> To really do this correctly, you need to have cryptographic challenges between a key and an ECU,
Nonsense. The problem isn't cloning the key, the problem is that you are reprogramming the lock to accept this new key you happen to have with you. No amount of crypto is going to save you when your verifier is full of holes.
You can't even use signing to only accept approved programming devices since OBD regulations enforce it's openness.
> all communications over an open bus
Now this is an interesting point. The bus that the OBD is connected to controls a whole bunch of devices all over the car. It's possible that no access to the inside of the car was required to execute this attack. Looking at the video it doesn't seem like they really stoop inside the car to grab anything actually so perhaps there's a way to get at the CAN bus via the presumably electronic wing-mirror?
1) The cryptographic challenges are a necessary but not sufficient part of building a secure car access control system. All the active components in a car are horrible from a security perspective, usually huge libraries from third-party manufacturers, and all kind of duct-taped together. So bad that a malformed audio cd in the entertainment system could actually totally pwn the car, including driving controls.
2) There are wireless extensions to OBD-II to run tire pressure monitors. You can do a no-touch OBD-II hack. Presented at USENIX last year.
Tesla is really the only manufacturer who is likely to do better, since they build a lot of stuff in-house vs. buying badly documented components. I would love to audit the Model S (especially if in doing so I got an earlier delivery position).
> You can't even use signing to only accept approved programming devices since OBD regulations enforce it's openness.
I think you could get openness with signing. You have a central, non-profit authority that blesses, records, and publishes all signings in real time. When a car turns up missing, you see if anybody re-keyed it and the police have a discussion with them. You could recoup expenses with a modest charge per re-key.
Nonsense. The problem isn't cloning the key, the problem is that you are reprogramming the lock to accept this new key you happen to have with you. No amount of crypto is going to save you when your verifier is full of holes.
You can't even use signing to only accept approved programming devices since OBD regulations enforce it's openness.
> all communications over an open bus
Now this is an interesting point. The bus that the OBD is connected to controls a whole bunch of devices all over the car. It's possible that no access to the inside of the car was required to execute this attack. Looking at the video it doesn't seem like they really stoop inside the car to grab anything actually so perhaps there's a way to get at the CAN bus via the presumably electronic wing-mirror?