Autoeastern Cyclone Matrix TRF Keyless Entry System Replay Attack Vulnerability

A replay attack vulnerability has been identified in the Autoeastern Cyclone Matrix TRF Smart Keyless Entry System, specifically in KIA vehicles in Ecuador for the 2024 and 2025 model years. This vulnerability arises from the use of learning codes in the key fob transmitter, allowing an attacker to capture and replicate the signal used to unlock the car. The issue has been confirmed on other KIA models in Ecuador as well.

Impact

Exploitation of this vulnerability allows for unauthorized unlocking of vehicles, cloning of key fob signals, and potential backdooring of keyless entry systems by adding external learning codes.

Reproduction

The vulnerability can be reproduced by capturing the radio frequency signal from a KIA key fob using an antenna. Once the signal is intercepted, it can be replicated to unlock the vehicle. This attack takes advantage of the fact that learning codes do not change with each use, leaving them open to cloning and replay attacks.

Remediation

Users are advised to replace key fobs using learning codes with ones that utilize rolling codes, a more secure technology that has been available since the 1990s. This vulnerability has been reported to KIA Ecuador, but no remediation has been implemented. The issue is being addressed with the support of the Automotive Security Research Group (ASRG).