Hyundai Uses Example Keys For Encryption System (schneier.com) 107
"Hyundai predictably fails in attempting to secure their car infotainment system with a default key lifted from programming examples," writes Slashdot reader sinij. "This level of security is unfortunately expected from auto manufacturers, who also would like to sell you always-connected Car2Car self-driving automobiles." Cryptographer and security experience Bruce Schneier writes: "Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]," writes an unidentified developer under the name "greenluigi1." Luck held out, in a way. "Greenluigi1" found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like "RSA Encryption & Decryption Example with OpenSSL in C." Two questions remain:
1.) How did the test key get left behind?
2) Was it by accident or design?
1.) How did the test key get left behind?
2) Was it by accident or design?
How many? (Score:5, Funny)
Bruce,
how many people do you want to strangle when stupid mistakes like that happen?
Probably some manager (Score:2)
Most likely this was about lack of communication.
Re:Probably some manager (Score:5, Interesting)
We'll fix that later. Then deadline for software release approaches and later don't occur.
Or the person that did use the example data was laid off and hadn't documented it.
Why not get it right directly? That's usually because it requires a PKI infrastructure that's not in place when the first integration happens. The IT department on large companies has a lead time of a year to get things like that rolling. Often from an outsourced IT department that's billing by the hour so it has to be budgeted first as well - and then they'll have to find someone knowing how to set up a certificate server.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The decision of "release blockers" are taken by managers with no clue at all about the severity. They only care about things that the user would recognize as being a problem.
If the vehicle works as intended then it's not registering as a stopper.
Re: (Score:2)
Re: (Score:2)
Most likely this was about lack of communication.
Communication with reality, you mean? Or communication when HR hired people that the domain experts told them to never, ever hire under any circumstances?
Re: (Score:2)
You have a reality in which the HR people ask domain experts for hiring recommendations? Impressive...
Re: (Score:2)
No, I wrote that HR was told to not hire them. HR obviously does not ask and does not listen.
ROFL (Score:5, Informative)
And it's not like this secures some high school project or little DIY maker faire type item..it's every Hyundai car's updater.
That means anyone can now apply updates with custom firmware and jailbreak your Hyundai!
Re: (Score:2)
Re: (Score:3)
For security, you should never skimp on the cost. And also don't just buy a library then get some cheap guy to integrate it for you, because even if you paid for a security library you still need an expert to use any of them properly.
I never had to buy a single library in ~25 years to generate keys and certificates, is this really a thing?
Re: (Score:2)
I never had to buy a single library in ~25 years to generate keys and certificates, is this really a thing?
Me neither. AFAIK, there's free utilities in both CLI and GUI format for macos, linux and windows to generate all the keys you'd like, especially the type of keys you'd see in examples in NIST guidelines.
Re:ROFL (Score:5, Insightful)
Rolling your own is pretty much always worse than just picking one of the freely available libraries.
And certified libraries could be worse, depending on who is doing the certifying and what their motivations are. Plus certified versions will always lag significantly behind because of the expense and time of getting the certification. There are plenty of instances where the certified version has known vulnerabilities that have been fixed, but the fixed version has not passed the certification process yet.
Re: (Score:2)
And certified libraries could be worse.
No, no, and no. There is no worse than using example keys instead of any generated keys, besides well, using no key. Even the crappiest, uncertified library implementation would be better than using one whose private key is published in the implementation guidelines.
That said, implementation for generation of these keys is pretty mature and OpenGPG would have been more than sufficient for Hyundai's purpose.
Re: (Score:2)
There is no worse than using example keys instead of any generated keys, besides well, using no key. Even the crappiest, uncertified library implementation would be better than using one whose private key is published in the implementation guidelines.
Libraries don't come with keys. You can buy WolfSSL or use OpenSSL non-FIPS version, that's unrelated to knowing how to use it and being stupid enough to copy an example key into the product.
Many consider the FIPS version of OpenSSL to be worse. Once something is certified, it because prohibitively expensive to change it and re-certify. So FIPS-OpenSSL is basically an old version on OpenSSL, with unfixed exploits.
Re: (Score:2)
Re: (Score:3)
It's a car stereo. If someone's in your car "updating" it, they're more likely to update it right out of there, along with the rest of the car. Someone was probably told to implement some signed code security, you know, stuff, but make sure it doesn't break anything.
Now, if you used that as a backdoor to give yourself free heated seats or something, it would get fixed in a hurry.
Re: (Score:2)
Re: (Score:3)
It's a car stereo. People bitch about their consumer gadgets being locked down. Well, this one isn't. Maybe Hyundai is just getting a head start on complying with the new repairability laws.
Re: (Score:2)
Re: (Score:2)
It's a car stereo. If someone's in your car "updating" it, they're more likely to update it right out of there, along with the rest of the car. Someone was probably told to implement some signed code security, you know, stuff, but make sure it doesn't break anything.
Now, if you used that as a backdoor to give yourself free heated seats or something, it would get fixed in a hurry.
Actually, the big problem with something like this is that it allows the someone to "update" the stereo to remove any anti-theft stuff (like not working after a power outage without a owner-known code), and resell it.
This makes owners of the car more likely to have their cars broken into and the stereos stolen.
This is not the real issue (Score:2)
The real issue is not the example key.
The true real issue is that the key can be read as-is from a ROM dump, because if just means that even a true randomly generated key would still be read from the ROM, the exact same way as the example one was read.
Re: (Score:2)
And if I had spare bytes into a ROM. I'd probably fill with a honey pot security key, to mislead researchers the wrong way as much as possible, even if I don't need a security key. Would be very fun to just imagine researchers scratching their head and spending hours trying to crack that ROM chip with pointless efforts.
Re: (Score:2)
Re: (Score:2)
The writeup describes three keys: a zip file password, an AES key, and an RSA key used for signing. The zip file password and AES key were visible in shell scripts from the build process which were included in distributed firmware. The writeup only mentions finding the public component of the RSA key.
So you're a bit too optimistic, because secret material was published, but your optimistic assumption does hold for the only asymmetric key.
Re: (Score:2)
Being able to read the PUBLIC key from ROM isn't really that terrible. You need the private key to sign the firmware, the public key is just in the ROM to verify the signature. And it's intentionally very hard to derive the private key from the public key.
But my questions here is, if they found the public key in the ROM it doesn't mean they USED it. It could have been one of an array of keys in the code, used for testing, and that key isn't even the one being used. Has anyone checked this?
Re: (Score:2)
"The true real issue is that the key can be read as-is from a ROM dump, because if just means that even a true randomly generated key would still be read from the ROM, the exact same way as the example one was read.
No, because the key in ROM is the *public* key. What you need is the corresponding *private* key. if it's an example key, getting the public key gives you private key because the private key is listed right there in the example. If it's a properly generated key pair, having the public key does
Re: (Score:2)
Re: (Score:2)
Any number of the correct bit-width can be a "valid key". What's actually needed is a look-up table of common keys, similar to a list of compromised passwords, and software that blocks weak keys (passwords) from being used.
For all I know, they selected a number at random and it just so happened to be the NIST example, but I wouldn't bet on it.
Re:ROFL (Score:5, Insightful)
Management needs the software to be secure. Tells programmer to secure it. Programmer goggles how to secure it, and reports job done. Box ticked, management moves on.
Seen it happen. One place I worked argued we didn't need any security because nobody would want to target us.
2) Was it by accident or design? (Score:5, Insightful)
Yes.
It was by design, because the programmer implementing the system had no training in this particular aspect of the infotainment system, and had no idea how security-oriented decisions affect systems for the long term.
It was by accident, because the programmer implementing the system didn't even understand just how out of their depth they were, and had no idea how security-oriented decisions affect systems for the long term.
This is why it's essential to have proper review, and why software quality assurance with access to the code is essential.
"yes" indeed. (Score:1)
I would not be surprised at all were we to learn that there was review, but that the reviewer was of comparable competence.
More worrying than this utter incompetence is that car infotainment systems tend to have access they oughtn't and so breaches here give full access to the rest of the car too, including rather more sensitive parts.
In short, apparently nobody in the auto industry who does anything at all with all this chippery stuff is capable of long-term thinking, nevermind proper architecting, in th
Re: (Score:3, Funny)
I would not be surprised at all were we to learn that there was review, but that the reviewer was of comparable competence.
Actually, my money is on the following scenario.
Manager: I've been asked to give you some real-world experience, so I want you to set up the encryption for this system.
Intern: No problem, I've used AES before. I'll create a secure key and as secure a way as possible to distribute it.
Manager: Ha ha ha, aren't we eager! But don't go trying to do too much - I've got the keys ready for you. Just plug it in.
Intern: This looks familiar somehow... regardless, you sent the key to me and the entire management team v
Re: (Score:2)
that car infotainment systems tend to have access they oughtn't
Is that true for anything modern. I have been tangentially involved in some automotive security assessments and at least in the case of the manufacture we have been working with things like engine management, light controls, wipers etc are whitelisted on the body module, which acts as a sort of firewall and will either not pass messages or only pass certain mostly (read commands) message to the ECM components. Having code execution on the head unit for example, might me you could start sending CAN messages
option 3 (Score:5, Insightful)
Re: (Score:3)
I own a Hyundai and I'm not surprised by this at all. The infotainment system feels like it was made by someone who has heard of smartphones but doesn't use one.
Re: (Score:2)
I would be surprised.
Re: (Score:2)
I owned a 2013 Hyundai with the low-end audio package. It was clunky and awkward to use, but hey, it's the low end package. I didn't complain. Recently I got rid of it and bought a used 2013 Honda with their high-end audio package. And suddenly I saw just how downright usable the Hyundai system was. At least the Hyundai would sort MP3s on a flash drive by filename. They Honda just presents them in directory order. And only supports a single level of subdirectory. And only displays the first 20 character
Re: (Score:2)
Incompetence is an example of "by design". Employing this kind of incompetence implies the project is staffed by people who don't meet the requirements to implement what is required in a project. "Designed to fail" describes the execution of the project itself.
It's okay, because... (Score:5, Funny)
Hello Flipper Zero (Score:2)
Leaked source code - preceding comment (Score:5, Funny)
# TODO replace these keys before release!!
Re: (Score:3)
Exactly, probably combined with turnover.
An embarrassing mistake, to be sure, but people are really over-doing the importance and the implications. It is a car stereo. Update and move on.
For people who don't understand the problems with connected cars and centrally integrated appliance electronics, this should be a wakeup call; but it says nothing about Hyundai specifically, or their security practices compared to other companies. Every integrated system will have bugs somewhere in the system that can be us
Re: (Score:2)
I didn't say "nothing to see here;" you did. What I said contained more words, and most of them were essential to understanding the meaning that I conveyed.
Re: (Score:2)
Screw that, it compiles, ship it.
Bananaware for the win!
Hey... (Score:2)
That's the same AES key I set for my luggage!
Re: (Score:2)
With the difference that the chance of your luggage hurting someone is highly dependent on your intention to do so. Cars can do that all by themselves if they go bonkers.
Re: (Score:1)
A Spaceballs reference. Kudos.
Korean Programmers don't speak English (Score:5, Insightful)
To be fair this approach works 99.9% of the time. They got a product finished and it works, it just has a bug that never came up in testing.
As an aside most Korean government websites have only just started moving to HTTPS. It might be because they have a very honest society but security is not a high priority there.
(many) Koreans do speak English (Score:2)
Over half of Koreans speak at least some English. That proportion is going to be higher among people with technical jobs. It is implausible that none of the Korean programmers could read the English comments well enough to tell what was going on.
Those that are good at English are too valuable (Score:3)
Damned if you do, damned if you don't (Score:2)
What were they supposed to do, roll their own cryptosystem?
Re:Damned if you do, damned if you don't (Score:5, Insightful)
How about, and just as a crazy idea, hear me out on this one, not trying to implement a feature they are not competent enough to implement?
We're talking CARS here for fuck's sake. This isn't a damn novelty trinket where nobody gets hurt when it's system crashes, when a car crashes, chances are pretty good that someone gets hurt!
Get someone who knows his shit!
Re: (Score:1)
We're talking CARS here for fuck's sake. This isn't a damn novelty trinket where nobody gets hurt when it's system crashes, when a car crashes, chances are pretty good that someone gets hurt!
No, we are talking an infotainment center here. It plays music and shows videos on the back of the seats to shut up the kids.
I don't know about you but I've owned a car long ago that didn't even have a radio in it, foregoing this trinket in exchange for being really cheap.
It still moved to get me to where I needed to go and, equally important, still stopped moving once I got there.
Even my other cars that did have radios managed to be perfectly safe out on the road without fancy encryption to keep me from p
Re: (Score:2)
No, we are talking an infotainment center here. It plays music and shows videos on the back of the seats to shut up the kids.
Don't know much about modern cars eh? Getting access to the update function could give them access to a lot more than the infotainment functions. The infotainment system in modern cars is part of a larger software package that runs the entire vehicle, and most do local and over-the-air updates not just for entertainment functions but automotive functions as well. Just go look at Blackberry QNX or Visteon's websites to see how complex modern cars have gotten. It's not just a radio anymore.
Re: (Score:2)
An infotainment system is still part of the CAN, and there are a lot of high priority tasks the "car stereo" does. Things like climate control, offering preferences for stuff like traction control, auto locking, and in some cases is the main point where updates for the other parts of the car happen.
Of course, it would be nice to go back to the days where we had one section of the console handle all that, then use a standardized 1-2 DIN mount for a car stereo which... just is a car stereo and doesn't do any
Re: (Score:2)
> What were they supposed to do, roll their own cryptosystem? :shrug: I got the joke.
Re: (Score:2)
Thanks. Some people didn't!
CVE? (Score:1)
Ironic ... (Score:5, Funny)
Apparently one of their new marketing campaigns for 2022 is (not making this up) "Leading by Example".
From Hyundai "Leading by Example" in New Marketing Campaign for the 2022 IONIQ 5 [prnewswire.com]
FOUNTAIN VALLEY, Calif., April 25, 2022 /PRNewswire/ -- Hyundai Motor America and its African American marketing agency of record, Culture Brands, have launched a new campaign for the award-winning, all-electric 2022 Hyundai IONIQ 5. Building on the OKAY Hyundai theme, the campaign, titled "Leading by Example," showcases the convenience of an electrified lifestyle.
Re: (Score:2)
Leading by example? That sounds more like some of the people responsible have been sampling the lead.
Re: (Score:2)
Leading by example is literally a "textbook" slogan that every company / MBA at some point spouts. It's supposed to be the opposite of "do as I say not as I do" and also makes perfect sense when you are demonstrating the capabilities of something new.
The Car Industry Can't Even (Score:2)
Make an electronic gas pedal work right.
How can we be surprised by this?
Sigh.
And the admin password is (Score:3)
Allow me to tell you why (Score:4)
Why that can happen? Well, it's fairly easy.
You have car engineers. They know how to design cars and they're really good at that. They've been doing that for ages.
In comes that young, dynamic and totally clueless markedroid and tells them that we now need the internet in their cars. Because that's what customers want now. Ok, customers don't want it. They don't even know they want it. But customers get told that the car now has one more feature than the competing car and that's one thing more we can do the competitor can't and that's what makes our product better. Right? More stuff is always better, c'mon, what are you do disagree, a commie?
So our car engineers now have a problem, because they are already unable to really get their home internet running, and they sure as all hell don't get any new talent, let alone security talent (have you taken a look at what these security goofballs charge? And they don't even do anything, they just look at what you did and tell you everything's wrong and that you have to redo it and make everything more expensive! We have no money for that kind of con job!). So they do what every good (ok, bad) programmer in the past 20 years has done when faced with a task they can't do: Copy/paste from Stackexchange. Preferably without even remotely understanding what the fuck they are doing, but hey, it works.
Now, that's a rather minor problem when dealing with, say, webpages or other programs where a crash isn't fatal. Something that may well happen with a car...
Re: (Score:2)
Re: (Score:2)
I don't say that the designer of the car should know security. Would be nice, but as you say, nobody is an expert at everything.
The flaw also isn't with the engineer. The flaw is in management who wants something that their engineers cannot deliver, or at least cannot deliver securely. They aren't experts in security, they are experts in car design. But if you force them to dabble in fields they are not experienced in, you will get the same kinds of mistakes and security blunders that we haven't seen in com
Re: (Score:2)
Re: (Score:2)
People who have a background in automotive and security are rare. I know exactly one, me, and that's more a weird coincidence than anything I ever planned. It has more to do with my crazy life. And everything that's rare is also expensive. And sorry, no, I'm taken, I doubt car manufacturers make a better offer than banks.
But we're not talking about needing a seasoned security expert to implement those processes. What you need is what they already have, and give these people a current security training so th
Grey's Law (Score:5, Funny)
“Any sufficiently advanced incompetence is indistinguishable from malice.”
Re: (Score:2)
Does not apply here as this in itself would be an example of "incompetence at malice". Seriously there are many ways of implementing back doors, and simply using a documented example key doesn't make sense for *any* of them.
Unless the malice you are talking about here is that someone internal to the company is trying to destroy it from within by employing only the most incompetent people, then sure.
Re: (Score:2)
Mod parent even funnier.
No worries (Score:2)
You could steal them just by using a USB plug to turn the ignition.
https://www.thedrive.com/news/... [thedrive.com]
Oh please, let it happen to Toyota. (Score:3)
I would love to install a homebrew entertainment O/S over top of the POS that it has at the moment.
Re: (Score:1)
Re: (Score:2)
WinCE had car profile, afair. It's not related to any other PC windows different code, real time kernel, custom build system, small code base. Really embedded
Marketing feature checkmark (Score:5, Interesting)
Didn't south Korea have an internet outage? (Score:2)
I can see what happened during last year's outage:
"You need to generate a new set of encryption keys for the project. Simply go to the NIST example document and copy the key gene{#`%${%&`+'${`%&NO CARRIER)"
As I keep saying (Score:2)
The last thing I want is some strung out programmer thinking they know better than I how to drive a car. If they can't get a simple key encryption right, what could possibly make them think they can program the software for an automatic car?
Stick shift, buttons/knobs for most controls. Clear. Simple. Easy.
Re: (Score:2)
Almost this. Got the wife a new car last year, and it is just too interferringly-automated for me. The headlights are plenty bright, I turned off the brights and the car turned them back on for me. Like most cars, there are a few delay-between-wipes wiper blade setting. I had it set to a low level, a few extra drops of water got on the screen, and the car sped them up. Almost cool - but it didn't slow 'em back down again once the offending droplet was gone.
The on/off for radio isn't on/off - it is mute
Example keys in an example car? (Score:2)
When I think about Hyundai, I think 'example cars' built from the textbook without excessive attention to safety.
Specifically, I get the impression Hyundai cars catch fire too easily after an accident.
Just googled and found this to back up my viewpoint:
https://www.abcactionnews.com/... [abcactionnews.com]
Re: (Score:2)
No different than Teslas plowing into emergency vehicles [cnn.com] which have their lights on or mysteriously braking [cbsnews.com] for no reason in the middle of highways.
Re: (Score:2)
Re: (Score:2)
reminded of ... (Score:1)
Bad on Hyundai, of course, but... (Score:2)
That tutorial is pretty irresponsible too.
It starts with examples of generating key material, which is good, then the example code uses variables instead of reading from the aforementioned files. The tutorial really should have referenced the files they had demonstrated how to generate.
If they explicitly wanted to demo embedding keys into the code, they should have shown a snippet to take the files and make C format around them, and use #include, without ever including example keys.
I've learned in document
Re: (Score:1)
The number of Java keystores I've come across with changeit as the password is surprisingly high.
Re: (Score:2)
Updater Has Been Mysteriously Pulled for Months (Score:2)
Re: (Score:2)
Yes, this is probably exactly why. They also pulled down their "open source" downloads since that's where the keys were located.
Original from May (Score:1)
Interesting that no one seems to have linked to greenluigi1's original posts:
https://programmingwithstyle.c... [programmingwithstyle.com]
It was quite interesting to read all the things they tried.