Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

The keyless start systems offer lots of convenience, but car owners are now used its vulnerabilities to relay attacks. Unfortunately, even keyed systems of some of the biggest car manufacturers do not offer much guarantees. A few encryption flaws have allowed hackers the ability to clone these chip-enabled mechanical keys and drive off within seconds.

Researchers from the University of Birmingham in the U.K. in cooperation with scientists from the Katholieke Universiteit Leuven in Belgium discovered new vulnerabilities in the cryptographic systems used by immobilizers. Specifically, problems were detected in the way car manufacturing brands like Toyota, Hyundai and Kia implement an encryption transponder system known as the DST80.

A hacker can gain access to sensitive information about the vehicle’s cryptographic value simply by swiping a Proxmark RFID reader/transmitter near the key fob of a vehicle with the DST80 encryption system. The same Proxmark RFID reader can still be used to impersonate the car key once the hacker is inside the car; the immobilizer can be disabled and the attacker would be driving away.

According to the researchers, the affected models include Toyota Hilux, Corolla, Yaris; the Kia Picanto, Optima, and Soul; and the Hyundai 110, 120, and Veloster. The Tesla S model was initially part of this list, as there was reported vulnerability to the model’s DST80. But the company has since released a firmware update that checks this attack.

Toyota has confirmed that these vulnerabilities do exist. Though the technique required to break into these chip-enabled mechanical key cars are more complex than that of keyless start cars, an attacker can start a car once he or she derives the cryptographic value of the key fob. Hyundai has also confirmed these vulnerabilities in some of her models, though the company notes that none of the affected vehicles are in the U.S. market.

According to the website WIRED, Hyundai further notes that it “continues to monitor the field for recent exploits and [makes] significant efforts to stay ahead of potential attackers”. When the website also reached out to Toyota on same issue, the company responded saying that “the described vulnerability applies to older models, as current models have a different configuration”.

Unfortunately, however, research has proven Toyota’s statement in this case to be untrue, as hardware used to hack into these car models are readily available. As it currently stands, only Tesla has shown the capacity to fix the vulnerabilities with the immobilizers.

Car owners may address this problem by taking the immobilizers to dealerships so they can be reprogrammed, though key fob replacement may be required in some cases. Sadly, no car manufacturer has offered to make these replacements.

If you own any of the affected car models, you may decide to take control of your security by using a steering wheel lock. As they say, it is better safe than sorry.