A parked 2011 Subaru Forester.
Multiple models of Subaru vehicles may be open to hacking via cloned key fobs, expert says NRMA Motoring and Services

Key fobs linked to multiple models of Subaru cars in America are reportedly vulnerable to hacking using components costing as little as £19 ($25).

A computer engineer called Tom Wimmenhove said on GitHub, an online code repository, that he found the Subaru key fob's rolling code – the internal system used to securely lock and unlock car doors – was "predictable" because it was sequential, rather than random.

"An attacker can 'clone' the key fob, unlock cars and, when increasing the rolling code with a sufficiently high value, effectively render the user's key fob unusable," he wrote alongside the source code.

The issue was first reported by Bleeping Computer.

The exploit has only been tested on a 2009 Subaru Forester but the researcher said it would work on a range of models because the fob used is the same.

He claimed the rolling code flaw impacts the Subaru Baja (2006), Forester (2005-10), Impreza (2004-11), Legacy (2005-10) and the Outback (2005-10).

According to Bleeping Computer, Wimmenhove found the bug after analysing radio signals being emitted from his own vehicle, and then realising they could easily be cloned.

A video, posted to YouTube, shows the hack in action.

On his GitHub page, he claimed that in order to launch the attack all that was needed was a receiver and transmitter. All in, he used a Raspberry Pi as the host computer to run the exploit, a WiFi dongle, a TV dongle, a power bank and a cheap antennae.

"Total cost of the hardware, when using the Raspberry Pi Zero W, should under $25," he asserted.

Wimmenhove said he that previously attempted to contact Subaru to responsibly disclose the vulnerability, however said the company "didn't seem to care".

A company spokesperson told IBTimes UK the issues do not impact UK-based Subaru models as they are a "different specification." The firm declined to discuss US models. Subaru's America operation did not immediately respond to a request for comment.

Over the past two years, multiple car hacking reports have surfaced.

The issue is not limited to the US. In London, UK, investigators from Scotland Yard's Organised Vehicle Crime Unit are currently probing numerous cases of BMW thefts where tech-savvy criminals appear to be using electronic key fobs to launch so-called "relay attacks".

"This technology used to be confined to more high-end vehicles but it is becoming more widespread and therefore there is a potential for 'relay attacks' to become more common," commented police detective sergeant Pete Ellis this week (13 October).

To combat such attacks, key fobs should be kept in Faraday wallets to jam radio signals.

In June, it emerged that some models of Mazda vehicles were open to hacking by inserting a modified USB drive into the car dashboard. In September, experts managed to hack a Tesla Model S.

Additionally, in August 2016, a landmark research paper released by two UK-based computer experts produced solid evidence that more than 100 million Volkswagen cars sold since 1995 contained major cybersecurity flaws in their keyless entry systems.

"Major manufacturers have used insecure schemes over more than 20 years," they wrote.

More from IBTimes UK
Hacking