Your car is not a safe box - breaking automotive keyless entry systems

David Oswald

Lecturer, University of Birmingham

In recent years, the security analysis of automotive systems has gained significant attention, including attacks on the vehicle CAN bus (with severe safety implications) and the immobilizer. In this talk, we present our new work on the insecurity of automotive remote keyless entry (RKE) systems, i.e., the part of the car key that allows to wirelessly open/close the doors and the trunk. We demonstrate different attacks on two extremely widespread RKE systems: the scheme used by the VW group (Volkswagen, Seat, Skoda, Audi) and the Hitag2 system (employed by a number of vendors including Alfa Romeo, Peugeot, Lancia, Opel, Renault, and Ford among others). The talk concludes with a discussion of these attacks in the wider context of automotive security and an outline of potential countermeasures.

About David Oswald

David Oswald is a lecturer at the University of Birmingham in the Security and Privacy Group. His main field of research is the security of embedded systems in the real world. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection. On the other hand, he is working on the practical realisation of security systems in embedded applications. He is a co-founder of the Kasper & Oswald GmbH, offering services for security engineering. His research on vulnerabilities of various widespread systems (e.g. automotive RKE systems, DESFire RFID smartcards, two-factor authentication tokens, and electronic locking systems) has created awareness of the crucial importance of security for embedded devices.

Sponsored by