We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems
A newly discovered vulnerability, "RollBack", can bypass automotive remote keyless entry systems without physical access, using recorded button presses to generate a rolling code, affecting 70% of tested vehicles.
- The attack, called “RollBack”, is a time-agnostic replay attack that can unlock remote keyless entry systems without the need for physical access or jamming.
- The attack works by recording accidental button presses on the key fob, which can be used to generate a rolling code needed to unlock the vehicle.
- The attack is effective because the rolling code system is not designed to handle replayed signals, and the attacker can use the recorded signals to resynchronize the rolling code.
- The attack has been tested on multiple vehicle models from various manufacturers, including Toyota, Honda, and Mazda, and has been found to be effective on at least 70% of the vehicles tested.
- The attack does not require physical access to the vehicle or the key fob, and can be performed remotely, making it a significant threat to vehicle security.
- The researchers have developed a tool called “RollBack” that can be used to perform the attack, and have made it publicly available.
- The attack is not limited to the vehicles tested, and it is likely that other vehicles with similar remote keyless entry systems are also vulnerable.
- The researchers recommend that vehicle manufacturers take steps to improve the security of their remote keyless entry systems, including implementing more robust rolling code systems and providing better debug tools.
- The researchers also recommend that users take steps to secure their key fobs, including storing them in a safe place and avoiding leaving them in public places.
- The attack has been made public as a way to raise awareness about the vulnerability and to encourage vehicle manufacturers to take action to improve the security of their systems.