Leaderboard

I did my cyber security dissertation on this sort of thing.. Looking into security of short range RF devices using RTL-SDR and yardstick one. Yes VW are protected from replay attacks by rolling codes but are still vulnerable to rolljam attacks which consists of blocking and capturing the first unlock code and then the second then replaying the first code leaving an unused unlock code to the vehicle, which an attacker can then resend later on. VWs and a lot of other manufacturers are vulnerable to this. I believe the hackrf device can do this, although this is some effort and hit/miss as your blocking the the frequency the remote key fob transmits on but also trying to record at the same time... Obvs also vulnerable to brute force attacks but that can take time. Quicker if you can see patterns of codes to reduce your key set. Ie if the beginning of a code or end of a code is the same you know you only need to guess the middle.. iirc the ecu/CCM stores a number of keys allowed to unlock the vehicle incase the keys are pressed numerous times outisde range of the vehicle. You would then need 2 or so consecitive codes to resync them with the ecu/CCM. So this also increases your chances as you have more acceptable codes to unlock the vehicle. What is more scary is that VW of the same era codes have been cracked so you can capture one code and create more for later use. Check this paper out. Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems Fortunately he hasn't released the cryptographics of it but be aware they are bust and vulnerable. What I did find funny a few years back I had a lupo without remote control locking. It was actually more secure fitting a 3rd party system like rclick than retrofitting the genuine system. Also worth noting is that many old garage doors/shutters etc are vulnerable to replay attacks.. Thinking of more physical security yet?