r00t advisory [ Mitsubishi Eclipse ] [ Dec 10 1997 ]
-- Platform: Mitsubishi Vehicles
This exploit has been confirmed on '97 Spyder GS-T.
It is likely to exist on all Mitsubishi Eclipse vehicles
with the system installed.
Other platforms have not been tested for this vulnerability.
-- Program: Remote keyless entry system
-- Info: Mitsubishi has been notified of the problem.
A car sales representative noted in response to this
security hole "ok, don't do that then".
We have been unable to contact the vehicle security
representative for Mitsubishi.
-- Synopsis: A race condition exists in the remote keyless entry system
that can result in a denial of service attack being performed
against the vehicle. This vulnerability allows any user
of the vehicle (ie passenger) to prevent remote access to
the machine by the admin (ie driver).
-- Exploit: The problem that is being exploited here is that the door
locking mechanism prevents the door from being opened at
an earlier point in the process of a door being closed
than the point that the keyless entry mechanism is
enabled.
When logging out of the vehicle, lock the doors on inside
using the traditional door locking mechanism. Proceed to
slowly close one of the doors until the locking mechanism
triggers, but stop immediately at that point. You will
note that the door is now successfully locked and can not
be opened or closed further.
The keyless entry system will not function, and a remote
administrator with only keyless entry capabilities will
be unable to access the vehicle.
-- Fixes: There are no known fixes to this problem at the moment.
Once exploited, the admin must reset the entry system
manually using their private key.
r00t -- owning the world, one person at a time.
http://www.r00t.org