Pierre Pavlidès – Overview of some automotive RKE systems

Posted on

pierre-pavlidesCar security started as a simple mean to prevent car theft. The issue is becoming increasingly serious with onboard computers controlling every key component. Some are now part of the Internet of things, or even self-driving. Massive car hacking a la Ghost in the Shell may come sooner than we think.
In this talk however, we will come back to one of the security features used by the vast majority of our cars: remote keyless entry systems (RKE). These systems are in charge of locking and unlocking the car when the owner pushes the corresponding button on the remote control.
Like any computing systems, RKEs schemes may be prone to security issues. We will present two categories of vulnerabilities that allow an attacker to clone a key fob under the right circumstances and (un)lock the car at will. Such insecure schemes have be used by major manufacturers over more than 20 years.
This talk is based on the paper “Lock It and Still Lose It – On the (In)Security of Automotive Remote Keyless Entry Systems” presented at the 25th USENIX Security Symposium (August 2016) and authored by Flavio D. Garcia, David Oswald, Timo Kasper and Pierre Pavlidès.

Pierre Pavlidès studied RKE systems during his Master of Science at the School of Computer Science of the University of Birmingham (UK). Today he is working as a pentester and security trainer at Lexsi in France.