 And there is no scooter sharing, which brings me to the next talk. We tend to need kind of a security concept for not scooter sharing. So the easiest way would be to have kind of a scooter lock. But we have the lock-picking, guys. So that won't work. So the next option would be we can have a GPS tracker. But we have the GPS spoofing, guys. Which isn't also that good. A third option would be an immobilization system. We have Walter Wurzlach. Thank you. Hi. Thank you for the introduction. Thank you, guys, for the warm welcome. I'm really happy to see that still some people have come together here at this ungodly hour to watch my talk about vehicle immobilization. Well, briefly something about me. I'm a Keckoff security master. And the research I will be presenting today, I did as my master's thesis. So I spent about half a year analyzing various systems. Well, I wrote something about that. And if you want to read the full story, you can look at my thesis, which is public since some time now. There's more detail there. Currently working as an automotive engineer. And if you feel like asking me questions beside the Q&A, you can always contact me by mail. So first, responsible disclosure. This kind of stuff is not a joke. Automotive manufacturers think it's very important. And well, they have all reason to think so. So naturally, we contacted them ahead of publication even before my defense. And we laid out the findings. I had a couple of conv calls with the manufacturers. And I even went to one of them to demonstrate the findings on-premise. I need to point out that the research that I did was on fairly old vehicles, like 2009 and around. But for the three cases that I really went in depth, we have been able to confirm that they are still in currently produced models. So this in itself is kind of surprising because you think automotive, cars, electronics, security, it's a fast-moving industry. But well, no, not really. So everything that was in cars in 2009, at least regarding to these three systems, can still be found in currently produced models. I will disclose the vehicles that I've been working on because I think that is relevant. I hope you can forgive me that I'm not going to disclose the vehicles that I have identified these systems in that are still being produced, not really into facilitating theft. And I don't see what would be the added value. So the talk will be structured as follows. I will first introduce some standard stuff about immobilization systems and about computer networks inside vehicles. I will tell you something about how I address the challenge. So for all three models, I kind of follow the similar approach. And I think it's more practical to lay that out once and then skip the details later on. And then I will present the three protocols that I uncovered in a Peugeot, a Fiat, and an Opel vehicle. I will then summarize the findings in a series of takeaways. And there will be some time for questions. Right, so modern vehicles are full of electronics and full of computer systems. They operate largely independent, but they are all connected through a variety of different buses that talk to each other with different protocols. And there is a plethora of different standards, ISO standards, all kinds of standards. And then the manufacturer wants a lot of freedom to do it in their own way. So even if you read these hundreds of papers of standards, still every vehicle you will look at will be kind of different. There are some practical handles that you can use. And one of them is that every car has an OBG-2 port. Yeah. And this is required by law both in the US and in Europe for quite some time now. And it needs to be conveniently located. And that is very near the driver's seat. So this is a universal connector. And all cars with a combustion engine need to have one. And cars with electronic engines also need to have one. But the functionality that has to be implemented is much more limited. So in regular internal combustion engine powered cars, you have to be able to read out emissions data and that kind of stuff. So many manufacturers thought this was a very convenient thing to also use for garage purposes, for workshops, to read out error codes, to perform all kinds of routines on vehicles. You might need to teach new keys to your car if you lost one or if you just want a third one. If you add a tow bar to your car, you need to tell a couple of ECUs in the car that it now has a tow bar. Depends on the vehicle. But telling this to five individual ECUs is not an exception. And since it is a bus, the CAN bus, it can be directly addressed through the OBD connector on many vehicles. And you can talk to a lot of different components. So the ECM, the inter-control module is one. The body control module is another. That one controls, for instance, powered windows and all kinds of interior stuff. But also the airbag infotainment system, fancy interior lighting, stability control systems. Another feature of it being a bus is that you can also see the inter-component communication. So if the instrument panel cluster, the dashboard, needs to talk to, say, the body control module, you can see that packet going over the CAN bus. All my research has been focused on this OBD2 connector and what you can do and what you can see from this perspective. Immobilized systems are nowadays required to be implemented in vehicles, since the late 19s legislation has been adopted in both the states and Europe, mandating the use of an electronic immobilization system. And the purpose, of course, was to reduce the risk of theft. This is proven to be effective. According to one study, theft rates drop by almost 40% in, I think, seven years span. They base their data on. This is because car theft used to be quite simple. You could just put two wires together and you could power the starting circuit and you could actually start the engine. And the immobilizer system adds another step to that. The engine control module that finally controls the engine wants to have some kind of assurance that the key presented in the system is actually valid and does so by validating a security transponder. First generations of these security transponders have been widely studied and often were found insecure. Of course, this is a problem because, well, if it's insecure, it doesn't add any security and cars can be stolen nonetheless. So there's been kind of an arms race in this domain. And we see that nowadays security transponders have become a lot better. Your car might even use AES to validate that the key you're putting in the ignition is an actual key that is recognized by our vehicle. And this is really necessary because car thieves have shown to be able to wield quite high-tech solutions, procure them from shady companies, or just use official tools that can be used in legitimate ways. A nice example of this is shown here. For certain models of Range Rover, they have a blind spot sensor. So you can see if there is a car in your blind spot. And if you pop up off a cab, then you can connect a 12-volt battery and power the internal issues of the vehicle. Then you can access the CAN bus, put the car into key teaching mode, and hold a blank key to the window, and it will program the key, recognize it as a valid key. Well, needless to say, this was not intended behavior. And this has had consequences for consumers because insurance companies saw a rise in theft for these models. These are quite expensive cars. And they started adding demands before they would allow you to insure your car. So the insurance would get more expensive, or you would not be able to get the insurance, if at least at your own home. You couldn't park it in a secured area. There is a common misconception about how immobilized systems work. And it's actually one of the reasons I want to give this talk and present this, because I think it's important to realize that an immobilized system is a bit more complicated than the single cryptographic step that seems logical. So what you might think is that the engine control module sends a challenge to the body control module, which communicates with the key. It implements the radio layer, and it can then relay the challenge to the key. The key can compute the proper response based on a secret chess with the ECM. Send back the response, which the BCM will and turn forward to the ECM. The ECM can verify the validity. And if this seems to be the right response, immobilization is deactivated, and the car can start. Sounds good, sounds easy, but this is in modern cars no longer the case. Cross. What we see is that there is a second step. The ECM does an authentication with the BCM. The BCM does an authentication with the key. So if your key uses, say, AES for its authentication, then this will be an AES-secured authentication between the BCM and the key. The BCM, if it validates the legitimacy of the key, will then send the correct response to the engine control module. But this is a whole different protocol using different cryptographic primitives, using different keys, sometimes, often, I don't know. And more importantly, it has not yet been covered. So in the scientific literature, I have found absolutely zero reference of this step being identified. And here and there, you find a reference that people know that this happens, but no actual analysis of the security or the cryptographic primitives involved. Right, so that is an open question then, and asks for further research. So how do you do that? You can sniff can traffic from the OBD connector with tooling, and by disconnecting ECUs and placing yourself in the middle, you can also modify can traffic. You can analyze this can traffic, see if you can find immobilizer-related messages. Of course, by the messages, you cannot deduce the algorithm most of the time. So you will need a firmware image or something else. You can reverse engineer to actually find the code that does the magic stuff. If you have that, and if you are able to pinpoint where the algorithm is, then you can start looking at if it's actually decent. And once you're all there, you will want to test if all the assumptions you've made on the way are correct, and if it's actually working as you think it's working. So the first step, protocol identification is actually quite straightforward, because you have some knowledge. You know that this is a message exchange that happens when you switch the ignition to the on position. And you know that there must be at least two high entropy messages, because the challenge has to be different every time. And the response is the output of some cryptographic function, so it may be expected that that looks quite random, too. Also, if you switch the ignition on, but no, fellow transponders present, you should be able to detect some kind of difference. And this will probably be the very first moment you observe a difference, because before that point, the car didn't know there is no valid transponder. So with a bit of fiddling and some patience and going through traffic logs, you can probably find this. OK, next step is to get a firmware image in which you hope to be able to find the actual cryptographic protocol. So there are several options. Of course, you already have the firmware, but it's in the microcontroller in an ECU that either laying on your desk or inside some vehicle. So you can try to get it straight out of that device. Debugging headers are a good option. You have JTAG, you have BDM. UART occasionally can be used, but sometimes these are deactivated. Sometimes it just doesn't seem to work. Sometimes the tooling is prohibitively expensive. So if that doesn't work, you can always go to the internet. Some manufacturers provide a means to download a set of information about the vehicle based on its VIN number. You can find all kinds of configurations. You might be able to find actual parts or full firmwares, often encrypted, not always. And then there's the tuning scene. And while you might think of neon lighting and stuff like that, these guys are actually pretty knowledgeable about the internals of engine control modules in particular. And you might just be able to find a full firmware image or parts of it or some model that is highly related. And this is kind of a viable approach to getting your hands on the firmware. But also very practical can be to just leverage the functionality that is implemented in the ECU. The ECU allows for diagnostic commands, such as read memory by address and request upload, which, from the perspective of an ECU, is sending you data. And you might be able to just dump the whole firmware or dump memory or dump at least parts of the internals of the ECU. Then there is some kind of mechanism that's called second bootloader. It's a sort of standard. Not every manufacturer implements it, but quite some do. That allows you to actually send binary code to the ECU and it then jumps to it. So very convenient functionality. It's maybe very painstaking to get it working. But yeah, it's basically free code execution, except for the fact that you often need to authenticate before you're allowed to use such functionality. So that might leave you with some kind of chicken and egg problem, because you don't know how to authenticate. You don't have the algorithm for this authentication. And lastly, there are sometimes firmware updates for ECUs. You might be able to use an official dealer tool. You might be able to sniff CAN traffic. Multiple ways of trying to update the firmware on your ECU reconstructed from the CAN traffic. Once more, you have to go through an ISO standard before you understand how it's exactly chunked in 8-byte messages, but you'll get there eventually. So once you have this firmware, you have to pinpoint the cryptographic algorithm. And ECU firmwares are typically between half megabyte and two megabytes. And that is a lot if we're talking assembly. The information density is extremely low, and if you have to go through it line by line, it's hardly doable. So you need to have some tricks. I think we're at a conference where we've seen a lot of reverse engineering, so this is not going to be my focus during this talk. But a couple of pointers, maybe someone is helped by that. Of course, you know the protocol because you have observed CAN traffic. So you can search for immediate values, for numerical values that are used in the protocol to designate a packet type, for instance. It must be in the firmware somewhere. Also, you know that crypto usually uses XOR instructions, and you would be surprised how little XOR instructions there are in a firmware. Depending on the architecture, you might immediately dismiss most of those as a single bit flip, or maybe inversion of a whole register. And then you will find some XORs with either weird constants or variables. So those are points to focus on. Lastly, you can make some assumptions on the structure of the cryptographic function. So it certainly doesn't do IO. It will not invoke a lot of other external functions, maybe some round function once or twice, maybe some initialization. It will probably have some loops. You can sometimes recognize the length of the challenge. You can sometimes recognize the length of the response. That being said, let's dive in the first case study. So I reverse engineered a Peugeot 207, which is, as I said, not the most recent of vehicles. And this was my test setup. It doesn't look like much, but everything that's relevant to me is there. And you can toggle the ignition, and lights will show, and all the ECUs are connected through a CAN bus, and an OBD connector that you can see on the left side of the instrument panel. And I investigated a tool that had a kind of peculiar function, and that is that you could obtain the vehicle pin, some kind of secret you needed to authenticate for diagnostics, by connecting this tool and toggling the ignition a couple of times. So that kind of gives you a hunch that the immobilization system might be involved, because it's triggered upon toggling the ignition, and that you can drive in some way the vehicle pin from this. So for this Peugeot, and for most PSA vehicles in general, the pin is a four digit uppercase and numeric code, excluding the O and I, because that would be confusing. So that leaves us with roughly 1.3 million keys, which is nothing in terms of crypto. I finally reversed the algorithm. It is obviously in the engine control module and the body control module. And the main part looked like, oh, wait, wait for it. And the protocol looks like this. So if you observe CAN traffic, you will see that some CAN ID 72 on that ID is sent a message that starts with double zero, and then followed by a four by challenge. And if the BCM is able to verify that the valid key is present, it will respond with zero four and a four by response. So this is a very small straightforward protocol, which does the bare necessary. And one of the first things I did was injecting challenges. Just inject a challenge, send it to the BCM with a valid key, and see what the response is going to be. And if I replace the zeros by dots, you see that an extremely apparent pattern is visible. So the ideal case that a single bit flip in a challenge lead to a 50-50 chance of a bit flip in every response bit is not exactly respected. You see that the effect of changing the challenge has a very localized effect on the response. Another weird feature, which is not very clearly visible here, but is visible in the last one, is that on average, when you give average just random challenges, 75% of the bits of the response will be set. So that is a very, very heavy bias. And it was quite puzzling to me what kind of cryptographic primitive would exhibit such behavior. And then it became clear. This is the main function of the algorithm. And there is a transform function that I left out, but it basically does some multiplication, some division, some modulo, but mathematical operations. It splits the challenge in two parts, and it splits the vehicle pin, so the secret, in two parts. And the total of four parts are all used as input for this transform function. And we obtain challenge transformed left, challenge transformed right, and similarly for the pin, a left and right transformed part. And then something interesting happens, because the left transformed part of the challenge is ordered with a part of the pin. And an OR operation will lead to, well, on average, 75% set result. So that kind of explains the weird behavior we saw before. Yeah, strange, and maybe not so smart. Because an adversary will be able to either control or observe the challenge that is used as input for this algorithm. So if you know the challenge, you know the transform challenge. And if you know the transform challenge, you know something about the output. Because if the transform challenge has a 1-bit, then the response will have a 1-bit in that same position. There is another property for the transform function, and that is that if the input is a 0, the further parameters of transform vary a bit, but it doesn't affect this property. If the input is a 0, the output is a 0. So that gives us that if you have a challenge of all 0s, you obtain a transform challenge of all 0s. And that means that when you're doing the OR, you're ORing with nothing, and the response will be entirely determined by the transformed pin. Another property is that the pin, which is an alphanumeric pin, is invertible once. Wait, let me restart. Transform, if it takes a pin as input, then the output can be inverted. There is only one pin part input that maps to one output of the transform function. So if you are able to supply the vehicle with a challenge of 0s, you will get one response, and you can uniquely identify the secret of the car, the pin. And this pin can later be used to, for instance, authenticate for diagnostics, or key teaching, or whatever you want. If you're not able to control the challenge, you can just collect a couple of random challenge responses, and you will still have the pin. So that's bad. What's worse is that there are a lot of collisions, because the bits that are set in the challenge transformed will hide the bits that are set in the pin transformed. So a challenge transformed with a lot of ones set will accept a lot of different pins as proper input and result in the same response. So there is a quite simple attack we can mount here, and that is that we get a challenge from the car without a valid key present, and we then compute for that challenge, for all pins, what response it would yield. And you will see that some responses are generated by a lot of different pins. It could easily be 2,000, 3,000 pins resulting in the same challenge. So you choose the most probable response and you send it. And either the ECU accepts it and disables immobilization, or it doesn't. And if it doesn't accept it, then you know for 3,000 pins that it was not that. In general, this takes far less than 4,000 attempts and far less than 15 minutes. I don't know exactly. I've tried it a couple of times, and I've been able to deactivate immobilization, I'll say, three minutes once, maybe 10 minutes once. And after that, if you toggle the ignition switch, the car will actually start without transponder present. So that was not so good. Next case is the Fiat. I investigated the Grande Punto, and I reverse engineered the BCM. It's based on the V850 architecture, which is a nice 32-bit risk architecture, pre-readable, pre-fair information density. But still, I couldn't really figure out what the actual crypto part was. So I also investigated an engine control module. Surprisingly, I was able to find it there. And then I immediately went back to the V850 because that, at least, is readable code. Protocol is as follows. It has a 32-bit challenge, then a 4-bit, sorry, yeah, 4-bit challenge, then a 2-bit byte proof of knowledge. And that's an interesting feature because that way, the engine control module proves to the body control module that it actually has knowledge of the key. So you cannot just spam a challenge and get a response for that. You have to prove that you know the secret. Then you get back a 2-byte response. And if that is correct, the ECM accepts it and the car can start. And this very, well, seemingly nice security feature that there is a proof of knowledge of the key is actually the flaw in this system as it turns out. The Cypher is a linear feedback shift register-based Cypher. It initializes the state with the key sort with the challenge, sort with some constant. And then it does 38 rounds. If you don't know what an LFSR is, I'll tell you in the next slide. Then it generates the proof. That is 12 rounds, actually 12-bits output. And if you look back in the protocol, you actually see that the first nibble is indeed a zero. So it's not 16-bits, but it's only 12-bits. After generating the proof, it loads an additional 16-bit constant, and then generates the 14-bit response. This is a fairly standard construction in crypto. And there is a fairly standard attack to it. So what you see here is an LFSR. It's a 32-bit register, and it operates in ticks. So it is loaded with this initial secret state at the beginning of the algorithm. And each tick, it takes four bits, and they are sorted together. Then the whole register shifts one position to the left. So bit zero goes to bit one, one to two, et cetera. Bit 31 shifts out, and the previously computed sort bit is shifted in in the zero position. So that way it cycles and continuously updates its internal state. And then there is an output function that takes eight bits of input. And each tick, it computes one bit from an eight-bit input. And on the lower left, you can see the output generation table. So it kind of just counts through this. And if the eight-bits together add up to, say, A2, then you pick bit position A2 in this table. And that is then the bit that is being generated as proof or response bit during that round. Now what we see here is that there is actually eight bits of the LFSR that determine the output bit. And of these eight bits, they generate so 256 different values. Now there are 256 different combinations. And only half will generate the observed output bit. So that means that 128 different options may be valid options for these eight bits to generate a response or a proof that we have observed earlier. And that is pretty interesting. And you can use that to construct a guess and determine attack, which means that you make an assumption on the internal state. We have 128 candidate internal states. And then we do a round. So we shift the guess bits one position to the left. We do the feedback function. And then we are going to evaluate the second bit that was generated. For the second bit, we already have some knowledge because we made assumptions earlier. So the green squares designate the bits that we already know. And you see that throughout the rounds, each round you can eliminate half the candidates because they generate the wrong output bit. And you need to guess less and less bits in order to fill in the state. And this continuous elimination of half the candidate states makes this far more efficient than just a brute force attack. The total complexity of this attack is 2 to the power of 21, which is orders of magnitude less than mounting a brute force attack. Right. So that's OK. That is fairly standard stuff in crypto. Now there is a big problem in the way they implemented this because they did some secret reuse. And the secret that is being used to generate the proof is, in some mangled way, the vehicle pin. If you take this 32-bit secret input value and you take the five rightmost nibbles and then transform the letters into numbers and then replace the zeros by sevens, then you get a five-digit number. And that number is the pin. So what we have now is an attack that observes a couple of challenges together with their proof of knowledge, which is always there. And you get it for free when you just power the ECU. And you run an attack on that. That takes, well, my not so optimized implementation takes six seconds on a single core. You can probably do better. Runs in seconds. And what you get is the pin. So you can still not authenticate towards the ECM. But you do get the pin, which you can then use to authenticate for diagnostic services. You can maybe read memory. You can maybe reprogram stuff. You can maybe enter key teaching mode. There are absolutely ways to leverage this and, well, get the car to start. The third case, I investigated, was an Opel Asta-H. And I've decided to skip the crypto parts in this one because I couldn't break it. And I wouldn't want to bore you with a fairly complicated algorithm and then not present an attack. If you're interested, it's in my thesis, so you can look it up. But there is still some funny things to point out here. I reverse engineered an ECM that was based on a PowerPC architecture microcontroller. And that is very nice because there is a decompiler for that. And Ida Pro will nicely transform the assembly into somewhat accurate, somewhat readable C code. That was good, but it was not enough. So I purchased some tool to use the BDM interface of this ECU, which was active and usable. And it took me a lot of time to get the tools working because virtual machines were not OK, et cetera, et cetera. I installed Windows and did crazy stuff. And then I was able to read memory, modify registers on the actual ECU. And that helped a great deal in debugging and finding the actual functions. So this is the protocol that I found. It has a 2 byte opcode, then 2 byte status data, then a 4 byte challenge. And similarly, 2 byte opcode for the response, 2 byte status data, 4 byte response. No proof of knowledge here, just a 32 bit, 232 bit challenge response authentication. And what was funny when I finally uncovered the algorithm is that this is not an algorithm that was designed by Opal. It is an algorithm that is used by a security transponder. It is used by the PCF7935 security transponder, which is the predecessor of Hitech 2, which you may be familiar with. It uses a 128-bit secret. So that is a really, really big secret. And a 32-bit internal state. And when I saw that, 32-bit internal state, I was like, OK, this is going to be doable. It wasn't. Because it does a lot of rounds between output moments, not as in the Fiat case, one round, one bit output. It does 34 rounds. And then it outputs two bits. And then it does another 34 rounds and two more bits. And during these 34 rounds, it mixes the whole 128-bit secret key into the state. There's so much distance between these moments that it is very, very hard to relate any of this information or have any usable assumption that survives so much new mixing of information. I did my best. I found some stuff, nothing that is usable to mountain attack. You can read my thesis if you're interested in the details. I found it funny to find an implementation of a security transponder in an engine while I, in the beginning of this talk, pointed out that the engine doesn't talk with a transponder. So I went back in time and I analyzed another vehicle, the Corsa model C, and found that this was different. This car had indeed an engine that talked with the key. And what probably happened is that they wanted to decouple development of engines and development of cars. So they could upgrade security transponders without replacing their engines or replacing their engine firmwares. So I think that is how this happened and why they just decided to, well, then implement the security transponder and emulate it in the body control module towards the engine. It seemed like a convenient solution, I guess. It is by far the strongest algorithm I have encountered in these three case studies. And while it is out of scope, because I limited myself to the actual cryptographic primitives, I felt the need to point out that the random number generator is really not very good. They use the tick counter of the CPU as source of randomness. And then they use a couple of constants that, if you Google them, direct you to the Netscape random number generator. So summing it up, we found that Peugeot used a tiny key space with only 1.3 million different possible pin codes. They leak a lot of information in the response. If you can inject a zero challenge, you immediately get the full secret. It has a lot of collisions, which makes it really not very robust against an adversary. Theod has a schoolbook algorithm, and it's vulnerable to a schoolbook attack. It's a nice idea to implement mutual authentication, but it doesn't really work in this context. And worse, they reused that part of the secret as the vehicle pin, as opposed to using the other part of the secret that is used to generate a response. That would have been the vehicle pin would not have been able to mount this attack. And lastly, Opal decided to clone an obsolete security transponder. The successor, High Tech 2, was desperately broken. This one wasn't, not by me. I have a master's degree, not in cryptanalysis. I'm not convinced that it's a secure transponder, but it is certainly better than the other two I analyzed. And also interesting is that all these three systems are still around in new vehicles. Maybe not all models, but they're still being manufactured. So I am curious to see how this relates to other manufacturers, other models. And I think it would be interesting to do some further research in this domain and see what else is out there. So to finish with a few takeaways, don't do your own crypto. It's often said and repeated, you are going to mess it up. Just use standardized cryptographic components and maybe try to get people that are actually security experts to implement it instead of hoping for the best. Don't reuse secrets. These two case studies revealed that reuse of secret made the attack much more powerful than it needed to be. Minimize the number of cryptographic protocols and cryptographic primitives that you're using. The more different primitives, the more attack service you create for an adversary. And lastly, as I mentioned before, there has been an arms race in transponder security. How is it possible that modern car key may be equipped with AES or other fairly secure cryptographic features? And these protocols that date from 1995 and such are still there, not replaced. Apparently, no one either figured it out or there are other very important reasons to just leave them there. So I hope that was interesting, maybe entertaining. And I'll happily take any questions you have for me. Thank you, Walter Boxlack. Thank you. You know the game, if you have questions. Oh, we already have questions. There are microphones. Microphones number one, two, seven, and two, two, eight. And the internet has questions already. So we start with the internet. Internet, please. Why don't make asthma use offerings of security or a malayet permission system? Oh, well, this is embedded security. This is not a PC or a smartphone security. It's embedded security. And I think automotive manufacturers do their best, but this is just not their game. And yeah, there is plenty of ways you could do this in a more secure manner. But they didn't. I cannot really say why not do it better. Of course, they should do it better. But I think it's understandable that, well, maybe a bit behind on this game that is relatively new to them. Thank you. And microphone number one. Hi. Amazing work. But I have a question. Did you find any simpler, more entertaining mistakes, like storing the pin in the open in other components in the car? Well, yeah, I did do some other stuff besides the three cases I presented here. I also investigated some authentication mechanisms for diagnostic functionality. And I didn't put them in my thesis because it's nice to have a clear message and a clear line of research. But I've seen authentications that are really pretty hilarious, such as challenge, secret, subtract, response. Answered? I think this is a yes. Microphone number two, please. Hi. Thank you for the talk. Two short questions. How did you specifically choose those three cars? And which parts or are parts of these flaws fixable in a later firmware, bootloader, software, coding, update, whatever? Yeah. OK. Yeah, I chose these cars mainly by availability. I didn't really cherry pick models. It was just at the place where I was doing my internship then I had some platforms to play around with. You have seen my very professional PSA setup that was the most professional I had. So yeah, this is what I had. And since I, in the end, found that they're still relevant right now, I think that wasn't really harmful in any way. It's still, it turns out to be a good choice. Your second question was? Can those flaws be fixed and updated? Well, in some sense, except that there is no real infrastructure to roll out updates. So all the cars that are out there, I don't think they are going to recall them to update firmware. Normal servicing? Yeah, you can do that. It takes time. So it doesn't incur costs for the manufacturer. But what you could do, for instance, is just use timeouts in the PSA case. Make sure it's not too easy to try lots of authentication attempts. It's not a fix, because it doesn't really fix it. But well, it's certainly a mitigation. It somewhat limits the impact. In the field case, it's a bit harder because you cannot really change an entire algorithm because there's different engines. And yeah, I think that would be quite unhassful. You really have to change the protocol there. Thank you. Thank you. Microphone number five, please. Are the secrets unique per car? And if so, how do you handle the case when one of the units has to get replaced? Yeah, the secrets are unique per car. And replacement frequently involves a procedure to couple the new ECU in the current system. And you just have to put the ECU there, connect to the ECU, and enter the vehicle pin. So that is quite probably also the reason that they reuse the secret. Because if you use a different secret, you have to have some kind of complicated secret sharing protocol that, well, brings the new ECU up to speed with the key material that's being used inside the vehicle. Thank you. Microphone number one, please. Hello. So what I'm struggling to understand here is why there was the need to decouple the communication in the first place and just split it in two. I can guess that it's so that the ECU can be trained on new keys. But then isn't it easier to just, instead of training like the ECU and telling, hey, this is the new keys key, just load the ECU key on the new transponder. So if I understand your question correctly, is that you wonder why we need two different authentication systems, one for the key to BCM and one for the engine to BCM and not use the simple model of having the key talk to the engine control module? That's correct. All right. You have to understand that engine development is done by different companies. And the same engine may be used in various different vehicles, maybe even from completely different ranges. And it is complicated to give these cars a different firmware. So it's definitely possible, but they just want to build an engine and build a car and have it work together. And another car with the same engine should also work. So it has to do with the process of developing vehicles. But then shouldn't also, I mean, I'm assuming that the part that talks to the transponder and talks to the engine still has to match the engine communication protocol anyway. So I mean, doesn't the car producer still have to match the engine protocol anyway at some point? So why just not implement it on the key in the first place? Yeah. Well, this is all speculation from my side as well. I have no inside information as to why they did this. But I can imagine ways that they could fix this and they don't do it. And my experience is that generally this has to do with legacy and compatibility issues. They could also just embed five algorithms in the BCM or the engine control module and just, by configuration, choose the one that fits for that vehicle. I have no idea why they don't do that. But once again, these are not software companies. These are automotive companies. Awesome. Thanks. Thank you. Microphone number three, please. Thank you for the great talk. Once we have the OBD connected to the internet, and do you see any other complication that could prevent me to hack the car remotely from there? OBD connected to the internet. Now, well, no. Once you have OBD access, so you can use the OBD port, you can do a lot. There are cars that use a gateway that is some kind of filter or you have to authenticate towards it before you can access the internals of the vehicle. So it really depends on the model. It depends on the manufacturer to which extent you have room to maneuver there. For some, it will be super easy. For some, it will be a lot of work. For some, it might be impossible. But you certainly have a very, very good starting point. Thank you. Microphone number one, please. Hello. Did you spot any kind of anti-brute force measures during your analysis? That's question number one. And question number two is, obviously, you had access to the internal communication between the BCM and ECM. But where those attacks that's successful on Fiat and Peugeot, are they doable using just the OBD to port? Or do you actually need to see the internal communications? I tried to point out in the beginning of my talk that I carry out all the attacks presented. And I focused only on functionality that is exposed through OBD. So yes, I did some stuff on the hardware of the ECUs. But that was just for research. So the attacks are absolutely doable over OBD. OK, and the previous question, which was already partially answered, so no locking out after five failed trials of? Yeah, yeah. I think? I did find something that was peculiar in the PSA case. And that is that if you, let me think, there is rate limiting implemented in the PSA on the engine control module. Is that right? No, on the body control module. And that means that if you spam challenges, it will at some point no longer give you the response, which sounds like a good idea, rate limiting. But they did it on the wrong side. Great, thank you. Thank you. Microphone number two, please. Have you spotted some kind of relationship between public identifier of the car and the secret used to authenticate in the service? So if the VIN in some ways could be converted in the secret, the pin code of the car. No, I see where you had it. But I haven't spotted anything like that. OK, thanks. Questions from the internet? No more. No more. In this case, ladies and gentlemen, bedankt Wouter Boxlack. Thank you very much.