Hackers are perpetually attempting to gain unauthorized access to systems. The malicious ones steal information, demand ransoms, and create chaos, while ethical hackers employ similar techniques but aim to inform the public about potential security gaps. Recently, it was the ethical hackers who identified a significant flaw in one of Subaru’s keyless entry systems.
Although this specific system has been out of use since 2011, numerous vehicles equipped with it remain in operation today. These include:
- 2006 Subaru Baja
- 2005 – 2010 Subaru Forester
- 2004 – 2011 Subaru Impreza
- 2005 – 2010 Subaru Legacy
- 2005 – 2010 Subaru Outback
Importantly, it should be noted that newer Subaru models, as well as the Subaru BRZ, Scion FR-S, and Toyota 86 across all model years, are not impacted by this issue.
The details of this vulnerability can be found on GitHub. Essentially, the code sent from the key fob to the car is not random; it follows a sequential pattern. This predictability allows someone who intercepts a few commands to anticipate the following code, giving them the ability to send unauthorized commands to the vehicle. Consequently, they could lock and unlock doors, access the trunk, or trigger the panic feature without needing the key fob. Furthermore, a hacker could disable the original key fobs, granting them exclusive remote access to the vehicle. Although exploiting this vulnerability requires some electronic technology, it is not particularly difficult or costly to obtain. An adept electronics enthusiast could easily replicate these techniques.
The GitHub documentation offers a preventive measure against this vulnerability: avoid sending the same command repeatedly. For instance, pressing the “unlock” button two times to first unlock the driver’s door, then all doors, allows an eavesdropper to capture both codes, which could lead to deciphering the entire code sequence. By opting to send a single command, the likelihood of that second piece of data being intercepted diminishes significantly. Drivers can still unlock the driver’s side door remotely and then utilize the vehicle’s internal button to unlock the remaining doors.
We have contacted Subaru for their response regarding this issue and will provide updates if we receive a reply.
UPDATE: Subaru has issued the following statement:
“Subaru adheres to industry standards for keyless entry systems, and its vehicles are no more vulnerable to unauthorized entry than those of other manufacturers. While the theoretical possibility outlined in the hacker report exists, we are unaware of any field cases where a customer’s vehicle has been compromised. The Subaru keyless entry mechanism is independent of the ignition system; therefore, without the actual key, the vehicle cannot be powered or started.”
“The Subaru keyless entry system operates using a key fob with a short-range radio transmitter that must be within approximately 50 feet of an equipped Subaru vehicle. This passive system transmits a coded signal via radio waves to a receiver in the vehicle when a button on the fob is pressed, which subsequently locks or unlocks the doors and/or trunk.”
.
