Car RFID Security System Cracked 383
jmichaelg writes "The NY Times reports that the security chip in new auto keys has been cracked. A team at Johns Hopkins have found a method to extract the 30 bit crypto key that tells your car that the physical key in the ignition switch is the correct key. Texas Instruments has sold some 150 million security chips that are stored in the car key. The devices are credited with reducing car thefts of some car models by 90%. Stealing a crypto key requires standing next to the victim and broadcasting a series of challenges to the key and capturing the responses. The team claims an iPod-sized device would suffice to steal the crypto key in under a second. They advise wrapping your keys in foil when you're not using them. TI admits the team has cracked their code but denies there's any problem."
Really ISN'T a problem (Score:2, Interesting)
The theif must know who the owner of the car is.
The theif must get close to the owner to challenge the key and crack its code.
The theif must break into the car, and hotwire the car as he would to steal any other car (he still doesn't have the physical key).
We're talking about car theft here. Stealing cars isn't like the internet where you can "ping" a huge range of potential targets in seconds. Theives will still pass over the smart key cars and move to the ones they can steal without stalking the car's owner. I think TI can safely deny that there's a problem without being compared to Microsoft.
--David
Re:The More Appropriate Question... (Score:2, Interesting)
Re:30 Bit Key? That's like soooo 1990 (Score:2, Interesting)
so...
1073741824 combinations
*3 seconds
gives us 102 years to scan all the codes.
meanwhile a flatbed towtruck can lift a mercedes s class in about 5 seconds (repo style that is).
This is why they dont care that it was cracked. The end product manufacturers that use this technology know to implement anti-scan measures and recognize that its only a deterrent, not a bulletproof method of securing a vehicle.
Hundred Dollar Car Keys? (Score:3, Interesting)
"The "immobilizer" technology used in the keys has been an enormous success. Texas Instruments alone has its chips in an estimated 150 million keys. Replacing the key on newer cars can cost hundreds of dollars, but the technology is credited with greatly reducing auto theft."
I think this is more of a scam to sell expensive keys than anything. I'll take my five dollar key and my chances.
Re:Well.... (Score:5, Interesting)
If you don't loose your keys, you can save a bunch of money. Blanks are easy to find on the Internet. I have a Prius. Blanks were about $20 each. This is much cheaper than what the dealer wanted. On the Prius, the key isn't really programed. It's simply seral numbered. The car is then programmed to accept a particular key. You can do this yourself if you have the master keys. Almost any key shop will cut your supplied blank for very little. My spare keys cost me a buck each to have cut. Finding a blank key that you can custom program to an existing accepted serial number for my car would take some expensive hardware. Copying the serial number of the key into a new chip is only half the difficulty. Getting the alarm shut off so you can enter the car undetected to hack the physical ignition cylinder is the next challange.
All but the most high tech thief would find it difficult to sniff the key, copy it to a writable blank, and then using the blank to take the car. As a defense, I can always add a bunch of extra transponder keys that have been lost to my keyring. Reading a bunch of wrong codes could make it more difficult. Anytime when I now trade in a car, I'm keeping the spare keys just to keep them on my keyring to confuse sniffers.
It's limited by the chip (Score:5, Interesting)
Also, when you get down to it, it's probably good enough. We aren't talking military secrets here, we are talking a car. The point isn't to make it unbreakable, because that's worthless, it's just ot make it harder to steal the car. You can't make a secure car. No matter what you do, someone can find a way to override it and steal your car. What this does is add a layer of security that makes it much harder for normal thieves.
Physical security isn't like virtual security. We get so used to haveing essenitally perfect (until someone finds a hole) virtual security, some expect the same thing in the real world. No, actually basically all real security has known flaws when it's setup. However the difficulty in bypassing the security is considered to be higher than the reqard in doing so, if the security is good.
Like for example I ahve a Medeco lock, and we use the same kind all over campus. Medeco locks aren't like normal locks, they have a biaxial pin system that makes them a real bitch to pick. Also means normal key copiers can't handle their keys. On top of that, Medeco patents and dilligently controls key distribution. You can't, in theory, go and get a copy of a Medeco key made without being the authorized owner of the lock.
Well it's easy to find a way around that. Ignoring other ways in my house, one could simply bribe/corerce my roomate out of a key. While you couldn't easily copy it, the key itself would still be perfectly usable for getting in.
Why then, would I pay a premium price for this lock, if I know it's not perfect? Because it's better than most. It does mean that my roomates can't copy the key and hand it out to girlfirends or the like, and it'll take a lot more physical abuse than a normal lock. It isn't perfect, but it's better.
That's what you have to deal with in the world of physical security. You just try to design a system that it good enough to thwart whoever might want to circumvent it, make it not wroht their while. I mean realise that even if this had an uncrackable code on the keys, you can wire around it, given time and skill. The engine is still just started by a simple electrical connection. It's not easy to access what you need to make it happen, but it's easier than you might think.
Basically, I'd rather have a weak crypto key that's feasable to make than nothing at all. Most people aren't going to pay for an expensive seperate crypto unit that is physically fairly large, which is what you'd need to do strong crypto at this point. So put weak crypto in the key, which is still better than most cars (a screwdriver is about all one needs to override the key on my car) and it helps.
Re:It's limited by the chip (Score:2, Interesting)
It's been a while, but here goes: At one point in the movie they park their jeep. As they go inside the building, the driver pops the hood and removes a very small item.
He pulls the rotor out of the distributor. Until he puts it back, no spark can get to the plugs; the jeep won't start.
I did this once with a car I parked for a while. Never worried about it getting driven off. You could do it with any car that still has an acutal distributor, which are few and far between these days (my example was a 1985 Mustang).
The modern equivalent would be pulling an engine or ignition fuse from one of the fuseboxes. There's a fuse box in the passenger compartment, but the can be two more inside the engine compartment. Read your manual!
Re:Quite so. (Score:3, Interesting)
it is NOT safer than a regular key system.
also it is designed to make HUGE profits for the car dealers.
my "sensa-key" costs $68.95 to have a copy made, and the dealer tries to extort another $50.00 to program it to the car for spending 36 seconds in the drivers seat.
For anyone that is curious....
put in 1st key yyou already had, shut door, turn ignition on for 12 seconds, turn it off, insert second key you already had, turn ignition on for 12 seconds, turn ignition off, insert new key, turn ignition on for 12 seconds.
hear that ding? your new key is programmed.
programming a key without the other keys is a bit more complex but is still very doable.
a keyfob maried to the key is more effective. the keyfob gives the car owner more features, door lock+unlock, panic button and they generally do not get pissed when the dealership charges $110.00 for a new keyfob. (I get them for $9.00 on ebay and also have that programming proceedure.)
the key adds nothing to the security of the car, the thief can still easiuly steal the car by towing, then they can easily override the security in their chop shop when they part it out.
Re:The More Appropriate Question... (Score:4, Interesting)
In all seriousness, there are many, many ways to get around PATS (Passive Anti Theft System)...the RIFD technology they're talking about. Probably one of the most common "professional" ways of stealing the car is just carrying around an extra PCM (Powertrain Control Module) which doesn't rely on a signal from a PATS module to start the car... just disconnect the old module and connect it to the new one, and away you go.
Think that doesn't work? Well the Europeans think so. They have installed an extra casing around the PCM to deterr just this kind of theft. People don't realise that they've already found ways around all the security measures they have with cars... it's just that joe crack head can't steal your car, but the guys who make a real living off this will.