Subaru Owners Cars Open to Keyfob Attack - FobRob

FrgMstr

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,601
Subaru's company motto is, "Confidence in Motion." However, confidence in how secure your Subaru might be another question altogether. One enterprising Dutch electronics wiz has found that the "rolling codes" used by most key fobs are not rolling at all with some Sabaru models. Instead of actually rolling these codes are incremental. That means all you have to do to figure out the next needed code is to intercept the previous one. All this requires about $25 worth of commonly sold electronics and a bit of code which has now been made public. Tom Wimmenhove's video is below. Thanks cageymaru.

Check out the video.

The exploit has only been tested on a 2009 Subaru Forester but the same fob is used, and the exploit should work on, the following vehicles: 2006 Subaru Baja - 2005 - 2010 Subaru Forester - 2004 - 2011 Subaru Impreza - 2005 - 2010 Subaru Legacy - 2005 - 2010 Subaru Outback
 
awesome! I have a 2010 Legacy. But no dope around here can figure this out.
 
Car manufacturers really need to wake up to the security ramifications of their designs. Because of all the technology they have used and are cramming in more, they seriously need to look at these types of items. Key Fobs has been known issues, you have cell phones that have access, wifi access points, bridged systems between communications and engine/car controls.

It is just a matter of time before cars become the next giant issue with hacking and exploits.
 
Dekar12 said:
Car manufacturers really need to wake up to the security ramifications of their designs. Because of all the technology they have used and are cramming in more, they seriously need to look at these types of items. Key Fobs has been known issues, you have cell phones that have access, wifi access points, bridged systems between communications and engine/car controls.

It is just a matter of time before cars become the next giant issue with hacking and exploits.
Click to expand...

Seriously. I don't understand why they don't air gap some of these systems.
 
Maybe... if we are lucky... someone that can actually drive might steal it. BUT it'll probably be a broke hipster that will drive it the same way.
 
Just another example of people designing security systems that have no actual training or experience with security. And until it starts affecting the bottom line, they will not bring in the required expertise and these things will just keep happening.
 
So if Subaru was Apple, they will just tell you not to lock your car around guys with backpacks.
I know they are good cars, but they so freaking ugly (by my eyes of course).
I doubt this will be limited to Subaru.
 
In other news the number of missing Dave Matthews CD's, Labrador retrievers, and children answering to Cody and Dakota are about to skyrocket.
 
Jokes on them, the power locks on my Forester went out a few months back and I haven't had time to get in for a fix. Now it's a security feature.
 
About 4 years ago, my coworker dropped me off at home in his new Jeep Cherokee. After he pulled out of the alley, his car stopped because the fob was missing. He yelled at me for the fob, but it was in his pocket. My bluetooth headset was apparently causing interference and the fob connection needed to be reset. I'll stick with a conventional key with a encryption chip and besides, most cars built after 2012 don't allow for aftermarket radios and I really, really, really hate factory radios and some rims.
 
Non-story guys, many will assure you that soon we'll all be in self-driving cars and those will 100% secure.
 
Oh great. Make a video teaching teenager wannabe car thieves how to break into a car. Wonder what dad is going to say when his son arrives home in his recently acquired Subaru.
 
Dekar12 said:
Car manufacturers really need to wake up to the security ramifications of their designs.
Click to expand...

Mopar has addressed this in their 2018 and later vehicles . Outside access to critical components is now blocked multiple ways.

TheOne5 said:
About 4 years ago, my coworker dropped me off at home in his new Jeep Cherokee. After he pulled out of the alley, his car stopped because the fob was missing. He yelled at me for the fob, but it was in his pocket. My bluetooth headset was apparently causing interference and the fob connection needed to be reset.
Click to expand...

That can't happen.... once the vehicle is running you can throw the fob out the window...the vehicle will continue to operate normally until it is shut off. It only authorizes once per key cycle .

The only thing that will happen, is you will get a warning on the cluster that the fob has left the vehicle.
 
Crosshairs said:
Mopar has addressed this in their 2018 and later vehicles . Outside access to critical components is now blocked multiple ways.



That can't happen.... once the vehicle is running you can throw the fob out the window...the vehicle will continue to operate normally until it is shut off. It only authorizes once per key cycle .

The only thing that will happen, is you will get a warning on the cluster that the fob has left the vehicle.
Click to expand...

It actually did stop, gave the fob warning and wouldn't accelerate despite being in "drive" until the fob re-synced. It may have been an anti-carjacker security measure. I thought what you posted is what supposed to happen. Maybe they improved the technology since then. Personally, I'm not a fan of Chrysler cars nor the fob.
 
Mike89 said:
Oh great. Make a video teaching teenager wannabe car thieves how to break into a car. Wonder what dad is going to say when his son arrives home in his recently acquired Subaru.
Click to expand...

With the trend of next gen drivers ditching stick all together, hopefully it's only a teen who'll have trouble getting it into drive.

2m4opll.jpg
 
You must log in or register to reply here.
Back
Top