If the previous hacker's action to remotely crack the car has not made you aware of the importance of car safety, then the next message may make you realize that the car that was not connected to the Internet is not absolutely safe.
On the "Biantian" vulnerability response platform, the hacker team recently exposed the design flaws of the anti-theft system of Volvo, BYD, and Buick. Only the equipment costing several tens of yuan can be used without restrictions. Perform the action of opening and closing the door and the trunk. The entire process does not require the vehicle to have networking capabilities, as long as the car key is used to remotely switch the door, there is a potential risk.
The car is not connected to the Internet. How can a hacker crack the anti-theft system? Is it the kind of "locking car interference" that we often say? Of course things are not that simple.
The 18-year-old hacker from the "Mythical Team" Ghost Lab was discovered. In the sharing session where the vulnerability was discovered, I also learned about the entire cracking process. Because of the security of many vehicles, the related core vulnerabilities need to be kept confidential.
The key to the problem is the "synchronization value"
Although the core vulnerability cannot be disclosed, the whole cracking principle is not complicated (it is very boring): the hacker can monitor the wireless signal of the car remote control key and send the signal according to a specific mechanism, so that the remote control car can be reproduced indefinitely. The function of the key.
Hackers can capture signals and send them to the car for cracking, mainly because the anti-theft systems of these cars use HCS rolling chips and keeloq algorithms. This is an encryption and decryption technology algorithm introduced by a US company in the 1980s. It has high security features and is mainly used in car anti-theft systems and access control systems. It is the preferred chip in the field of keyless entry systems.
To put it easy to understand, the HCS rolling code chip and keeloq algorithm are the hardware and software solutions adopted by many car and access control remote keys. Once they are cracked, it is easy to cause large-scale security problems.
Back to this crack, every time the owner presses the key lock button and the drive button, a new signal is triggered. The vehicle quickly calculates the signal and determines whether to open the door. In the code for this command, there is a unique and fixed identification number (serial number) for each car and key, and the synchronization value encrypted per command (the synchronization value is automatically +1 after each operation).
Each time the key is issued, the key and the car will record the synchronization value. After receiving the command, the car must check the synchronization value before proceeding to the next step. For example, the car key sends a signal with a synchronous value of "11", and the signal stored in the car is "10". The vehicle checks that the signal difference between the two can be opened within a certain range (to prevent the user from accidentally pressing the switch). The sync values ​​are not uniform, but the difference is not too large).
This calculation has both a decimal algorithm and a hexadecimal algorithm. Both algorithms need to be converted multiple times. When the programmer wrote the program, there was an obvious vulnerability. As long as two consecutive unlock commands (such as 10 and 11) were received, the system could not recognize whether the command was sent for the current key, and it would be executed by default.
Thousands of words merge into one sentence, once the hacker gets two consecutive synchronization values ​​(this requires the owner to send two commands continuously for a certain length of time), you can use this vulnerability to simulate the car key function without limitation. It will be hacked.
Is it harmful?
At the cracking scene, we also experienced a more interesting "accident". Due to the unknown interference, the receiver's repeated attempts to issue commands to the vehicle were still unsuccessful. Finally, it was discovered that the signal of the remote controller of the projector affected the operation of the cracking device. From this point we can see that this set of cracking equipment has low anti-interference ability to the external environment, and it needs to be solved under ideal conditions.
Because the entire command was acquired, the hacker could not analyze the unique identification code of each car and key. Therefore, the current crack is only for a specific single vehicle, and it is not possible to make a non-discriminatory crack on the same model.
For this loophole, Wang Yingjian, the head of "Mythical Action", has already found it in some models of Volvo 2008 XC90, BYD F0, Buick Regal, but it is still unclear the total number of vehicles affected. Because it is a hardware and software problem, the owner can only drive the vehicle back to the original factory or 4S shop to replace or upgrade the anti-theft system. Moreover, the vehicle time span using the HCS rolling code chip and the keeloq algorithm is very long, and some models are already difficult to maintain.
Let me talk about the difference between this method of cracking and the method of "locking the car". In fact, this technology has gained more privileges on the "locking car interference". Users can't avoid being hacked by the hacker if they are unaware or even ensure that the door is locked.
As long as the car owner can enter the car without knowing it, the harm caused by privacy leakage and property loss can be uncontrollable. And hackers can use the vulnerability to lock the car, so that the owner can not detect whether the vehicle has been invaded.
It’s really “anti-defenseâ€...
Jewish Candle is 3.8g Candle . Small Box Jewish Candle is high quality with strong box . it is very popular in Israel market . we usually called Multicolor Jewish Candle or 3.8G Jewish Candle . The Dia of Jewish Candle is 0.8cm , Length is 9.5cm .Box can do any colors or as your requirments . the noraml package is 44pcs/box 50boxes/ctn . it depends on you .
Fast shipment time, high quality product, and fast respond to any customer, we always online waiting your response. all the clients are our important person.
Jewish Candle
Jewish Candle,3.8G Jewish Candle,Small Box Jewish Candle,Multicolor Jewish Candle
Shijiazhuang Zhongya Candle Co,. Ltd. , https://www.zycandlefactory.com