Remote Door Controls Are Car Security Flaw
遥控车门实则是安全漏洞

Researchers found that a bad actor could cheaply and easily clone a remote keyless entry system to gain entry. Christopher Intagliata reports.
研究者发现，不法分子可以以低代价轻松克隆遥控免锁系统而打开车门。克里斯托弗·因塔利亚塔(Christopher Intagliata)塔报道。

撰文/播音：克里斯托弗·因塔利亚塔(Christopher Intagliata)
翻译：杨枭
审校：李轩

Today's cars have loads of computer smarts built in. Like the chips that allow you, with the push of a button to unlock your car. And as new cars move down the assembly line, automakers program those functions into the car.
如今，汽车已内置许多计算机智能系统。比如可以让你按下按钮就开启车门的芯片。当新车下流水线，汽车制造商会将这些功能编程录入车中。

"They produce one car and they program a cryptographic secret in it, in order to secure it against thieves." Timo Kasper, a cryptographer and engineer at the security and IT consulting company Kasper & Oswald. "Then comes the next car on the production line and they put the same secrets into the second car. And then comes the third car on the production line and they again put the same secrets into this car. And they repeat this process for millions of cars in the world. And now millions of cars in the world share the same cryptographic secret. Of course, this secret is not so well protected anymore, because it's in every of these million cars, and in every remote control. And this is of course a typical example of how to not do it."
蒂莫·卡斯珀(Timo Kasper)是卡斯珀-奥斯瓦尔德(Kasper & Oswald)安全信息咨询公司的解密员兼工程师。他说：“当生产一辆车时，他们会在其中编入一个密码锁，以防止窃贼盗车。但在该生产线的下一辆车上，他们仍会导入相同的密钥。同样，第三辆车也会被导入相同的密钥。全世界会有上百万辆车被重复相同的流程，于是它们都被内置了相同的密码锁。很显然，这个密码锁就不再那么安全了，上百万辆车及其遥控系统都在使用这同一个密钥。这明显是不该出现的情况。”

And yet, he says that's exactly how the Volkswagen Group did do it, for many cars manufactured in the last 20 years. Kasper and his colleagues decoded that shared cryptographic secret by studying the design and operation of chips from VW Group cars and remotes. After hacking the hardware, they were easily able to eavesdrop on and decrypt unlocking signals, clone the remote control and unlock cars. They presented the details August 12th at the USENIX Security Symposium, in Austin, Texas. [Flavio D. Garcia et al., Lock It and Still Lose It—on the (In)Security of Automotive Remote Keyless Entry Systems]
然而，这确实就是过去二十年大众集团做的事情。卡斯珀和他的同事研究了大众汽车远程操控的设计和运行芯片，从而破解了其密钥。在破解硬件系统之后，他们可以轻而易举地窃听并解码开锁信号，克隆远程遥控并开启汽车。8月12日，在德克萨斯州奥斯丁市举行的USENIX计算机安全研讨会上，他们公布了研究的细节。

Kasper says VW is aware of the problem—and they're not alone. "This is not a VW bug but this is a red line, as we Germans say, through all the automotive industry." In fact, in the same study, they showed that another encryption system used by many other brands, including Ford, Chevy, Nissan and Mitsubishi, has a weak cryptographic algorithm—which, again, allowed the team to break into more than a dozen cars.
卡斯珀表示，大众知道问题所在，但他们并不是唯一这样做的公司。“这并不是大众的漏洞，而是，如同我们德国人说的那样，一条贯穿了整个汽车制造工业的警戒线。”事实上，这项研究中展示的被其他品牌使用的加密系统，包括福特、雪佛兰、尼桑、三菱，加密算法都很差，这使得卡斯珀的团队又一次破解了十几辆车。

Bottom line? It's easier to hack into cars than many drivers might have imagined. So if you want to avoid eavesdropping, the researchers recommend simply ditching remote controls and cryptography, and just go back to the good old metal key.
总而言之，黑进一台车比许多司机想象的都容易得多。因此，研究人员建议，如果你想要避免被窃听，还是丢掉远程遥控密码锁，回归原始的金属钥匙吧。