Netw. 116, 33–46 (2017)
Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: Proceedings of the Network and Distributed System Security Symposium (NDSS). Eidgenössische Technische Hochschule Zürich, Department of Computer Science (2011)
Kamkar, S.: Drive it like you hacked it: new attacks and tools to wirelessly steal cars. In: DEFCON 23 (2015)
Wang, X., Hou, X., Rios, R., Hallgren, P., Tippenhauer, N.O., Ochoa, M.: Location proximity attacks against mobile targets: analytical bounds and attacker strategies. In: Proceedings of the European Symposium on Research in Computer Security (ESORICS), September 2018
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ibrahim, O.A., Hussain, A.M., Oligeri, G., Di Pietro, R. (2019). Key is in the Air: Hacking Remote Keyless Entry Systems. In: Hamid, B., Gallina, B., Shabtai, A., Elovici, Y., Garcia-Alfaro, J. (eds) Security and Safety Interplay of Intelligent Software Systems. CSITS ISSA 2018 2018. Lecture Notes in Computer Science(), vol 11552. Springer, Cham. https://doi.org/10.1007/978-3-030-16874-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-16874-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16873-5
Online ISBN: 978-3-030-16874-2
eBook Packages: Computer ScienceComputer Science (R0)