Breaking a Car's Cipher 253
An anonymous reader alerts us to research out of Belgium and Israel that claims a practical attack on the KeeLoq auto anti-theft cipher. Here are slides from a talk (PDF) at CRYPTO 2007. From the researchers' site: "KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or a Jaguar. The cipher is included in the remote control device that opens and locks your car and that controls the anti-theft mechanisms. The 64-bit key block cipher was widely believed to be secure. In a recent research, a method to identify the key in less than a day was found. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). The attacker than runs the implemented software, finds the secret cryptographic key, and drives away in your car after copying the key." Update: 07/23 15:27 GMT by KD : One of the researchers, Sebastiaan Indesteege, pointed out that the link to the paper was incorrect; their paper has not yet been released to the public. I also managed to mis attribute his nationality. He is Belgian, not Dutch. My apologies.
That's why I have a hidden kill switch. (Score:1, Interesting)
Security through obscurity baby!
Comment removed (Score:2, Interesting)
Summary (Score:3, Interesting)
Break one key device, break them all.
Re:So? CNC... (Score:5, Interesting)
These days, many high-end car keys are CNC cut (my mini's key has huuuuuge tooling marks from a spindle-out-of-square), which will actually cause a bit of trouble. This isn't something you could easily do a putty-transfer on, nor does the group of people who spend a lot of time breaking cyphers typically overlap with the group of people who have and can work with CNC equipment.
In the end, I think flatbedding the car is the way to go. All the big chop shops are doing this now. If you're small-time, carjack. Alternately, get a real job.
Symmetric Key Exchange (Score:4, Interesting)
When someone patents that device, just point to this post as prior art. If it's patent free, anyone can use it, and there's no excuse for not securing cars (and homes, and bikes, and
You're welcome.
Re:So? CNC... (Score:3, Interesting)
Re:So... (Score:5, Interesting)
The mythical Honda override exists: It's a series of presses and pulls of the emergency brake. Each car, it seems, has a unique override code, which correlates to the VIN. [wired.com]
Re:So? (Score:3, Interesting)
http://www.lojack.com/where/lojack-coverage-areas
if it can't get a signal it can't send. since it rides traditional communications services.
http://www.lojack.com/lojack-faqs/index.cfm [lojack.com]
They can remove the transponders rather quickly if they are experienced car thieves.
I had a 2004 Dodge Ram that was stolen for the gear in the bed of the truck since it was a capped truck with a security system it was easier for them to take the whole truck and work on the locks elsewhere. They found the lojack unit and threw it in a dumpster 3 cities over, police found that 3 hours after I reported the truck missing. They found my truck in a Southern State 6 weeks later completely stripped. They even took the Navi dvd's and the sirius radio tuner.
Re:So? (Score:5, Interesting)
Nope..I first found this on my first corvette...a '97 C5. It had a setting through the dash display, where you could set the car to sense when you came near enough with the keys, and it would automatically unlock. You could set it to unlock either both doors, or just drivers side.
I played with it awhile, but, I found that the hook I kept my keys on near the front door...were too close to where the car was parked...and would at times unlock the car in the driveway. I turned it off after that.
Lojack anecdotes (Score:2, Interesting)
Re:Symmetric Key Exchange (Score:3, Interesting)
TPMS Systems (Score:1, Interesting)
Re:So? (Score:3, Interesting)