Car RFID Security System Cracked

jmichaelg writes "The NY Times reports that the security chip in new auto keys has been cracked. A team at Johns Hopkins have found a method to extract the 30 bit crypto key that tells your car that the physical key in the ignition switch is the correct key. Texas Instruments has sold some 150 million security chips that are stored in the car key. The devices are credited with reducing car thefts of some car models by 90%. Stealing a crypto key requires standing next to the victim and broadcasting a series of challenges to the key and capturing the responses. The team claims an iPod-sized device would suffice to steal the crypto key in under a second. They advise wrapping your keys in foil when you're not using them. TI admits the team has cracked their code but denies there's any problem."

And?

[Anonymous Coward]

Thieves go for the easiest target.

Should they hotwire a car they need to steal an RFID code for, or the one (Like mine, sadly) that you just have to hardwire... or jam a screwdriver in the ignition and twist...

30 Bit Key? That's like soooo 1990

[Bonker]

Seriously, who makes any kind of security device with only a 30-bit key any more?

Proof of concept today, Theft tool tomorrow?

[Anonymous Coward]

I understand the White Hat concept, but too many of these "finds" get corrupted by professional criminals and soon are standard equipment for these people.

Do we need to give crooks ideas?

Quite so.

[Saeed al-Sahaf]

No problem? Come again?

Lot's of things are possible. Will any statistically significant number of people try this? And how many will be successful? Not many. It's still safer than a regular key system, people should lose sleep over more realistic problems.

The More Appropriate Question...

[Caeda]

Isn't who the heck uses such a small secutiry key, but who the heck makes one that broadcasts at all? A metal key in a metal ignition has no reason to broadcast its code through the air!

Re:30 Bit Key? That's like soooo 1990

[LnxAddct]

Yea, it doesnt matter if they were cracked or not... Its only 1,073,741,824 possible keys. Sit in a car for an hour or so with a key wired to a pda or computer and you can just try every combo.
Regards,
Steve

Re:Proof of concept today, Theft tool tomorrow?

[Anonymous Coward]

implicit is that is the notion the crooks havent already worked this out. there are large organized car theft rings and they are not stupid.

Re:Proof of concept today, Theft tool tomorrow?

[Mazem]

Poor security schemes deserve to be cracked, and the companies that support them ought to lose business accordingly. I don't support car theft, but the company that produces these chips are the real theives - recieving payment for security that they don't provide.

While in the short term White Hat hacking may be detrimental to security, in the long run it is a driving force behind innovation.

Re:Proof of concept today, Theft tool tomorrow?

[shoolz]

You said "security they don't provide." I have an issue with that. They do provide security... and by reading the article, damned good security. The article reports that thefts of certain vehicles that use this technology have decreased by as much as 90%.

Are you asking for *unbeatable* security? Because as far as I know, there is no such thing unless it uses quantum cryptography.

According to the article, not only does a person need to have specialized equipment, specialized knowledge, but they also need over an hour of computing time, in addition to having to hotwire the car and knowing how to input the code.

"The company that produces these chips are the real thieves" my ass.

Re:Proof of concept today, Theft tool tomorrow?

[shoolz]

Meh? Yes, I'm being practical, and so should you. All security can be defeated. I'm neiter attacking nor defending the 'white hats'.

The original poster heavily intimated that the company should deliver unbeatable security... an idea that is at best naive, and at worst demonstrates complete unfamiliarity with the whole concept of security and encryption.

In some places, this very well might be a problem

[Builder]

In some countries, car theft is not just something that happens occasionally - it's an industry. And as in all industries, there are the rank amatuers and the pro's - For the pro's, this looks like a good option.

Consider South Africa - an entire arms race grew up around car theft. First the thieves just took cars when they were parked, so the insurance companies insisted that everyone have alarms and immobilisers.

The thieves got around those pretty quick - rumour is that a lot of professional's signed up for work at installation centres, learnt their way around them, and went back to work.

Next step was the gearlock - a device that locks the gearstick into a specific gear. IIRC, you couldn't remove the key on the earlier units unless you had the gearlock in, and if your car was stolen, the insurance company insisted on seeing all 3 keys.

Now with cars being so hard to steal, the age of the hi-jack was ushered in. If they can't get your car while it's parked, they'll take it while it's roll rolling.

In response, anti hi-jack systems became the norm. I can't remember how it was activated, but basically the bad guys show up, you let them take the car, they roll 20 metres down the road and the car cuts out and an alarm starts going off.

Around the same time we also go Satellite tracking, although I seem to remember something about it actually using the cellular infrastructure (GSM) not satellite - I may be wrong on this. Initially, the recovery rate on stolen and hi-jacked cars went through the roof. Unfortunately, the bad guys just upped the stakes. Soon we started seeing more kidnappings and murders as part of hi-jacks because if you can't call the stolen car in, they have longer to chop it.

Many vehicles were stolen to order, and not just new cars. Older cars that were common on the road were often targetted, then broken for spares. Cars that you wouldn't normally think twice about were stolen for export to Botswana and Zimbabwe, because the availability of spares for these made them popular vehicles.

Of my close circle of family and friends, we have had at least 10 cars stolen. Of those, not a single one has been recovered, so it's not a huge risk occupation really :)

I'm willing to bet that if this flaw is used anywhere, it will be used in South Africa - it's just one more tool for the biggest growth industry around :)

Haven't we learned anything?

[springbox]

Since when is using a 30 bit encryption key a good idea? Keys like that are something that do not take all too long to break with our fast computers. Why didn't TI use a 128 bit or 256 bit key instead? It's supposed to be protecting a car so I'd expect them to use something pretty strong.

Nevermind the cars

[Presence1]

Nevermind the cars, it is the other applications that are more important. Yes, this crack might actually be used to steal some cars, but I doubt it will become prevalant. As was pointed out in the article and other posters, the physical part of the key provides additional security, and the flatbed tow truck and other techniques are much easer methods to use.

However, it is much more of a problem in other RFID applications, where the RFID chip is the only key, e.g., highway toll tags (Ezpass), credit card replacements (Exxon/Mobil Speedpass). Sure they say they have backup security in place, such as Speedpass' 'only two fill-ups per day'. But this can still allow for a lot of fraud.

Worse yet, as was the case with identity theft, the the first victims will find it VERY HARD to clear their records and accounts; they will be presumed to be lying until it is common knowledge that the RFID is not secure.

Re:The More Appropriate Question...

[Anonymous Coward]

I think you completely missed the parent's point: Why is _anything_ being broadcast at all? If you have metal touching metal, why can't all this challenging and responding go on in a wired fashion (even if it's lame?).

Forgotten Login

Re:Umm..

[Long-EZ]

I was mostly making a guy joke, primarily based on the idea that bigger is better. With handguns, I think it really is a matter of how you use it that's the most important, and not the size.

The 10 mm round has been downloaded a lot lately so it's more like a beefed up .40 S&W, but full power 10 mm loads are available [doubletapammo.com]. A full power 10 mm load has a lot more velocity than a full power .45 ACP, and close to the same mass. The maximum kinetic energy for a .45+P is about 616 ft lbs, with most +P loads in the 500-550 range. For the 10 mm, there is a 767 ft lb round and many in the 750 range. A full power (not +P) 10 mm load is generally in excess of 700 ft lbs. Of course, the +P loads for the .45 should only be used in modern guns that can handle the chamber pressures. Also, my 10 mm can carry 15 rounds in the magazine and one in the chamber. The .45 ACP round is so fat that a true double stack magazine is not possible for most people's hand, so even the higher capacity .45 handguns have fewer rounds per magazine than those chambered for 10 mm.

The .45 ACP is a good round. In fact, I'd call it outstanding considering it was created in 1911. But modern metalurgy and autoloader design have resulted in technologically better high power rounds, although the disciples of Browning will argue that point with religious conviction.
:^)

I've been told that the state police in my state chose the 10 mm because they wanted a round that could reliably shoot through a car door and be effective on the other side. It's probably more likely that the purchasing decision was simply made by a guy. You know... bigger is always better.