Security News > 2022 > August > Software developer cracks Hyundai car security with Google search
A developer says he was able to run his own software on his car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples.
Turns out the encryption key in that script is the first AES 128-bit CBC example key listed in a NIST document.
The script included the necessary ZIP password for the system update archives, along with an AES symmetric Cipher-Block-Chaining encryption key and the IV value to encrypt the firmware images.
"Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]," he added.
The search results pointed to a common public key that shows up in online tutorials like "RSA Encryption & Decryption Example with OpenSSL in C.".
This means Hyundai used a public-private key pair from a tutorial, and placed the public key in its code, allowing Feldman to track down the private key.