Software Developer Cracks Hyundai Car Security with Google Search
After discovering secret vulnerabilities in his Hyundai IONIQ SEL infotainment system, "greenluigi1" Software Developer decided to test security and succeeded
He learned, that Hyundai had encrypted car security using keys that were publicly available and taken from programming examples and coding tutorials
He stated that it is simple to find his car's firmware and tweak codes with online tutorials, which helped him crack the IVI's D-Audio2 system, which was created by Hyundai Mobis
He found Hyundai IVI supports firmware upgrades through password-protected ZIP packages which bypasses the car's security
It turns out,
"Hyundai Car Encryption Key uses the first AES 128-bit CBC sample key published in a NIST publication tutorials"
Coding script contains ZIP passwords, AES symmetric CBC encryption keys, RSA key pair and the IV (initialization vector) value for firmware images
Following CBC decryption vulnerability, "Microsoft feels it is no longer safe to decode data encrypted with the Cipher-Block-Chaining (CBC) form of symmetric decryption"
According to "greenluigi1," Hyundai's issue isn't misimplementing AES CBC codes; it's utilizing another key code that was disclosed publicly as a "secret"
Developer Tip: "Do not copy an RSA private key from a public code tutorials"
Find More Information