登录 (/login.

html)
搜索
(/) 注册

(Car Hacking) PKES Passive Key Entry

System Attack KEY RELAY attack. (Two
Factor Authentication for Cars)
sysinit (37) (/@sysinit)在 #hacking (/trending/hacking) • 5年前

Hello

There is an attack on PKES for key-less push start cars. These are any cars
that have a keyfob that works by starting vehicle or opening door by being
in range.

I am going to go over the research I did last year and the research that has
been submitted by the security researchers this year and will be submitted
at blackhat. They made an 11 dollar device that can relay the key from
some ones pocket to the vehicle out in the parking lot.
Here is my setup I used last year to start a Durango a quarter-mile away
from its key.

So This works by demodulating the radio waves at the key and re-
modulating them at the vehicle This in effect allows the bad guys to start a
Car with out the key. This attack worked the length of the mall parking lot i
did it in. As you can see the further away from the key I got the less
reliable it became.

The Setup I had was a custom built (DSP) Digital signal processor I built
using an (FPGA) field-programmable gate array which i used to lossless
"sample" 314-433 Mhz which is the frequency that the keys operate at to the
vehicle immobilizer.

This setup used two Ettus N210 Software defined radios. One on each side.
This setup would fit inside of a backpack or a suitecase and you can about
imagine if it was placed at a rental key return box or a dealership key
return the amount of vehicles that would be susceptible to this type of
attack. This attack cost about 2700 dollars for the setup.

The most recent attacks they have lowered the price to 11-20 dollars which
is the point when it become scary cause now any one with the know how
can steal cars using this method.

This was my first test i did on my neighbors car :-) With her permission of
coarse.

So i started with a wire ran across street and moved to wireless methods.
which work upto 18ms of latency so it could work on 4G or other
technology. after a certain point the (BEP) Bit error percentage goes threw
the roof and the device range is limited. but there is a possibility of further
attacks.

So this year at DEFCON 25 (Hacker Convention in Las Vegas) I should be

demoing my mitigation method that I have made (its free open source
code and hardware) Its based on a 11 dollar Arduino build.

One of my next posts will be how to build this open source vehicle
immobilizer that works on all cars that have PKES or any type of RFID
keys. so 125 Khz 13.56 Mhz 315 Mhz 433Mhz.
In a nutshell the system I built costs 11 dollars to built and takes about 30
min to make. but protects against this type of attack.

It works by Jamming/De-authenticating the key-less Fob until a 2.4 (Token)

Comes into range this token could be any wifi or Bluetooth enabled device.
I have a working prototype for smart watch, Bluetooth keychain, Smart
phone, Infotainment systems in vehicle is the next platform i am working
on.

Here is an example of how the device protects the vehicles radio radius
when activated

This is my first post on here and I will be sharing more security research
and how to build the device and perform the attack once I have time to
post them. Please feel free to comment and give me feedback.

For more information please google PKES attacks, Relay attacks, and they
have a great wired article about the Chinese researchers who did the cheap
11 dollar attack on key relays.

Thanks
 #carhacking (/trending/carhacking) #pkes (/trending/pkes) #defcon25 (/trending/defcon25)

#blackhat2017 (/trending/blackhat2017)

5年前 在 #hacking (/trending/hacking) by sysinit (37) (/@sysinit) 回复 2

$0.35 4个投票 (/hacking/@sysinit/car-hacking-

pkes-passive-key-entry-system-

attack-key-relay-attack-two-factor-

authentication-for-cars)

排序:  Trending

pentest (25) (/@pentest) 5年前 (/hacking/@pentest/re-sysinit-car-hacking-pkes-passive-key-entry- [-]

system-attack-key-relay-attack-two-factor-authentication-for-cars-20170620t151432988z#@pentest/re-sysinit-
car-hacking-pkes-passive-key-entry-system-attack-key-relay-attack-two-factor-authentication-for-cars-
20170620t151432988z) 
Hello my dear friend, Weston Hecker! How can I find out more information about this project? I'm a pentester
from Ukraine, I want to make/receive a copy of such a device. And make a newspaper/television report about the
vulnerability of modern machine safety systems in Ukraine. How can I talk to you about this?

$0.00 1个投票 回复

sysinit (37) (/@sysinit) 4年前 (/hacking/@pentest/re-sysinit-car-hacking-pkes-passive-key- [-]

entry-system-attack-key-relay-attack-two-factor-authentication-for-cars-
20170620t151432988z#@sysinit/re-pentest-re-sysinit-car-hacking-pkes-passive-key-entry-system-
attack-key-relay-attack-two-factor-authentication-for-cars-20170723t135944079z) 
Hit me up on twitter and message me I will send you one :-) I will be demoing it in lasvegas at defcon

https://www.defcon.org/html/defcon-25/dc-25-demolabs.html also talking about it in the carhacking

village.

хорошего дня

$0.00 回复