All CANBUS packages that are useful to drive a car should be encrypted using a public/private key that is in the owner key. Decryption chips are cheap and fast.
Maintenance is a big key management problem though: if only the owner has it, there will be problems when people inevitably lose it. If there are shared keys for service departments or databases, thieves will get access to them.
Things like time-limited on-demand keys can limit those problems but now you can’t get your car serviced when Toyota’s servers go down and they need to commit to not breaking API compatibility for multiple decades.
In the old days, most or all car companies had the ability to look up the bitting code to cut a replacement key (the mechanical kind) from the car's VIN. There's no reason they can't do the same with an encryption key.
Of course they'd need to do a good job securing that database since inappropriate access to it would make stealing cars very easy.
There is a very good reason that isn't possible/analagous to traditional rekeying.
Mechanical keys are not secure. They can be reproduced with basic skills. That's why there used to be a giant key cutting industry where much of the business was car keys (Thanks, GM.)
The whole idea of CA PKI and all modern TPM architecture on devices is that they CAN'T be reproduced or replaced in context without massive effort that would make the intended use moot; IE replacing the TPM and associated on both the key and car. This would require some bureaucratic pointless process to prove your identity, and it would be very expensive and frustrating, and completely at the manufacturers will.
Further, if the car CPU could allow this, it would be >.0001 second before theives use the same exact tools that the manufacturers use. This is basically what's happening now with current NFC/Radio Keyfobs. Basic access to existing cpu through canbus makes NFC/Radio moot.
Most modern keys already have cryptographic rfid transponders which must be in place to turn off the Immobilizer system.
Unfortunately, Immo can be trivially disabled/bypassed/reprogrammed on many cars using the canbus or odb2 interface.
Also trivially editable in many ICUs is the mileage, airbag (crash) history, etc.
The main vector is that this data typically exists alongside performance parameters and user data like registered keys and fobs, so is accessible either by catching the ecu in bootup/program mode, by buffer overrun attacks, or often just by asking nicely.
This is basically doable by anyone who can to chip tuning or ECU remaps. It’s technical, but not that technical. Many ECUs require JTAG access inside the ECU housing or even desoldering the serial flash chip, but many do not.
I just bought a whole setup for this from AliExpress for about 100 dollars and it’s worked well for me so far, just a specialised JTAG adapter with some cables really.
Pretty sure if you wrote drivers for chip tuning software to use a buspirate it would work just as well if not better.
The manufacturer should maintain a root cert that can be used. If that root cert is compromised then they should have a way of rotating keys if the vehicle and physical keys are present. Breaches then constitute what amounts to a software recall, putting the onus on the manufacturer to report them or be held liable for thefts. The recall notice puts the liability on the driver to have their vehicle updated (for free) in a timely fashion.
The situation doesn’t need to be as strict as #2: you could have a way for a registered service shop to get a per-device rekey by shifting some liability to them. Making it per device prevents bulk usage and an active communication with the manufacturer would mean the cops could ask the owners of a shady auto shop some questions when 80% of the stolen cars in the area are being rekeyed at a place the owners have never been to. I lost a car key once and the locksmith who showed up checked my drivers license against the title database because he could have been penalized for unlocking a vehicle without doing so - we could make the same model work electronically because while car thieves are anonymous, legitimate repair shops have a business presence and reputation to preserve. Even someone amoral isn’t going to look the other way for something which will cost them their primary revenue stream.
I don't think that the dealer equipment being used to steal cars today is coming from dealers where management is knowingly engaging in car theft. It is other people who are misusing those tools. There are many hundreds of thousands of people who work at dealerships, and many do not care about their employers reputation. Also, many dealerships are broken into.
Yes, which is why I suggested a combination of measures to change that. An active per-device transaction would make it clear when a dealer’s access is being misused, and if it affects their business viability it would turn out that they could do a better job of controlling access. Hundreds of thousands of people work at banks, too, and many of them do not care about their employers but thefts from customer accounts are rare because the companies are incentivized to set appropriate safeguards. There’s no reason why car repairs couldn’t be the same other than that it costs more than what they’ve been doing, and there aren’t strong enough incentives for them to take on those costs.
The result of that may be that losing a key is financially devastating enough that it totals many vehicles. And/or if the odometer and other local storage is affected, that may cause permanent title issues for the car.
The number of people who lose their keys vastly dwarfs the number of people who are having their car stolen with a flipper zero.
It has to be hard enough it can't be done in the street (without getting attention), but maybe it could be easy enough to do in a garage.
But even if it is expensive, the result would be that either people with take more care, or they'll lose their car.
Maybe it's not a bad thing that people who can't manage a key are less likely to be on the roads - or that its more likely they lose access to their car then it ends up in the hands of criminals. A car can be a dangerous thing, even an inexpensive one.
Yes, but this wouldn't prevent dangerous street criminals from stealing cars. Many of them steal the keys with the car. They go down to the gas station, and wait for an old lady with a nice car to pull up to the pump, and when she hops out they hop in.
The criminals doing more skilled attacks typically aren't joyriding or using it to commit other crimes, they typically doing it for financial gain: they want the car, its contents, or its parts.
Ultimately the overlap between the violent street criminals and those skilled at attacking digital security systems is not much.
> But even if it is expensive, the result would be that either people with take more care, or they'll lose their car.
The entire reason keys were explicitly designed with the functionality to program new ones is because that's not considered by most to be an acceptable solution.
That kind of expands the scope of this conversations to mugging/carjacking, which also comes with a higher penalty, and probably higher priority to the police.
And, it involves interacting with someone, who presumably can call the police afterwards, and activate any lojack / immobilisation device before it can be removed. Presumably the appeal of stealing a parked car it may be a while before it has been discovered and reported stolen.
Also, doing such a thing in a gas-station where there are likely cameras and even other people / attendants make it seem pretty risky to me. Are these dudes just hanging around the pumps in masks? What country is this?
> not considered by most to be an acceptable solution
Things change, but also, it's as much up to the government and/or insurance corps what's acceptable.
A traditional car key can be trivially duplicated at any hardware store. That's the difference. You can make as many spares as you want for a couple bucks a pop. No dependencies. No network.
Do any cars have "traditional keys" anymore? My 15 year old Corolla has an embedded RFID tag in the key, and can only be duplicated at a Toyota dealership.
Assume that for anything new enough to have keyless entry, the answer is no.
The big switchover was in '96 when OBDII/CAN bus became mandatory. At that point it became pretty cheap to do things electronically, often cheaper than mechanically, so lots of things started switching over around then.
Not fully true. Just as it's not true with non-car keys. Some blanks are heavily protected. Now these days with the dissemination of cheap cnc mills, maybe thats a bit more trivial, but you are paying a lot more for a cnc mill than you pay for a old key grinder.
Same issue we have now with ghost guns honestly. CNC mills are powerful tools, with the right software you can essentially just place the properly sized chunk of metal in the box and hit go.
That's why I said traditional key. They're just metal with a few parts cut to a specific profile. It's once you start mucking around with immobilizers and other encrypted things that need the factory tools... Those can cost tens of thousands, and usually require continuous internet access back to the home office.
Because they only have the public key. You need the private key which NO ONE gets, not even the dealer. They send the required info in (which includes the serial / "key") for the new key to the home office. You can't just copy the key, even electronically, as it will have a different hard-wired "seed".
My Ducati bike had immobilizers that would prevent the bike being started without the key or the per-bike code card. When it was stolen, the thieves tried all manner of things to start it, including drilling through the ignition keyhole. I managed to get it all fixed and the bike still ran. Without the immobilizer, someone else would be riding my bike.
That's no different from this proposal. You just give them the keys, or the key card (or red key) if you've lost the keys.
Some of the tools used to steal cars are the legitimate tools used to repair cars. Key programmers aren't cheap, but at under $5k for decent ones, they aren't crazy expensive either. It pays for itself in one job.
You could make these tools more difficult to obtain, but that won't stop the crime.
Immobilizers and requiring a PIN to start the car are cheap, effective ways of preventing car theft without negatively impacting our ability to repair vehicles. It would behoove government agencies to include a list of anti-theft techniques on the window sticker and it would behoove insurance companies to be very upfront with the anti-theft features they think vehicles need.
Right now many of the components of your iphone are paired to the phone through signing. It's a huge fucking pain in the ass, and it makes the whole 'right to repair' a huge can of worms.
I work in CA/PKI, particularly IOT device registration/security via TPM keys.
I cannot imagine a scenario after years working with our own infra and clients where a car manufacturer would restrict access to the vehicle with a private key decryption on the FOB tpm, (that can't be exported or copied.)
Lost/broke fob? 4000 pound paperweight, to no ones benefit. Insurance nightmare that would also be violating right to repair in many states (which is a different issue) .
There SHOULD be a standard like every person has some device or process that is also a CA, who can then generate and dictate what keypairs can access a device, car etc. But we are very very very far away form that.
It's an enormous amount of implementation effort aimed at tampering which, to some approximation, never happens. And as another poster has said elsewhere, partitioning the communications would be cheap.
That they are using the OEM software indicates that there is some authentication going on with the ECU to start the engine anyway. I bet they didn't truly plan for key rotation.
Allow me to offer a different opinion. There is little sense in applying logical security when physical security is lacking. CANBUS should not be accessible by taking apart headlights. Communication buses must be protected from physical access, i.e., trip the alarm system or disable the car upon unauthorized access. There can be no logical security without physical security.
It would be very hard to make CANBUS inaccessible from headlights, since that what controls it. However, the headlight shouldn't be able to tell the rest of the system that the key is in the car.
Logical compartmentalization like you suggest is a fine approach, but even better is to not allow physical access. Unless the car is in maintenance mode at the shop, the chassis should be sealed tight. Maybe the manufacturer decided to favor headlight maintainability over theft prevention, or was simply oblivious.
From what I've been seeing with Toyota and their ECU Security Key, it hasn't been cracked yet but it's close to being cracked and extracted from a running car and the private key extracted (so things that look at CAN bus messages can work again, like comma.ai)
CANbus protocol makes this hard. Payloads are limited to 64 bits, to start with. But the payload for each message could be encrypted, even though secure key exchange would be difficult.
It's so hard that (almost) every European manufacturer figured it out.
There is also FlexRay. There is nothing interesting you can do with CANbus on new mercs. Even unencrypted CANbus messages go through gateways that (could) prevent headlights from reporting key presence.
There is a reason that some cars don't have reasonable attack vectors (excluding parachuting the driver out of the car) and some can be started with a screwdriver (or slight more involved way with CANbus). It's not complexity, it's cost.
Things like time-limited on-demand keys can limit those problems but now you can’t get your car serviced when Toyota’s servers go down and they need to commit to not breaking API compatibility for multiple decades.