Message posted by The Doctor (Member since 10/20/2022) on February 10, 2023 at 7:49:55 PST:
It sounds like the sensor telemetry aren't using authenticated encryption. They aren't using techniques to authenticate the other end of the encryption and aren't changing the cryptographic keys, so once enough data has been captured and analyzed to suss out the shared key (there's some nuance here - either they're figuring out the entire key, or enough bits that they can brute-force the rest in the field) they can set up a session and inject whatever they want. Which also means that they seem to do most of the processing offline. Calculate enough of the key that they can brute-force the rest. Decrypt what they can to expose plaintext and analyze the protocol to figure out as much of the format as they can. Use that to stage a known-plaintext attack and break the rest (if it's not already) and reverse engineer the rest of the protocol (framing, endianness, data format). With all of that data they can develop software that lets them send whatever data they want to the target. Which also implies that the other side isn't using authenticated encryption. And that they don't change their session keys often, if at all. Which is downright weird, because that's been a solved problem since the late 1980's at the very least.
In Reply to: Re: Tic Tac / David Fravor posted by ACuriousMind on February 09, 2023 at 17:02:44 PST:
Replies: