new | show | ask | jobs Github

IshKebab 6 days ago

But the attack claims to not need access to the car to initiate any kind of pairing sequence...

▲

the_mitsuhiko 6 days ago | parent [-]

Yes. With rolling codes this vulnerability and similar ones are known for a very long time.

▲

IshKebab 6 days ago | parent [-]

Seems to be from 2022. I wouldn't say that is "a very long time".

▲

the_mitsuhiko 5 days ago | parent [-]

The fundamental flaws with this approach to keys is known since before 2015, but got a lot of international recognition when people found cheap ways to emulate keys through cheap software defined radios around that time.

▲

IshKebab 5 days ago | parent [-]

I don't think so. The Flipper Zero isn't an SDR.

What's the earliest reference to this attack you can actually provide?

	▲	the_mitsuhiko 4 days ago \| parent [-]
		I’m talking about the earliest cases. The earliest references depend on the particular standard of crypto. KeeLoq is a very famous rolling code standard where attacks go back to 2007 and earlier. RollJam is known since 2014 [1]. It was popularized later through a custom device [2]. [1]: https://spencerwhyte.blogspot.com/2014/03/delay-attack-jam-i... [2]: https://www.wired.com/2015/08/hackers-tiny-device-unlocks-ca...