The cyber tech revolution has penetrated every aspect of our lives, transforming us into hybrid beings. The automobile industry has also benefited from this tech boom and has witnessed drastic changes in a short period. The cars these days are more computerized than ever before, and each succeeding model is taking this chance to greater heights. However, this technological revolution in the automobile industry has paved the way for cybercriminals to devise new ways to manipulate cyberspace and create different cyber vulnerabilities affecting the automobile industry. A recent discovery by several researchers has suggested the emergence of a new ‘replay attack’ vulnerability brutally affecting specific Acura and Honda car models.
Replay attacks comprise the interception – and retransmission – of data to get access to data, systems, or transactions. A replay attack occurs when a hacker identifies secure data transmission or network communication and intercepts it. Then retransmits it (or ”replays” it) as if it were their own.
The newly discovered replay attack allows hackers to unlock the car and even ignite its engine from a limited range. The episode consists of threat actors apprehending the RF signals transmitted from the key fob to the vehicle and retransmitting these signals to take over the car’s remote entry system. This vulnerability is tracked as CVE – 2022 – 27254, a Man-in-the-Middle attack or ‘replay attack’ which has jeopardized the security of several ACURA and HONDA models rendering people to ponder upon preventive measures to safeguard their automobiles.
The researchers who made this discovery stated that the protection options of owners are limited due to the widespread usage of static codes by car manufacturers. Rolling codes that change at each button press provide better protection. It generates new code for each authentication of RKE (remote keyless entry) or PKE (passive key entry). Innovative ventures such as the TESLA Hacker program aims to engage white hat hackers to test the latest safety features of their cars and find vulnerabilities to strengthen their vehicle’s safety.
The RKE (remote keyless entry) system lets the owner unlock his car without physically pressing any button, key, or panel. The door is automatically opened at the touch of the handle when the (RK) key fob is close by. The system depends on short-range radio signals but can hog on mobile networks to render owners lock and unlock cars from miles away. Likewise, range extenders allow remote access to vehicles. Additionally WI-FI dongles are becoming popular amongst hackers to exploit the vulnerabilities in cars with bluetooth enabled driver log connector dongles. The weak firewalls of these dongles allow the hackers to sabotage the locking system and gain access to vehicles.
Researchers acknowledge that PKE Systems are more secure than RKE as they do not rely on the fob to broadcast; instead, the car itself looks for a passive RF fob such as a door keycard, and once close to the vehicle, it automatically unlocks. This requirement of close range renders this attack more challenging.
Experts have put forward the following recommendations to safeguard against this new attack.
- The automobile manufacturers must administer rolling codes, also called hopping codes
- The automation of systems should be carried out regularly
- Strengthening of firewalls to ensure overall safety of fleet from attacks
- Faraday Pouches should be used to protect Key fobs
- PKE (passive keyless entry) can be used instead of RKE (remote key access) due to the proximity required to clone the signal.
- To effectively mitigate this attack, affected cars can be taken to the nearest dealership to reset the key fob.
The current dynamics of the digital realm have warranted us to be more vigilant and self-aware about the new developments in cyberspace. Basic technical know-how can play a critical role in building a resilient cyber society. The composition of artificial Intelligence in our lives cannot go unnoticed now, hence it is of utmost importance that the driver himself should be aware of the critialities and the vulnerabilities of the systems around him more than ever.
Author – Shrey Madaan, Research Associate, CyberPeace Foundation