Open in app

Sign in

Write

Sign in

Hacking a Car (wirelessly)

Harsh Malhotra
4 min readMar 11, 2021

--

How is it possible to hack cars wirelessly?

Its because vehicle manufactures are building the cars in such a way that makes their electrical system and computer networks as a mobile phone connected to the internet, which exposes a whole lot of possibilities to hack a car and allowing hackers to gain control of a car from locking or unlocking a car to be able to drive a car remotely just with equipment's worth a few bucks!

Attacks your Car/Vehicle might be vulnerable to:-

1 . Replay Attack:-

Most of the cars these days come with a key fob to remotely lock/unlock the doors.

This is a recreation of an earlier exploit demonstrated by Samy Kamkar, called a replay attack. Where you unlock your car using the key fob, it sends a modulated code if that matches the car’s code then it unlocks its easy to hack as there isn't any encryption to the code sent, and its also in binary which makes it easy to brute-force if you have plenty of time (months) to unlock it.

So, how do you perform it?……. To do so you need to follow just three steps,

Step 1.Scan and get to know at what frequency key fob and car communicate’s this can be done by analyzing the highest disturbance created at a frequency when the key fob is pressed to lock or unlock. Let's assume it to be 477MHz.

Step 2. Now we listen/capture at 477MHz and as soon as any code is sent from the key fob then we capture it and now we have the code which is sent to the car via key fob

Step 3. Replay the code sent by the key fob and now the code was sent to the car via your system since you knew the code key send now you send the same code and the car assumes the key has sent the code. The most important step here is to properly capture the code sent via key fob since it's in binary it makes it easy to know if you have captured the original code and then you could easily compare the error in bit.

2 . Rolljam Attack

Since in the previous attack code sent via key fob is always the same so the patch to the previous attack was done via using rolling codes i.e. different codes to unlock every time. So this attack lets you bypass this patch. And this one can be performed on any car which uses a key fob with a rotating code or a different code every time to unlock.

So, this one is a bit tricky and needs professionalism in performance.

What we do in this attack is when the key fob sends the code to unlock the car we jam the signal and capture the code so now the car didn't receive any code so now we have one un-used code which can be used to unlock the car but now it’s not over now we keep the jammer on and capture the code again now we have two codes since the keys stored are in series so we now use the first captured code and replay the first code to unlock the car so that we have second unused code which matches the series so we use the second code to unlock the car so to perform this type of attack you need to be near the car all time and make sure that the third code isn’t played if the car gets the third code then previous two captured by us irrespective if they are used or not they get expired which fails the exploitation. So to be safe from this attack if your car doesn't respond at the instance key fob sent the signal then make sure to unlock and lock your car multiple times so that previously captured code isn't usable :-).

3. Relay Attack

Many new cars now have keyless entry systems, or can have them added as an upgrade. This allows one to open and start the car without using a button or turning a key so long as the fob is nearby one is able to lock/unlock the car and also turn on or off the car engine.

So, this attack involves capturing the signal sent via key fob to the car and then repeating that signal so the attacker can unlock the car via stimulating the key fob signal, in other words, the car is fooled into thinking the owner is within the defined range, and obligingly opens the door. If the car has push-button ignition, the attackers are also able to turn on the car engine. Cars such as Tesla, BMW, Porsche, etc. are also being exploited via this. Any key fob which has this feature is hackable and no patch to this has been ever received to this yet. Only it can be prevented if the key fob is isolated when not in the car.

ALL WHAT MENTIONED HERE ARE THE CONCEPTS ONLY FOR EDUCATIONAL PURPOSE ONLY USERS ARE LIABLE FOR THEIR ACTS IT CAN BE PERFORMED ONLY ON VEHICLES READER OWNS OR HAS PRIOR WRITTEN PREMISSION FROM OWNER!

Cybersecurity
Car Hacking
It Security
Ethical Hacking
Hacking

--

--

Harsh Malhotra
Harsh Malhotra

Written by Harsh Malhotra

37 Followers
3 Following

A student interested in cyber security and making internet a more safer place :-)…..didn’t post anything special will soon be active with better content.. :-)

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams