Could someone explain why there is no delay after each failed attempt? The system allowed 197k brute force attempts in 30 minutes. I just cannot wrap my head around it.
I tried reading the paper (not an expert). In the recommendation section, it does not suggest implementing a delay either. Is it just not physically possible with RFID?
I mean, a 4 digit pin with a 5 second delay would take 14 hours for all combinations (better than the half hour with Megamos)???
I have to be missing something.....It can't be this easy.....
As the previous comment says, there's a requirement to eavesdrop on at least one successful authentication.
My guess is that they're then doing the brute-forcing "offline", not against the vehicle's system. If you know the algorithm and the keysize, and you can see one successful authentication, you could ship the work of workig out which key replicates the authentication you just saw off to AWS or custom hardware (I wonder how readily Bitcoin mining ASICs can be tweaked to attack embedded or IoT authentication?) (Though it seems there's flaws somewhere in the crypto anyway - they somehow broke a 96bit key with under 2^18 attempts...)
I tried reading the paper (not an expert). In the recommendation section, it does not suggest implementing a delay either. Is it just not physically possible with RFID?
I mean, a 4 digit pin with a 5 second delay would take 14 hours for all combinations (better than the half hour with Megamos)???
I have to be missing something.....It can't be this easy.....