Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars.
The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations.
These codes — called
rolling codes or hopping code — should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars.
Car thieves can create duplicate, fully-working key fobs
Wimmenhove discovered the problem by sniffing the radio signals sent out by his own car's key fob, which is nothing more than a short-range radio transmitter.
The electronics expert quickly realized that he could "clone" the key fob and create a fully-working, unauthorized duplicate.
"By receiving a single packet from the key fob (i.e. the user pressed any of the buttons on the fob while the attacker was within range), the attacker can use that packet to predict the next rolling code and use that to lock, unlock, unlock trunk or sound the alarm of the car," Wimmenhove told
Bleeping Computer.
