A team of researchers from the COSIC research group at KU Leuven and from the University of Birmingham has discovered that a wide range of car models produced by Toyota, Kia and Hyundai use weak cryptographic keys. This makes it easy to clone the key fob transponder. It is likely that millions of cars are affected. Additionally, the research reveals how the second version of the Tesla Model S key fob could be easily cloned.
Movies often depict car theft using hot-wiring, where a few wires tucked away behind the dashboard are shorted together to start the vehicle. Modern cars implement an immobiliser to prevent unauthorised use of the car, which requires radio-frequency identification to be able to start the car. Since 1995, immobilisers are mandatory in all motorised vehicles sold in the European Union.
The new study demonstrates security issues in immobiliser systems based on the proprietary DST80 encryption algorithm used by Toyota, Kia, Hyundai, and Tesla. A non-exhaustive overview of the affected vehicles is listed below. Tesla has already fixed the issue affecting their key fob, using an over-the-air software update. This means that the update was applied to all the key fobs that were affected.
| Brand | Period | Model |
|---|---|---|
| Toyota | 2009-2013 | Auris (2011) |
| 2010-2013 | Camry | |
| 2010-2014 | Corolla | |
| 2011-2016 | FJ Cruiser | |
| 2009-2015 | Fortuner | |
| 2010+ | Hiace | |
| 2008-2013 | Highlancer | |
| 2009-2015 | Hilux (2014) | |
| 2009-2015 | Land Cruiser | |
| 2011-2012 | RAV4 | |
| 2010-2014 | Urban Cruiser | |
| Tesla | 06/2018-07/2019 | Model S (2018) |
| Kia | 2012+ | Ceed (2016) |
| 2014 | Carens (2014) | |
| 2011-2017 | Rio | |
| 2013+ | Soul | |
| 2013-2015 | Optima | |
| 2011+ | Picanto | |
| Hyundai | 2008+ | I10 |
| 2009+ | I20 | |
| 2010+ | Veloster | |
| 2013 | I40 (2013) | |
| 2016 | IX20 (2016) |
The researchers revealed that the cryptographic keys in these immobiliser systems are derived from secret constants and/or public information (such as the key fob serial number). As a result, anyone who can come briefly close to the key fob can easily recover the cryptographic key in a matter of seconds and bypass the immobiliser.
"The Tesla Model S key fob was vulnerable to a downgrade attack, which allowed us to force the key fob to use an older, insecure, and proprietary cipher using only half of the full cryptographic key," said Professor Bart Preneel, from COSIC at KU Leuven. "An attacker could thus force the key fob to use the insecure cipher and recover the full key in a few seconds." The issue was discovered in an updated version of the Tesla Model S key fob released in response to earlier research from the team. The downgrade issue was fixed by Tesla in August 2019 using an over-the-air software update.
"We informed Toyota, Kia, Hyundai and Tesla of the identified issues and provided each with a tailored report," says Lennert Wouters, first author of the study. "All the involved manufacturers were responsive. Per request of the manufacturers, we redacted some secret constants used in the key derivation algorithms in our paper to prevent malicious use of our research. Additionally, we informed Texas Instruments about our intention of publishing the DST80 encryption algorithm and provided them with details on the downgrade and side-channel attacks." Texas Instruments updated the description of their DST40 and DST80 products to point to their products using the internationally recognized Advanced Encryption Standard.
"Our research results in a better understanding of automotive security and hopefully will lead to improved security of future products," Professor Preneel concludes.
