Vehicle alarms' insecurity and something else
The vehicle alarms’ insecurity was investigated to verify if the commercial characteristics comply with the technical part. It was possible to demonstrate several PoC shows that it is possible to make several attacks to the alarm, even without knowing the millions of codes.
This investigation was based on analyzing the security level of the generation / use of codes for the activation of functions of the vehicle alarm system. The samples of the analog signals emitted by the original control were analyzed and the manner of coding of said signals was investigated, in order to verify if the control panel of the alarm accepted the signals emitted with another device that is not the original sensor and in turn a signal repeated indefinitely in time. This means that by generating signals taken from the original control, it is possible to carry out an attack on the alarm center, even without knowing the thousands of codes that the alarm control unit has, which according to the manufacturer, the codes are different between each control action for its greater security. In conclusion, it is possible that with only between 2 to 5 samples taken from the original control, actions can be taken against the central alarm, revealing a way to perform different attacks, such as unlocking, locking, and making a (DoS) denial of service so that it consumes the entire battery of the vehicle, even if the user wants to deactivate the alarm, the control unit will be activated again until the battery runs out and can not start it. Leaving as evidence that algorithms should be implemented in the safest vehicle alarm systems to improve the impact of a possible attack from a distance. A PoC is incorporated into the investigation, using the same device in home alarms, managing to deactivate or activate the alarm of a house.