News that the keyless entry system for many of the world's automobiles has been "pwned" by university researchers, hot on the heels of the news that the world's most popular PC operating systems both suffered a "pwning" from hackers at a security conference, raises some troubling questions for the global technology community. The most pressing questions, which citizens of the world need to have answered in the next several days if the global automotive and computer industries are going to avoid a major catastrophe, are these: How do you pronounce the word "pwn"? Is pwning a way of gathering a tasty seafood dish, or is it something far more sinister? Can Orthodox Jews engage in pwning, or would that be against the Halakhah?
There's been so much pwnage going on lately, first of the Mac OS and Windows Vista operating systems, and now of the keyless entry system for cars, garages and buildings, that here in the Digital Life Labs we have taken it upon ourselves to do a little research into it.
We have consulted with the world's leading authority on the matter, Eric Cartman of South Park fame, who in one episode of his TV shows clearly pronounces the word like "pony", only without the "y" sound at the end. Pone.
Other, more three-dimensional experts, however, consider that the word should be pronounced like the name Gwyneth Paltrow, only with a "p" at the front instead of the "g", and without the "eth Paltrow" at the end. Pwyn. Or Pwen, depending on where you're from.
Others say that, since the word may have arisen as a typographical error, it should be pronounced the same way as the word that it was supposed to be: own.
Still others argue that, due to the nature of what happens to something when it suffers from a pwnage, the word should be pronounced so it rhymes with "boon", only once again with a "p" at the front instead of the "b".
Or maybe it should be pronounced the same as "pawn", or "porn", or "prawn", depending on your appetite.
While the pronunciation is controversial, the actual act itself is not, though precisely what it is that happens to something when it's pwned, of course, depends on what it is that is getting pwned, and who's doing the pwnage.
In the case of the Pwn2Own hacking competition that took place at the CanSecWest digital security conference at the end of last month, pwning was all about hacking into and taking control of three laptop PCs: one running Microsoft's Windows Vista operating system; one running Apple's Mac OS operating system, and one running the Ubuntu operating system, which is a popular version of Linux sponsored by a company called Canonical. The first to hack into each laptop won the laptop and a cash prize.
The first laptop to be pwned, you may have read, was the supposedly secure Apple MacBook Air, which took a whole two minutes to succumb. The attack involved the hacker directing conference organisers (who were using the Mac) to a malicious website, which presumably exploited some weakness in Apple's Safari browser, compromising the security in the Mac OS and allowing the hacker to take control of, or pwn, the computer.
Really, that's how fast it can happen. Two minutes, and one visit to the wrong website, and you, too, can have your Mac pwned by hackers, an experience that will be more or less pleasant depending on how you choose to pronounce the word. Most likely, your pwned machine will be turned into the slave of a spam syndicate, which is what most malicious hackers seem do with their pwns (which in this context, I suppose, should be pronounced "pawns").
The next computer pwned in Pwn2Own was the Windows Vista machine, which hackers couldn't control until after they were allowed to install common applications - in this case, Adobe Flash - on the target machines, and then exploit weaknesses in those applications. (Previously they had only been allowed to exploit weaknesses in the applications that came bundled with the computers, which is why the Mac fell first: Safari comes pre-installed on Mac, whereas Flash didn't come pre-installed on the Windows laptop.)
Whether or not that sequence of events means Vista is harder to pwn than Mac OS is unclear. Vista was running the giant patch that Microsoft recently released, known as Service Pack 1, and it may just be that the hackers in the Pwn2Own conference weren't yet up to speed with the vulnerabilities in Service Pack 1.
What is clear, however, is that Adobe has some questions to answer about why it is that its software should be so easily pwned. After its software allowed a hacker to control the Vista machine, Adobe issued a statement saying, "Oh yeah, we knew about that bug", which rather begs the question, why didn't they do something about it?
The third operating system, Ubuntu, remained unpwned (if there is such a non-word) for the whole competition, which just goes to show you that, if the whole world ran on Linux, none of us would have ink stains in our shirt pockets.
Now, having your PC pwned is one thing - remediating such a sorry state of affairs, after all, may be as simple as installing some anti-virus software, or, at worst, reinstalling the PC's operating system and applications - but having your building's keyless entry system pwned, or your car pwned, is altogether another kettle of a tasty seafood dishes.
According to researchers at Ruhr University Bochum, in Germany, the KeeLoq encryption algorithm employed in many keyless entry systems can now be "overcome with modest effort" by anyone with a special wireless sniffer within a few hundred metres of the door that the KeeLoq is, or as it turns out isn't, locking.
That's a worry, given that KeeLoq encryption algorithm is employed in the remote door openers for cars from makers such as General Motors, Toyota, Volkswagen, Honda, Volvo and Jaguar. (We rang KeeLoq's owner, Microchip Technology, for a complete list of the cars that used KeeLoq, but a spokesman declined to provide such a list, saying only that it "could be" something like the list mentioned above.)
The researchers in Germany used an increasingly popular technique known as a "side channel attack", which involves hackers gleaning information about a system from how much power it uses, or how long it takes to process something.
One popular side channel attack, for instance, is based on the fact that password systems often check passwords one letter at a time, starting at the left letter and working to the right. Thus, a password can be guessed, one letter at a time, from how long it takes the password algorithm to reject a guess. When the rejection suddenly takes a fraction of a second longer, it means the hacker has guessed the left-most unknown letter.
The side channel attack employed by the researchers involved measuring the precise fluctuations in the power used by a KeeLoq-based system as it generated a password (or, in this case, key). Those measurements were then used to reconstruct a master key, which remained the same for all similar KeeLoq devices, the researchers said.
Armed with the master key, the researchers said it was then easy to pwn any car or building that used the same model KeeLoq device, just by intercepting two of the wireless messages between the door opener and the car or building, and running those messages through software on a laptop loaded with the master key.
"The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 metres," the researchers said in a press release they sent after the pwnage.
Complete pwnership of the car or building was even possible, according to the researchers, not only giving control of the keyless entry system to the hacker, but also shutting out the actual owner, whose remote door control would no longer work.
Microchip Technology officials declined to comment on the claimed pwnage. Who can blame them? Being called a pwnee could never be nice, no matter how politely it's pronounced. At best you're a pony.
Pronunciations, comments to firstname.lastname@example.org
Fairfax Business Media
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.