The Urgent Need for Key Fob Cybersecurity

As Phoebe Wall Howard writes in her excellent Detroit Free Press article, car key fobs are extremely vulnerable to cyber-attacks.

 

“There’s technology out there that allows people to [walk up to a car and remotely open it],” said former Macomb County sheriff Mark Hackel. Mr. Hackel fell victim to a key fob hack this past May, when a criminal gained access to his vehicle and stole a pistol that was stored in the console. What’s more alarming is that car hackers can remotely start your car’s engine, and even extract your personal information by exploiting fundamental flaws in key fob and keyless entry technology.

 

These flaws are being exploited by bad actors who employ man-in-the-middle (MITM) and relay attacks – the two most common ways to take advantage of an unsecured key fob. Man-in-the-middle attacks involve a radio device that intercepts, clones, and replays communications between two endpoints. The ease with which car hackers can perform MITM attacks is being widely publicized, especially after researchers from the University of Birmingham and the German engineering firm Kasper & Oswald revealed that over 100 million Volkswagen vehicles have vulnerable keyless entry systems.

 

The other common method of compromising a key fob’s security is a relay attack, which is executed by detecting and amplifying the keyless entry system’s signal. Signal amplification can trick a vehicle into thinking the key fob is much closer than it actually is, triggering doors to open, starting the car’s engine, and enabling a car hacker to drive away without a trace. These are a significant sub-set of cyber-attacks that the automotive industry faces today. But, leaders in the cybersecurity industry are developing technologies to head off this threat.

 

“Trillium is developing end-to-end cybersecurity solutions that mitigate the risks of key fob vulnerabilities, and protect data generated by vehicles for its entire lifecycle,” said David Uze, President and CEO of Trillium Secure at the Auto-ISAC Cybersecurity Summit in Detroit.

 

As a Trusted Mobility Services provider, Trillium is developing technologies to protect drivers’ key fobs against MITM and relay attacks. Trillium secures data from its origin to its retirement for all mobility, transportation, and vehicle services. To learn more about how Trillium’s cybersecurity platform protects vulnerable data today and tomorrow, visit https://trilliumsecure.com.