eDn.comment
By graham prophet, eDitor
,,
No key, no car
A
ccording to a traditional saying, “the road to Hell is paved with good intentions”. For engineers, a more familiar expression of the same principle might be the Law of Unintended Consequences; any clever idea you have is likely to have an unforeseen downside; and the Law states that fixing the problems that follow, will cost you far more effort than you saved by creating your bright idea in the first place. If some of the postings on automotive internet fora are to be believed, keyless-entry systems are just one current manifestation of the principle. First, there was the signal-boost attack; you park your car, and go into a store; one team member follows you in close-enough proximity to stay in range of the key-fob in your pocket – an RF link echoes the data it broadcasts to team member 2 who takes the other end of the link to your car, which thinks you have returned and obligingly unlocks itself. This scenario sounds as though it would be a lot harder to carry out in practice than the description suggests.
Now, there appears to be a further vulnerability. The attack starts by breaking a side window of a highspecification parked car – one that has keyless entry and keyless starting – to gain access to the ODB port (onboard diagnostics). Given the correct access codes, the vehicle will happily divulge its inner secrets; not just the fault log but everything you need to program a new key fob. EU regulations, intended to prevent unfair trading practices, say that such access data may not be restricted to the manufacturers’ dealers exclusively, but must be available to permit independent agencies to maintain cars. Given the nature of the motor trade, how great was the chance that each of; the relevant codes; and the access software; and the necessary tools to program key fobs; and a supply of blank key fobs, could be restricted to legitimate operators in the trade? Of course, the answer to that is: no chance whatsoever. You might wonder, why would the internal, ultrasound, alarm field not be triggered in the process described above? According (again) to allegations posted on-line, certain models appear to have a gap in the alarm coverage sufficient to allow miscreants to reach from the side window to the ODB port. The complete attack is said to be possible in under 5 minutes. I make no excuse for returning to a familiar theme and asking; how big was the problem that the original feature sought to solve? How often are you so loaded with possessions or purchases that pushing the unlock button on a rolling-code remote key is a real burden? Are the sort of people who buy high-end cars really convinced that it’s “cool” to press a shiny button marked “Start” rather than turn a mundane key in a lock? (Sadly, it’s possible that might just be the case.) Should we add keyless entry to the (very) long long list of things that “seemed like a good idea at the time”? When products are sold on everlonger feature lists, it’s hard to argue that you should always design-in just what’s really needed, rather than what is possible. Not-a-few engineers will recognise there was a moment when one of their team said, “hey, boss, wouldn’t it be really neat if we...?” and when so much subsequent trouble would have been saved if the answer had been, “just design the product like the specification says.”
www.edn-europe.com
SEPTEMBER 2012 | EDN EuropE 7
http://www.microchip.com/get/EUEDNELIGHTNINGhttp://www.edn-europe.com
Table of Contents for the Digital Edition of EDNE September 2012