A Dutch electronics designer named Tom Wimmenhove has discovered a vulnerability in the key fob system used by several Subaru vehicles. By exploiting the vulnerability, a thief can clone a key fob and gain access to a vehicle with relative…
A Dutch electronics designer named Tom Wimmenhove has discovered a vulnerability in the key fob system used by several Subaru vehicles. By exploiting the vulnerability, a thief can clone a key fob and gain access to a vehicle with relative ease. Wimmenhove says he informed Subaru of the security flaw but was not taken seriously and the issue has not been patched.
The key fob sends out a code which the car interprets to unlock the doors. Typically these codes are randomized to prevent hackers from reusing a previous code, but Subaru’s implementation is flawed. By capturing a single packet from a working key fob, the attacker can use Wimmenhove’s code to predict the next rolling code and unlock the car. He has nicknamed this the fobrob exploit.
Creating the device is simple and inexpensive. As a proof of concept, Wimmenhove executed the script on his phone and used a Wi-Fi dongle, a TV dongle, and a 433MHz antenna. The software can run on a Raspberry Pi and the antennas cost just a few dollars. Wimmenhove posted the code and instructions to GitHub, but in the interest of safety, we won’t be sharing it.
With the limited testing done by the researcher himself, he believes the exploit will likely work on 2005-2010 models of the Forester, Impreza, Legacy, and Outback.