Ask Hackaday: How are these thieves exploiting automotive keyless entry?

keyless-entry-vulnerability

A new attack on automotive keyless entry systems is making headlines and we want to know how you think it’s being done. The Today Show reports that vehicles of different makes and models are being broken into using keyless entry on the passenger’s side of the car. It sounds like thieves steal items found inside rather than the vehicles themselves which makes these crimes distinctly different from the keyless ignition thefts of a year ago.

So how are they doing this? Here are the clues: The thieves have been filmed entering only the passenger side of the car. They hold a small device in their hand to unlock the doors and disable the alarm. And there is evidence that it doesn’t work on 100% of vehicles they try. Could it be some hidden manufacturer code reset? Has an encryption algorithm been hacked to sniff the keyfob identifier at a previous time? Or do you think we’re completely off track? Let us know your opinion by leaving a comment.

[Thanks Mom]

LV0 encryption key cracks current and future PlayStation 3 firmware

It looks like the security of the PlayStation 3 has been cracked wide open. But then again we’ve thought the same thing in the past and Sony managed to patch those exploits. The latest in the cat and mouse game is the release of the LV0 encryption codes for the PS3 console. The guys who discovered the magic strings of characters supposedly intended to keep them a secret, but have gone public after there was a leak and some black-hats now intend to use them for profit.

The keys are the bottom layer of security when pushing firmware updates to the PS3. With keys in hand, current and future upgrades can be unencrypted, altered, and repackaged without the gaming rig putting up a fuss. Our only real beef with the tight security came when Sony removed the ability to install Linux on systems marketed with this option. The availability of these keys should let you install just about whatever you want on your hardware.

[Thanks Kris via Phys]

7400 project encrypts and decrypts data

[Nakul], [Nikilesh], and [Nischal] just finished posting about their entry in the 2012 Open 7400 Logic competition. It’s an encryption system based entirely on 7400 logic chips. The device operates on 8-bit binary numbers, which limits its real-world applications. But we bet they learned a lot during the development process.

The encryption algorithm is based on a the concept of cellular automaton. This is a something with which we’re already familiar having seen many Conway’s Game of Life projects around here. What we’re not familiar with is this particular wing of the concept called ‘Rule 30‘. It works well with this project because a complex pattern can be generated from simple beginnings.

After conceptualizing how the system might work the team spent some time transferring the implementation to the chips they had available. The end result is a quartet of chip-packed breadboards and a rat’s nets of wires, but the system is capable of both encrypting and decrypting data.

Token authentication for Gmail using a eZ430 Chronos watch

Two-factor authentication allows you to use your chosen password, as well as a one-time password to help keep your services secure. The one-time passwords traditionally come from a dedicated piece of hardware, but there are also solutions for smart phones. [Patrick Schaumont] shows how a TI eZ430 Chronos Watch can be used to generate authentication tokens. After walking through the process he uses it to beef up his gmail login.

This method of token authentication is often called Time-based One Time Passwords (TOTP). It’s part of the Open Authentication (OATH) initiative, which seeks to sort out the password-hell that is modern computing. A portable device generates a password by applying an algorithm and a private encryption key to an accuarte time-stamp. On the server side of things a public key is used to verify the one-time password entered based on the server’s own time-stamp. In this case the portable device is the Chronos watch and the server is Google’s own TOTP service.

You can do this with other simple microcontrollers, we’ve even seen an Arduino implementation. But the wrist-watch form factor seen here is by far the most convenient — as long as you always remember to wear the watch.

[Thanks Oxide]

EFF on securing digital information when crossing the border

The Electronic Frontier Foundation, long-time defenders of the common man’s rights in the electronic realm, has published a guide to keeping your digital devices private when entering the United States. It seems the defenders of freedom and liberty (ICE, DHS, TSA, and CBP) are able to take a few freedoms with your liberty at a border crossing by seizing your devices and copies of the data they store for up to five days. This requires no suspicion of wrongdoing, and copies of this data may be shared with other agencies thereby negating the five day limit.

Do you have a reason to protect your digital property? This is discussed in the paper. It may be confidential information, by way of a business contract or professional relationship (Doctors, Lawyers, Journalists, etc.). Or you may just want to keep your privacy on principle. No matter what your stance, the EFF has covered all the bases in this intriguing read. We think the best advice they give is to make an encrypted backup of your data on the internet, blank your computer before the border crossing, and restore it when you get to your destination. If you don’t have the data with you, it can’t be compromised. It that’s not an option, they have plenty of guidelines on cryptographic techniques.

[Read more...]

Reverse Engineering the Nike+ Hardware

The Nike+ hardware is obviously an interesting device.  We haven’t heard a whole lot about hacking one until now, but [Dimitry] has decided to change that. Many would assume that the data transmitted off of these sensors is quite simple, however there’s a bit more than meets the eye. Amongst other challenges, all the data packets coming out of the transceiver are encrypted. [Dimitry] claims to have decoded this data stream and made use of it.

This hack also outlines how one can use this without the stock iPod receiver using a 2.4 GHz chip from Sparkfun. A lot of work has been done to figure out how these packets are decoded and the process one goes through to do this is well outlined in this post. This could serve as a good example for those wanting to figure out similar devices.

One thing [Dimitry] hasn’t done yet is release the source code for this hack. He cites some ethical issues that might not seem obvious on first glance, including the ability to follow someone in a crowd or simply jamming their data. He does add though that if you have a good reason for wanting it, to simply email him. We’re looking forward to what [Dimitry] comes up with in the future using this setup!

Intel: High-bandwidth Digital Content Protection cracked

Intel says that HDCP has been cracked, but they also say that it’s unlikely this information will be used to unlock the copying of anything. Their reasoning for the second statement is that for someone to make this work they would need to produce a computer chip, not something that is worth the effort.

We question that logic. Not so much for Blu-Ray, which is the commonly associated media format that uses HDCP, but for HD digital cable programming. There are folks out there who would like to have the option of recording their HD television shows without renting a DVR from the cable company. CableCard tuners have been mostly absent from the market, making this type of recording difficult or impossible. Now that there’s a proven way to get the encryption key for HDCP how hard would it really be to create a man-in-the-middle device that uses that key to authenticate, decrypt, and funnel the audio and video to another encoder card? We know next-to-nothing about the protocol but why couldn’t any powerful processor, like an ARM, or even an FPGA (both rather inexpensive and readily available) be programmed for this task?

Leave a comment to let us know what you think about HDCP, and what the availability of the master-key really means.

[Thanks Dave]

Follow

Get every new post delivered to your Inbox.

Join 96,598 other followers