Is your car Toyota or Kia? Beware the new trick to steal cars

The results of a study conducted by the KU Lovin University in Belgium and the University of Birmingham in the United Kingdom revealed that millions of cars equipped with mechanical switches operating on a radio frequency chip made by Toyota, Hyundai and Kia, may be vulnerable to piracy due to a coding defect, which allows hackers to clone keys and drive the car In seconds.

Wired magazine reported that researchers discovered earlier this week new weaknesses in the coding systems used in immobilizer devices, which operate at radio frequency within cars and communicate at close range with the key to operate the car called "fob". (FOB), to unlock the vehicle and allow the engine to operate.

The researchers found problems with how Toyota, Hyundai and Kia implemented the Texas Instrument DST80 coding system (DST80), so that the method of implementing encryption allows the hacker who uses the relatively cheap Proxmark RFID By placing it near the ignition key and tricking the car into believing it is near the physical key.

This method requires that the attacker be close to the physical key and scan it using the device, in order to obtain sufficient information to determine the encryption key and its reproduction to disable the immobilizer, which prevents the vehicle from operating without the physical key located near it.

With the immobilizer system disabled, the only remaining hurdle will be the keyhole that makes the engine run, but this requires old car theft techniques such as wires or the replacement of the key with a screwdriver.

The attack was made possible because the encryption keys used in cars were easily discovered through reverse engineering of the firmware, and in the case of Toyota the encryption key was based on a serial number that was broadcast with the signal of the power key, while the Kia and Hyundai vehicles involved only used 24-bit randomly encryption For protection instead of 80 bits.

The researchers say the affected vehicle models include from Toyota: Camry, Corolla and Rav4, and from Kia: Optima, Saul and Rio, and from Hyundai I10 (I10), I20 (I20) and I40 (I40).

Here is a complete list of the cars that the researchers found contain coding defects in the immobilizer.