RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems

The presentation discusses the vulnerability of rolling code systems in cars and the discovery of a new attack called rollback. The vulnerability affects many Asian cars and can be exploited without signal jamming. The root cause is still unknown, and there is no explicit mitigation for the vulnerability at the moment.

• Rolling code systems in cars are vulnerable to a new attack called rollback
• Many Asian cars are affected by the vulnerability
• The attack does not require signal jamming and can be exploited by capturing and replaying signals
• The root cause of the vulnerability is still unknown
• There is no explicit mitigation for the vulnerability at the moment

The presentation explains that the rolling code system in cars is designed to prevent replay attacks, but it is still not 100% effective. The system works by ensuring that every signal emitted from the key fob is unique, and there is a counter in both the key fob and the car that increases every time a signal is received. If all the counters are in sync, the car unlocks. However, there is a safety feature that allows accidental button presses, which can be exploited by attackers. The presentation warns against rushing to buy a hack RF and using the knowledge gained to play around in a parking lot.

Automotive Remote Keyless Entry (RKE) systems implement disposable rolling codes, making every key fob button press unique, effectively preventing simple replay attacks. However, RollJam was proven to break all rolling code-based systems in general. By a careful sequence of signal jamming, capturing, and replaying, an attacker can become aware of the subsequent valid unlock signal that has not been used yet. RollJam, however, requires continuous deployment indefinitely until it is exploited. Otherwise, the captured signals become invalid if the key fob is used again without RollJam in place.We introduce RollBack, a new replay-and-resynchronize attack against most of today's RKE systems. In particular, we show that even though the one-time code becomes invalid in rolling code systems, there is a way to utilize and replay previously captured signals that trigger a rollback-like mechanism in the RKE system. Put differently, the rolling codes can be resynchronized back to a previous code used in the past from where all subsequent yet already used signals work again. Moreover, the victim can still use the key fob without noticing any difference before and after the attack.Unlike RollJam, RollBack does not necessitate jamming at all. Furthermore, it requires signal capturing only once and can beexploited any time in the future as many times as desired. This time-agnostic property is particularly attractive to attackers, especially in car-sharing/renting scenarios where accessing the key fob is straightforward. However, while RollJam defeats virtually any rolling code-based system, vehicles might have additional anti-theft measures against malfunctioning key fobs, hence against RollBack. Our ongoing analysis (covering the Asian vehicle manufacturers for the time being) against different vehicle makes, models, and RKE manufacturers revealed that ~70% of them are vulnerable to RollBack. Since most of the RKE transceivers from three out of the four (identified) manufacturers were vulnerable, the impact is expected to be bigger worldwide.