Incident Details

Incident: Vulnerability in Megamos Crypto Transponder Allows Car Hacking.

Published Date: 2015-08-18

Postmortem Analysis
Timeline	1. The software failure incident regarding the massive flaw in the remote controls used by hundreds of cars, including luxury vehicles from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands, happened in 2012 [38614].
System	1. Megamos Crypto transponder system 2. Rolling code system 3. OnStar RemoteLink mobile app by General Motors Co. [38614]
Responsible Organization	1. Researchers (Flavio D. Garcia, Bariş Ege, Roel Verdult) [38614] 2. Volkswagen [38614]
Impacted Organization	1. Volkswagen [38614] 2. Audi [38614] 3. Porsche [38614] 4. Bentley [38614] 5. Lamborghini [38614] 6. Fiat [38614] 7. Honda [38614] 8. Kia [38614] 9. Volvo [38614]
Software Causes	1. Weakness in the cryptographic mechanisms of the Megamos Crypto transponder used in the affected cars, allowing hackers to narrow down the possible combinations of the secret key [38614]. 2. Design flaw in the protocol used for communication between keys and cars, specifically in the rolling code system, which was exploited by the RollJam device to intercept and manipulate the rolling codes exchanged between the key and the car [38614]. 3. Vulnerability in the OnStar RemoteLink mobile app for General Motors Co, which allowed hackers to remotely unlock cars and start engines by intercepting communications between the app and the OnStar service [38614].
Non-software Causes	1. Lack of strengthening of cryptographic mechanisms in the Megamos Crypto transponder despite removing the mechanical key from the vehicle [38614]. 2. Design flaw in the protocol determining how keys communicate with cars, allowing interception of rolling codes by the RollJam device [38614]. 3. Vulnerabilities in the communication between the OnStar RemoteLink mobile app and the OnStar service, exploited by the OwnStar device [38614].
Impacts	1. The software failure incident impacted a wide range of luxury vehicles from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands, as well as models from other manufacturers like Audi, Fiat, Honda, Kia, and Volvo [38614]. 2. The flaw in the Megamos Crypto transponder allowed hackers to potentially steal cars by creating fake keys that could be recognized by the car as genuine [38614]. 3. The incident highlighted a serious security flaw in the automotive industry, affecting millions of vehicles that relied on weak proprietary ciphers like the Megamos Crypto transponder [38614]. 4. The vulnerability exposed by the software failure incident allowed for the development of devices like RollJam, which could open cars from various manufacturers including Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, and others [38614]. 5. The incident raised concerns about the security of electronic car keys and the potential for unauthorized access to vehicles, leading to legal battles between researchers and automakers to keep the discovery under wraps [38614].
Preventions	1. Stronger encryption mechanisms: Implementing stronger encryption mechanisms for the communication between the car and the remote control could have prevented the software failure incident [38614]. 2. Regular security audits: Conducting regular security audits and vulnerability assessments on the software and hardware components involved in the remote control system could have identified and addressed the flaw earlier [38614]. 3. Timely response to reported vulnerabilities: Taking immediate action upon receiving reports of vulnerabilities from researchers could have prevented the flaw from being exploited [38614]. 4. Continuous monitoring and updates: Implementing a system for continuous monitoring of security threats and providing timely updates to address any identified weaknesses could have enhanced the security of the remote control system [38614].
Fixes	1. Strengthening the cryptographic mechanisms used in the Megamos Crypto transponder to compensate for the weakness in its internal security [38614]. 2. Migrating from weak proprietary ciphers to community-reviewed ciphers in the automotive industry and using them according to guidelines [38614]. 3. Implementing a fix to address the design flaw in the protocol that determines how keys communicate with cars, which allows for interception of rolling codes by devices like RollJam [38614]. 4. Ensuring that electronic car keys use a secure 'rolling code' system that generates new, randomly generated codes for each interaction between the key and the car, with synchronized code generators that recognize and burn codes to prevent reuse [38614].
References	1. Researchers Flavio D. Garcia, Bariş Ege, and Roel Verdult from the University of Birmingham and Radboud University Nijmegen in the Netherlands [38614] 2. Tim Watson, Director of Cyber Security at the University of Warwick [38614] 3. Ethical hacker Samy Kamkar [38614]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident related to the flaw in the Megamos Crypto transponder impacting cars from various manufacturers, including Volkswagen, has happened again within the same organization. Researchers discovered the flaw in the transponder used in cars from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands, which allowed hackers to potentially start the engine without the correct key fob [38614]. (b) The software failure incident related to the flaw in the Megamos Crypto transponder has also impacted cars from multiple organizations. The affected cars included models from Audi, Fiat, Honda, Kia, Volkswagen, Volvo, and others, all relying on chips made by EM Microelectronic in Switzerland [38614]. Additionally, a similar flaw was exploited by the RollJam device, which could open cars from various manufacturers such as Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, and the Volkswagen Group, among others [38614].
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase is evident in the flaw discovered in the Megamos Crypto transponder used in various car models. Researchers found that the transponder's internal security was weaker than expected, allowing hackers to exploit the encryption between the car and remote control [38614]. (b) The software failure incident related to the operation phase is demonstrated by the RollJam device, which intercepts the rolling codes exchanged between car keys and vehicles. This interception prevents the codes from reaching the car, enabling unauthorized access and potential theft of vehicles [38614].
Boundary (Internal/External)	within_system, outside_system	(a) The software failure incident related to the flaw in the Megamos Crypto transponder used in cars falls under the category of within_system failure. The flaw was discovered by researchers who found weaknesses in the encryption mechanism of the transponder, allowing hackers to exploit the system and potentially start the engine without the correct key fob [38614]. (b) On the other hand, the incident also involves contributing factors that originate from outside the system. For example, the researchers had to go to court to fight against automakers who wanted to keep the discovery of the flaw a secret. Volkswagen, in particular, used its lawyers to keep the research under wraps, indicating external legal actions were taken to suppress the information about the vulnerability [38614].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident occurring due to non-human actions: - The software failure incident in the articles is primarily due to a flaw in the widely-used Megamos Crypto transponder, which is responsible for the encryption between the car and remote [38614]. - The flaw allowed hackers to exploit the communication between the car and the transponder wirelessly, reducing the number of possible combinations to just 200,000 after listening in twice [38614]. - The flaw was discovered by researchers who broke the transponder's cryptographic system by intercepting the radio communication between the key and the transponder, enabling them to find the correct combination to start the car in less than half an hour [38614]. (b) The software failure incident occurring due to human actions: - Human actions contributed to the software failure incident as researchers discovered and exploited the flaw in the Megamos Crypto transponder, highlighting the weakness in the cryptographic mechanisms used in the transponder [38614]. - Volkswagen and other manufacturers initially went to court to keep the researchers' discovery of the flaw a secret, indicating a deliberate attempt to suppress the information about the vulnerability [38614]. - Volkswagen sued the universities and researchers personally to block them from publishing their discovery, emphasizing the conflict between academic free speech and the security of millions of cars [38614].
Dimension (Hardware/Software)	hardware, software	(a) The software failure incident occurring due to hardware: - The software failure incident related to the flaw in the Megamos Crypto transponder used in cars was due to a hardware issue. The flaw was in the transponder itself, which is a hardware component responsible for the encryption between the car and remote [38614]. (b) The software failure incident occurring due to software: - The software failure incident related to the flaw in the Megamos Crypto transponder was also due to software issues. The flaw was in the cryptographic mechanisms of the transponder, specifically in the proprietary cipher and PIN code, which were not strong enough to prevent the hack [38614].
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident described in the articles is malicious in nature. Researchers discovered a massive flaw in the Megamos Crypto transponder used in cars, allowing hackers to potentially steal vehicles by exploiting the vulnerability in the encryption system [38614]. The flaw was exploited by hackers who intercepted the wireless communication between the car and the transponder, significantly reducing the number of possible combinations for the secret key and enabling them to create fake keys that could start the engine [38614]. Additionally, the incident involved the creation of a device called RollJam, which could open cars at the click of a button, making auto hacking simple for anyone to carry out [38614]. Volkswagen went to court to keep the researchers' discovery a secret, highlighting the seriousness of the vulnerability and the potential impact on the security of millions of vehicles [38614]. (b) The software failure incident was not non-malicious as it involved intentional actions by hackers to exploit the vulnerability in the encryption system of the Megamos Crypto transponder, demonstrating a clear intent to harm the system and potentially steal vehicles [38614].
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The intent of the software failure incident: - The software failure incident related to the flaw in the Megamos Crypto transponder used in cars was not accidental but rather a result of poor decisions made by automakers and chip manufacturers. Researchers had known about the flaws since 2012 and had warned automakers, but the issue was not adequately addressed [38614]. - Volkswagen and other manufacturers went to court to keep the discovery of the flaw a secret, indicating a deliberate attempt to suppress information about the vulnerability [38614]. - The flaw in the Megamos Crypto transponder was a result of weak proprietary ciphers and insufficient cryptographic mechanisms, highlighting poor decisions in the design and implementation of the security system in the cars [38614].
Capability (Incompetence/Accidental)	development_incompetence	(a) The software failure incident related to development incompetence is evident in the article where researchers discovered a massive flaw in the remote controls used by hundreds of cars, including luxury vehicles from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands. Despite knowing about the flaws since 2012, the researchers warned automakers, but Volkswagen and other manufacturers went to court two years ago to keep the discovery a secret [38614]. (b) The software failure incident related to accidental factors is demonstrated by the flaw in the Megamos Crypto transponder, which is responsible for the encryption between the car and remote. The flaw allowed hackers to narrow down the number of possible combinations to just 200,000 by listening in to the wireless communication between the car and the transponder, making it vulnerable to automated 'cracking' programs [38614].
Duration	permanent, temporary	(a) The software failure incident described in the articles is more of a permanent nature. The flaw in the Megamos Crypto transponder used in various car models allowed hackers to exploit the system by intercepting wireless communication between the car and the transponder, significantly reducing the number of possible combinations for the secret key. This flaw was not a one-time occurrence but a fundamental weakness in the cryptographic system that could be exploited repeatedly, making it a permanent issue [38614]. (b) The software failure incident can also be considered temporary in the sense that the flaw was discovered by researchers who then presented their findings at a conference and gave the chip maker nine months to fix the problem before going public with their discovery. Additionally, the researchers agreed to omit a pivotal detail from their report to prevent non-technical individuals from easily replicating the hack, indicating a temporary mitigation measure [38614].
Behaviour	crash, omission, value, other	(a) crash: The software failure incident related to the flaw in the Megamos Crypto transponder can be categorized as a crash. The flaw allowed hackers to exploit the transponder, leading to the immobilization of the engine if the correct key fob was not detected. This resulted in the system losing its intended state of preventing unauthorized access to the vehicle, ultimately leading to a security breach [38614]. (b) omission: The software failure incident can also be categorized as an omission. The flaw in the Megamos Crypto transponder caused the system to omit performing its intended function of securely verifying the identity of the key fob before allowing the engine to start. This omission led to the vulnerability that allowed hackers to bypass the security measures [38614]. (c) timing: The software failure incident does not align with the timing category as there is no indication that the system performed its intended functions at incorrect times [38614]. (d) value: The software failure incident can be categorized under the value type of failure. The flaw in the Megamos Crypto transponder caused the system to incorrectly perform its intended function of encryption and authentication, leading to unauthorized access to the vehicle [38614]. (e) byzantine: The software failure incident does not align with the byzantine category as there is no mention of inconsistent responses or interactions within the system [38614]. (f) other: The software failure incident can be further described as a security vulnerability. The flaw in the Megamos Crypto transponder allowed for unauthorized access to vehicles by exploiting the encryption and authentication mechanisms, highlighting a critical security weakness in the system [38614].

IoT System Layer

Layer	Option	Rationale
Perception	sensor, network_communication, embedded_software	(a) sensor: The software failure incident discussed in the articles is related to a flaw in the Megamos Crypto transponder, which acts as a sensor in the car to check whether the owner's key fob is nearby before allowing the engine to start. The flaw allowed hackers to intercept the wireless communication between the car and the transponder, compromising the security of the system [38614]. (b) actuator: The articles do not specifically mention any failure related to an actuator error. (c) processing_unit: The software failure incident does not directly involve a failure related to a processing unit error. (d) network_communication: The software failure incident involves a failure related to network communication error. Hackers were able to exploit vulnerabilities in the wireless communication between the car and the Megamos Crypto transponder to compromise the system's security [38614]. (e) embedded_software: The software failure incident is related to a flaw in the Megamos Crypto transponder, which contains embedded software responsible for encryption between the car and remote. The weakness in the internal security of the transponder's embedded software allowed hackers to exploit the system [38614].
Communication	link_level	The software failure incident described in the articles is related to the communication layer of the cyber-physical system that failed at the link_level. The failure was due to contributing factors introduced by the wired or wireless physical layer. Researchers discovered a flaw in the Megamos Crypto transponder used in cars, which communicates wirelessly with the key fob to check its identity before allowing the engine to start. By intercepting the wireless communication between the car and the transponder, hackers were able to narrow down the possible combinations of the secret key, making it vulnerable to automated cracking programs [38614].
Application	TRUE	The software failure incident described in the articles is related to the application layer of the cyber physical system. The failure was due to a massive flaw in the remote controls used by hundreds of cars, specifically related to the Megamos Crypto transponder used in the vehicles. The flaw allowed hackers to exploit the communication between the car and the transponder, reducing the number of possible combinations and enabling them to start the engine with a fake key [38614]. This flaw was not a theoretical weakness but an actual one that could be exploited with actual effort and cost to fix [38614]. The flaw was discovered by researchers who broke the transponder's cryptographic system by listening in to the radio communication between the key and the transponder, allowing them to find the right combination to start the car in less than half an hour [38614].

Other Details

Category	Option	Rationale
Consequence	no_consequence	(a) death: People lost their lives due to the software failure - There is no mention of any deaths resulting from the software failure incident reported in the articles. [38614]
Domain	transportation	The software failure incident discussed in the articles is related to the transportation industry. The flaw in the Megamos Crypto transponder system used in cars from various manufacturers, including Volkswagen, Audi, Fiat, Honda, and Volvo, allowed hackers to potentially start the engine without the correct key fob, compromising the security of the vehicles [38614]. The incident highlights a significant vulnerability in the security systems of cars, impacting the transportation sector.

Sources

Hackers reveal flaw in over 100 cars kept secret by Volkwagen for TWO YEARS - Daily Mail - Published on: 2015-08-18
Article ID: 38614

Back to List