Home Tags Alfa Romeo

Tag: Alfa Romeo

It looks like a crossover but drives like a sporty sedan.
One of Audirsquo;s most popular models gets upgrades for the 2018 model year.
Alfa Romeo, Chevrolet, Jaguar, and Porsche bring Nordschleife credentials to the show.
This might be the best four-door performance car on sale right now.
Fun to drive, carries plenty of cargo, but let down by a punishing low-speed ride.
One hundred million Volkswagen vehicles are allegedly at risk after researchers reveal weaknesses in wireless key security.

But those aren't the only vehicles at risk. New research presented at the USENIX security conference this week revealed that there is a critical weakness in vehicles that could enable an attacker to unlock and start a car remotely.

The research was conducted by computer science researchers at the University of Birmingham in the UK."We show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys," the research abstract states. "We show that by recovering the cryptographic algorithms and keys from electronic control units, an adversary is able to clone a VW Group remote control and gain unauthorized access to a vehicle by eavesdropping a single signal sent by the original remote."Not only does the paper provide insight into the flaws in Volkswagens, but it also details similar flaws in the Hitag2 mechanism used in Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault and Ford vehicles that enable a rolling code approach for keyless entry."Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles," the paper states. While the impact of vehicle theft is likely in the tens of thousands of dollars per stolen vehicle, the researchers' approach makes use of a $40 device they built using the open-source Arduino micro-controller. The researchers contacted Volkswagen Group in November 2015 and met with the company in February to discuss the findings.

According to the researchers, VW Group acknowledged the vulnerabilities."As mentioned in the paper, we agreed to leave out amongst others the following details: cryptographic keys, part numbers of vulnerable ECUs [electronic control units], and the used programming devices and details about the reverse-engineering process," the researchers stated.Vehicle security experts contacted by eWEEK were not surprised by the new disclosure of widespread issues in VW Group vehicles.

David Barzilai, co-founder of Karamba Security, noted that his company has been seeing similar security issues with multiple brands. Karamba launched its flagship Carwall security platform in June in an effort to help secure vehicles' ECUs."The innovation of the USENIX paper is that it shows that a single brand and its subsidiaries are exposed, with all cars that were sold since 1995, as they all use the same master key," Barzilai told eWEEK.Corey Thuen, senior consultant at IOActive, said the keyless entry risk is in line with IOactive's expectations."We see these types of vulnerabilities being systemic to the auto industry, and this area of vulnerability is the most likely to be exploited by attackers," Thuen told eWEEK. "Unless we're talking about nation states or similar groups, your average hacker is motivated by money, so any vulnerabilities that can be turned into dollars, like this keyless entry attack, are going to be a higher likelihood."In Thuen's view, the real trouble in the auto industry, and in particular with the keyless entry risk, is all about vendor failure to follow security industry best practices.
In this case, Thuen said that proper key infrastructure and management were lacking, with the vendor instead making use of hardcoded information. He added that in IOactive's recently released Commonalities in Vehicle Vulnerabilities report, the issue is documented in detail.Barzilai believes the Karamba Carwall platform could in fact be used to limit the risk of such keyless attacks. He noted that the reported hack on VW was done through reverse-engineering an ECU and obtaining a private key."With Karamba installed, hacking into the ECU and then reverse-engineering it would be detected and prevented as a deviation from factory settings," he said. "Therefore, the attack would have probably been prevented."Barzilai added, "The attack shows that security should be done from a system approach, and the ECU is the attack surface or attack gateway to the car."Security is a very difficult thing to "bolt-on" after the fact, according to Thuen.

A failure to follow security best practices during the design and implementation phases can be very difficult, and often impossible, to remediate afterward."Microsoft, Google, Apple, OWASP and now auto-specific organizations like the Auto-ISAC have learned a lot over the past couple decades, and the auto industry needs to take advantage of that," Thuen said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.
Remote control eavesdrop clone is 'master key' Security researchers will highlight vulnerabilities in keyless entry systems that impact on the protection against theft of millions of cars at a conference tomorrow. The researchers, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, said they'd found that it was possible to clone a VW Group remote control after eavesdropping on a signal. The hack means its possible for thieves to unlock cars even if the owners have locked them. Worse yet, almost every vehicle the Volkswagen group has sold for the last 20 years – including cars badged under the Audi and Skoda brands – are potentially vulnerable, say the researchers.

The problem stems from VW’s reliance on a “few, global master keys”. El Reg asked Volkswagen’s PR team to comment on the upcoming research but we didn’t hear back at the time of going to press. We’ll update this story as and when we hear anything more. During an upcoming presentation, entitled Lock It and Still Lose It — on the (In)Security of Automotive Remote Keyless Entry Systems at the Usenix security conference (abstract below) – the researchers are also due to outline a different set of cryptographic flaws in keyless entry systems as used by car manufacturers including Ford, Mitsubishi, Nissan and Peugeot. The two examples are designed to raise awareness and show that keyless entry systems are insecure and ought to be re-engineered in much the same way that car immobilisers were previously shown to provide less than adequate protection. While most automotive immobiliser systems have been shown to be insecure in the last few years, the security of remote keyless entry systems (to lock and unlock a car) based on rolling codes has received less attention.
In this paper, we close this gap and present vulnerabilities in keyless entry schemes used by major manufacturers. In our first case study, we show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys. We show that by recovering the cryptographic algorithms and keys from electronic control units, an adversary is able to clone a VW Group remote control and gain unauthorised access to a vehicle by eavesdropping a single signal sent by the original remote. Secondly, we describe the Hitag2 rolling code scheme (used in vehicles made by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford among others) in full detail. We present a novel correlation-based attack on Hitag2, which allows recovery of the cryptographic key and thus cloning of the remote control with four to eight rolling codes and a few minutes of computation on a laptop. Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles. Garcia was previously blocked from giving a talk about weaknesses in car immobilisers following a successful application to a British court by Volkswagen.

This earlier research on how the ignition key used to start cars might be subverted was eventually presented last year, following a two year legally enforced postponement. The latest research shows how tech-savvy thieves might be able to unlock cars locked by the vehicles' owners without covering how their engines might subsequently be turned on. Wired reports that both attacks might be carried out using a cheap $40 piece of radio hardware to intercept signals from a victim’s key fob.

Alternatively, a software defined radio rig connected to a laptop might be employed.

Either way, captured data can be used to make counterfeit kit. ® Sponsored: 2016 Cyberthreat defense report
Frank Derksreader comments 64 Share this story Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities. The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob—obtained with a little electronic eavesdropping, say—you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroën, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute. Similar techniques have been linked to a number of car thefts, including most recently in Houston. It seems the power of 1990s-era automotive-grade encryption is helpless in the face of $40 Arduinos and SDR.