Slashdot Log In
Breaking a Car's Cipher
Posted by
kdawson
on Thu Aug 23, 2007 09:12 AM
from the soon-all-cryptographers-will-drive-fancy-cars dept.
from the soon-all-cryptographers-will-drive-fancy-cars dept.
An anonymous reader alerts us to research out of Belgium and Israel that claims a practical attack on the KeeLoq auto anti-theft cipher. Here are slides from a talk (PDF) at CRYPTO 2007. From the researchers' site: "KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or a Jaguar. The cipher is included in the remote control device that opens and locks your car and that controls the anti-theft mechanisms. The 64-bit key block cipher was widely believed to be secure. In a recent research, a method to identify the key in less than a day was found. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). The attacker than runs the implemented software, finds the secret cryptographic key, and drives away in your car after copying the key." Update: 07/23 15:27 GMT by KD : One of the researchers, Sebastiaan Indesteege, pointed out that the link to the paper was incorrect; their paper has not yet been released to the public. I also managed to mis attribute his nationality. He is Belgian, not Dutch. My apologies.
Related Stories
Submission: How To Steal Cars - Breaking a Car's Cipher by Anonymous Coward
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Wrong paper (Score:3, Informative)
So? (Score:4, Insightful)
Re: (Score:2)
Re:So? (Score:4, Funny)
Step 2. Yeah, if they used 3DES or Blowfish at the time, this wouldn't be an issue.
Step 3. See Step 1.
Parent
Re: (Score:3, Informative)
If you are buying a fancy car to show off your wealth or whatever, when perfectly good alternatives exist, you deserve to be robbed.
If you can't afford to have your expensive car stolen, then can you really afford that expensive car?"
Not everyone buys an expensive car to show off....many people just like perf
Re: (Score:3, Insightful)
And another reason your argument is stupid: Just because I have money to buy nice things, dosen't mean I should have them stolen. Nor should I expect it.
You own a house. Lots of people don't own a house. You should be robbed/broken into just because you have a house?
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Nobody'd steal it though. Heck, even I check under/behind the seat before I get in; I'm always worried that some kind or animal will have started living in there and I might get bit.
Re: (Score:3, Interesting)
Re:So? (Score:5, Funny)
Sorry, we can only communicate through analogies to either automobiles or door locks. Discussion of actual automotive door locks is therefore impossible, and referring to Belgium as "the Netherlands" will have to be the site's sole contribution.
Parent
Re: (Score:3, Funny)
Re:So? (Score:5, Funny)
A Beowulf cluster of keys (bound by a token ring) would make it difficult to interrogate any specific key.
Parent
Re: (Score:2, Insightful)
Re:So? (Score:5, Interesting)
Nope..I first found this on my first corvette...a '97 C5. It had a setting through the dash display, where you could set the car to sense when you came near enough with the keys, and it would automatically unlock. You could set it to unlock either both doors, or just drivers side.
I played with it awhile, but, I found that the hook I kept my keys on near the front door...were too close to where the car was parked...and would at times unlock the car in the driveway. I turned it off after that.
Parent
Re:So? (Score:5, Funny)
Parent
Re: (Score:3, Insightful)
Re:So? (Score:5, Funny)
Parent
Re: (Score:3, Informative)
Re:So? (Score:4, Funny)
Parent
Re:So? (Score:4, Informative)
Yep. Passive RFID chips require so little energy that the reader can power them with the current the antenna produces when hit by the EM waves from the reader. Usually this means that you have to hold the chip (card, key, etc) very close to the reciever (against it, the key in the lock, etc).
However, that proximity is only necessary if you use the standard reader. There's nothing stopping someone from getting a standard reader and jacking up the power enough to activate and read the chips from a much greater distance.
Unless you get a tin-foil wallet. And tin-foil pockets. Etc.
Parent
Re: (Score:3, Funny)
--
Im in ur pockets, jackin ur keez
Re:So? CNC... (Score:5, Interesting)
These days, many high-end car keys are CNC cut (my mini's key has huuuuuge tooling marks from a spindle-out-of-square), which will actually cause a bit of trouble. This isn't something you could easily do a putty-transfer on, nor does the group of people who spend a lot of time breaking cyphers typically overlap with the group of people who have and can work with CNC equipment.
In the end, I think flatbedding the car is the way to go. All the big chop shops are doing this now. If you're small-time, carjack. Alternately, get a real job.
Parent
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
Lock picking is NOT that complicated. Basically, just apply a rotation to the cylinder, while pushing each pin up until you find the one that binds. (Locks are not perfect, one pin will usually bind before the others.) Push that pin up until the shearline is at the right point, and the cylinder will rotate slightly, keeping that pin in place. Repeat to find the next pin that binds.
Now, there are some types of locks that make it harder to do this. (Through various means I won't
Re:So? (Score:5, Funny)
Basically, these electronic-chips-encrypted-stuff-on-the-car-key aren't meant to make it any harder for a car thief to get your car. It's just there to manage to increase the penalty for car theft.
Car theft isn't that much of a crime nowadays. However, breaking the cipher will net you a DMCA violation and such things will carry the death penalty pretty soon.
Parent
Re: (Score:3, Funny)
Re: (Score:3, Interesting)
http://www.lojack.com/where/lojack-coverage-areas. cfm [lojack.com]
if it can't get a signal it can't send. since it rides traditional communications services.
http://www.lojack.com/lojack-faqs/index.cfm [lojack.com]
They can remove the transponders rather quickly if they are experienced car thieves.
I had a 2004 Dodge Ram that was stolen for the gear in the bed of the truck since it was a capped truck with a security system it was easier for them to take the whole tru
Obligatory (Score:5, Funny)
KITT: Michael, someone's trying to hack into my operating system! Help me Michael!
they Still can't simply drive away with your car (Score:2)
Re:they Still can't simply drive away with your ca (Score:2, Interesting)
Not really (Score:5, Insightful)
I just purchased a new car that doesn't have a mechanical ignition system. There's an place to attach the key (doesn't have metal teeth or anything), and a big "Start/Stop" button. The steering wheel lock is also electronic, and is controlled by the electronic signal from the key. I have no idea if my car uses KeyLoq--- I sure hope not.
Mechanical locks are on their way out, largely because they're ineffective against even moderately sophisticated criminals. That's the whole reason Immobilizer systems were rolled out in the first place. This attack effectively stips the immobilizer out of the car and rolls the security back to pre-Immobilizer levels. You only need to look at theft rates among models with and without immobilizers to see what impact that has.
Finally, for those who say that 1-hr access to the key is unreasonable: remember that the attack here is _key copying_, not theft. The immobilizer systems are designed to prevent copying, so that your valet or repair person can't make a copy of your key and steal it later. This attack takes a lot longer than other attacks which are out there (example [wikipedia.org]), but it's still not out of the question.
The basic lesson of all these attacks is that manufacturers need to use strong cryptography rather than custom, homebrewed ciphers. Hopefully with fabrication prices dropping, this will be the last generation of truly ridiculous authentication systems.
Parent
Re:Old reliability data (Score:5, Informative)
That has turned out to be FUD now that they are getting lots of miles now. The battery pack is easier to change than a typical transmission and now costs less. In addition it has been proven more reliable. (Google search Prius Battery Failures). The little 12 volt battery is a much higher failure rate item needing a 3-5 year replacement cycle just like their conventional counterparts.
In the trade of of mechanical parts for electronic, most mechanical high failure items on the Prius has been eliminated.
Here is a short list..
No belts, not even for a water pump or AC.
No Hydraulics hoses or lines except the brakes.
No leaky AC rubber hoses or shaft seals.
No clutches, pressure plates, bands, or hydraulics of any kind in the transmission
Here is how the improvements work.
The AC is a sealed electric unit like a home refrigerator. The compressor is body mounted eliminating Leaky shaft seals, belts, clutch, and hoses.
The transmission has 7 moving parts. None of them is any kind of friction, shift, or hydraulic part. It's built like and as reliable as a differential. The battery pack is composed of 7.2 volt modules. A module failure does not equal a battery pack replacement.
The Power steering is a linear electric motor for assist. This eliminates the power steering pump, hoses, and power steering fluid issues.
The power brakes use a compressor so it is a trade off for the vacuum module for a compressor.
The cooling system is powered by electric pumps. It traded belt driven problems for electric pump problems. I haven't seen reliability reports on these pumps yet which is a good thing.
Even the starter moter with it's brushes, solonoid bendix gear and other failure items has been eliminated. The brushless AC Motor/Generator set in the transmission starts the engine.
I studied all these issues before I bought a Prius. TCO is an important number to me.
For me personally, Here are some of my stats.
I have 120,000 on my Prius. At 20,000 and 80,000 miles I changed tires (the originals don't wear well). At 70,000 miles I had to change the 12 volt battery in late 2005 so it lasted almost 4 years.
At the last tire change, I had the brakes checked. I have 80% remaining. Other than give it gas and regular oil changes, it has required zero repairs except a rock chip in the windshield.
Most other cars I drove with over 100,000 miles were getting into needing starters, alternators, brakes, belts, power steering, Air Conditioner, and transmission service.
Parent
Re: (Score:3, Informative)
Then i do the absolute minimal servicing on it, and insure it third party only (the minimum legal level of insurance) and drive it around until it either stops working, or becomes unroadworthy... Then it gets scrapped.
Ofcourse, i am also a member of a breakdown organization!
A side effect of driving a junk car, is that noone will want to steal it. One of the cars i had didn't even lock, and ye
Re:they Still can't simply drive away with your ca (Score:2)
oh brudder (Score:2, Funny)
Another reason to carry around an RFID jammer.
Quick, someone create Faraday pants, or should I line my pockets with tinfoil?
So... (Score:2)
Hotwire it.
How easy is that? I think they'd just carjack someone before going through the trouble.
Re:So... (Score:5, Interesting)
The mythical Honda override exists: It's a series of presses and pulls of the emergency brake. Each car, it seems, has a unique override code, which correlates to the VIN. [wired.com]
Parent
learn to read, you insensitive clod (Score:5, Informative)
In other news: The Canadian president George W. Bush invaded Iran because of the 9/11 attack on the World Trade Center of Chicago.
Re: (Score:2)
In other news: The Canadian president George W. Bush invaded Iran because of the 9/11 attack on the World Trade Center of Chicago.
Why did you post anonymously? This is a variation on a classic Slashdot +5 funny!
I'm American; There is no way I'd mod this down.
YMMV though, I've seen some weird mod's over the years. Like the American political system, I think there are problems with the Slashdot mod system, but it's better than anything else I've seen. And I really believe that the only way to fix it is to get people to understand that the reason for modding at all is to establish how interesting, relevant, or readable a comment is, ra
Summary (Score:3, Interesting)
Break one key device, break them all.
Daewoo? more like Daew00t. (Score:3, Funny)
That's okay. If you own a Daewoo, you could hand the key to a thief and they still wouldn't steal it. Nothing to see here, move along.
Symmetric Key Exchange (Score:4, Interesting)
When someone patents that device, just point to this post as prior art. If it's patent free, anyone can use it, and there's no excuse for not securing cars (and homes, and bikes, and
You're welcome.
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Broken Cipher, you say (Score:3, Funny)
I'm headed to the annual "Vegan food and wifi jamboree" at the co-op where I expect to "win" a new Prius.
Of course I have to bring my laptop. Don't worry, just because I'm sitting at the table next to you doesn't mean I'm using my machine to crack the crypto on your key while we enjoy our roasted yams. I'm just writing my tract about municipal wifi and organic gardening.
Oh, yeah? You own a Prius? In red? I always liked red. Man, you have the only red one here...
It's not that hard... (Score:3, Insightful)
If the manufacturers ACTUALLY gave a crap about security they could easily enough make the system secure. Instead they're more interested in patentable special sauce and NIH.
The thing is, cryptography is at the same time very easy or very hard. It's very easy to utilize one of several freely available strong systems in order to be secure. It's very easy to invent a system from scratch that YOU don't know how to crack. It's very hard to invent your own system that nobody else will know how to crack. It's very easy to introduce a serious flaw when re-implementing someone elses crypto. If you haven't devoted your professional career to cryptography, the best bet is to utilize someone elses.
For example, Blowfish is completely free of encumberance and has several fully public domain implementations available in C. RSA is (now) equally free. It is well understood, has years of successful use behind it and years of analysis demonstrating that it would cost WAY more to crack the key than any car is worth (not to mention that it would take longer than the typical lifetime of a car). There are plenty of years old CPUs out there that have more than enough "oomph" to handle RSA and are well suited to embedded use. They might cost a dollar more, but this sort of system is not used in "bargain basement" cars.
They spend the extra cash on fine leather seats and steering wheel covers but use Yugo quality locks to protect it?
Re: (Score:2)
Re:Belgium not The Netherlands (Score:5, Funny)
It's the Netherlands, not Holland.
Parent
Re:Belgium not The Netherlands (Score:5, Funny)
It is however an understandable mistake to make, as most Dutch know very well, you can't expect Belgians to figure these things out.
But than again, it's not like linking to a
Parent
Re: (Score:2, Insightful)