Tips, Tricks & Trends

Millions of Toyota, Hyundai, Kia Keys Easy To Clone-Yikes!

Yeah, this isn’t good. The Texas Instruments encryption technology called DST80 used to protect Toyota, Hyundai, and Kia key fobs from hacking can be easily hacked. Thanks, Texas Instruments! It seems that there are holes in the security technology that makes hacking into the fobs easy for any tech-savvy fool. 

Thieves use an inexpensive Proxmark RFID reader or similar transmitting device for their dirty deeds. Since the fobs put out a signal the cryptographic value can be stolen by merely holding it in the proximity of the signal. When you click the fob to lock or unlock your car the reader picks up the code. The reader device can then impersonate the key to disable the immobilizer so the engine can be started.

Though easy for thieves to copy the signal there is encryption protection

Handing over car keys
Handing over the keys | Burak Fatsa/Getty Images

There is encryption to protect the signal. For protection, Toyota sends the key’s serial number as part of the signal. Hyundai and Kia do it differently. For theirs, a random 24-digit number is part of the signal. Those measures are meant to protect the code from being deciphered. 

But it turns out that these supposed safeguards are easily hacked by thieves almost instantly with a laptop. Exactly how was not shared with us. That’s too bad because some of us at Motor Biscuit could use a little side hustle. But we know the TI cryptographic key has the ability to add 80 characters to the code. That would take a lot longer for the scanner to decipher. 

Kia and Hyundai are not utilizing the full potential of the encryption available on the TI system

So Kia and Hyundai did not use the full potential of the TI system’s capabilities to ward off detection. Since they only use 24 characters rather than the full 80 characters available it drastically cuts down the time needed for the readers to scan for the code. 

Thief Stealing Car
Thieves are everywhere | Getty

Hyundai’s response is the vehicles that might be vulnerable to this type of hack are not sold in the US. Toyota says that the theft information is correct but that it applies only to older models. It also claimed that the device needed to manipulate the car’s security system was something not readily available. That is being disputed by those who took part in the research. 

We copied the list of affected cars below

We copied the list of potentially affected vehicles below for your perusal. On this list are Tesla models too. Tesla went through some rough times when it was revealed how easy it was to steal a Model S a while back. In response, Tesla conceived a fix for the problem that is applied through an over-the-air software update. The firmware is able to block the attack. Tesla also has made changes to its keyless entry technology. We understand that the over-the-air fix did work and there have been no further problems.

Affected vehicles theft list