| dc.contributor.author | Gesteira-Miñarro, Roberto | |
| dc.contributor.author | López, Gregorio | |
| dc.contributor.author | Palacios, Rafael | |
| dc.date.accessioned | 2025-06-10T18:29:45Z | |
| dc.date.available | 2025-06-10T18:29:45Z | |
| dc.date.issued | 2025-05-31 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/159387 | |
| dc.description.abstract | The automotive industry has been a target for cyber criminals for decades. New regulations have come into force in the automotive industry and manufacturers must take cybersecurity into account. One of the most interesting vehicle systems is the Remote Keyless Entry (RKE) system, which allows users to lock and unlock their cars, among other actions, with a remote control integrated in the car key. If this system is compromised, a malicious user could gain access to a vehicle remaining unnoticed. This paper presents the identification and analysis of a vulnerability in an RKE protocol that can be exploited to gain access to the car at any time, thus cloning the key fob. The reverse-engineering methodology used to uncover the vulnerability is outlined, along with other tested vehicles to show its applicability. A relevant aspect of the research is the fact that only open-source tools and available commercial hardware are needed to perform the analysis. This black-box approach is equally valid to learn RKE protocol features, without the need to extract and analyze ECU firmware, which is considerably more expensive. As a result, a detailed analysis of eight protocols from different manufacturers is shown and they are compared from a cybersecurity point of view, with one of them being totally broken. | en_US |
| dc.publisher | Springer Berlin Heidelberg | en_US |
| dc.relation.isversionof | https://doi.org/10.1007/s10207-025-01063-7 | en_US |
| dc.rights | Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use. | en_US |
| dc.source | Springer Berlin Heidelberg | en_US |
| dc.title | Clonable key fobs: Analyzing and breaking RKE protocols | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Gesteira-Miñarro, R., López, G. & Palacios, R. Clonable key fobs: Analyzing and breaking RKE protocols. Int. J. Inf. Secur. 24, 150 (2025). | en_US |
| dc.contributor.department | Sloan School of Management | en_US |
| dc.relation.journal | International Journal of Information Security | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | en_US |
| eprint.status | http://purl.org/eprint/status/PeerReviewed | en_US |
| dc.date.updated | 2025-06-01T03:28:19Z | |
| dc.language.rfc3066 | en | |
| dc.rights.holder | The Author(s), under exclusive licence to Springer-Verlag GmbH Germany, part of Springer Nature | |
| dspace.embargo.terms | Y | |
| dspace.date.submission | 2025-06-01T03:28:19Z | |
| mit.journal.volume | 24 | en_US |
| mit.license | PUBLISHER_POLICY | |
| mit.metadata.status | Authority Work and Publication Information Needed | en_US |
