Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Car RFID Security System Cracked 383

jmichaelg writes "The NY Times reports that the security chip in new auto keys has been cracked. A team at Johns Hopkins have found a method to extract the 30 bit crypto key that tells your car that the physical key in the ignition switch is the correct key. Texas Instruments has sold some 150 million security chips that are stored in the car key. The devices are credited with reducing car thefts of some car models by 90%. Stealing a crypto key requires standing next to the victim and broadcasting a series of challenges to the key and capturing the responses. The team claims an iPod-sized device would suffice to steal the crypto key in under a second. They advise wrapping your keys in foil when you're not using them. TI admits the team has cracked their code but denies there's any problem."
This discussion has been archived. No new comments can be posted.

Car RFID Security System Cracked

Comments Filter:
  • Umm.. (Score:2, Funny)

    by QangMartoq ( 614688 )
    "TI admits the team has cracked their code but denies there's any problem"

    No problem? Come again?

    • Re:Umm.. (Score:3, Funny)

      Well, theres not much of one, I mean they still need to burn it to a chip or somehow get that same signal over the wire, plus they also need to have the key to start it. I mean, modern cars arn't exactly easy to hotwire(not saying a pro can't do it fast). Basically this stuff means that the hightech thieves have a possible tool, but hitech thieves account for very little actual theft. Most autotheft is more of the smash and go, or the steal the keys and run.
    • Quite so. (Score:5, Insightful)

      by Saeed al-Sahaf ( 665390 ) on Saturday January 29, 2005 @02:10AM (#11511780) Homepage
      No problem? Come again?

      Lot's of things are possible. Will any statistically significant number of people try this? And how many will be successful? Not many. It's still safer than a regular key system, people should lose sleep over more realistic problems.

      • The problem with this is that it allows a criminal to remotely "view" your key and cut an exact copy so to speak without physical contact. Walk through a crowded resteraunt, then pick a nice car outside and go for a drive. Of course a criminal would never do something illegal like.. er.. wait. Maybe they would. Guess what, the cars with this system are also the cars that tend to cost a bit more and are more desirable for theft (especially when you look at parting up a Mercedes or BMW).
      • Will any statistically significant number of people try this?

        Let's see. How much does a car go for on the black market? How long does it take to crack a key? Okay, now let's see what salary we can get from that. And while TI denies the problem, we'll stay in business. And the cars won't go whining that they're being stolen. Naively, this seems to be a nice opportunity for a career change for plenty of folks.
      • Re:Quite so. (Score:3, Interesting)

        by Lumpy ( 12016 )
        Um bullshit.

        it is NOT safer than a regular key system.

        also it is designed to make HUGE profits for the car dealers.

        my "sensa-key" costs $68.95 to have a copy made, and the dealer tries to extort another $50.00 to program it to the car for spending 36 seconds in the drivers seat.

        For anyone that is curious....

        put in 1st key yyou already had, shut door, turn ignition on for 12 seconds, turn it off, insert second key you already had, turn ignition on for 12 seconds, turn ignition off, insert new key, turn
    • Re:Umm.. (Score:4, Funny)

      by Wesley Felter ( 138342 ) <> on Saturday January 29, 2005 @02:11AM (#11511785) Homepage
      There's no problem because TI engineers can steal whatever cars they want...
    • There isnt a problem,

      The system can be hacked in theory, however it simply isnt pratical for the theif to go through the trouble. They can always throw a brick in your window. So what do you mean, come again?
    • Mercedes key systems have been comprimised by German students as a rite of passage in many areas.

      The TI just actually had a code instead of a straight forward signal transmission.

      One time passwords should really be used on key codes. so even if the first time you capture it, the second time you will not.

      Here is a patented HIGHLY COMPLEX example:

      Key: "Hey kids, what time is it"
      Car: "Who are you calling kids? punk, it is 3:12 on Grunesday at Octovemberial"
      Key: "Groovy, erm, I bet I can tell you the number
  • I knew it! (Score:5, Funny)

    by Sensible Clod ( 771142 ) < minus distro> on Saturday January 29, 2005 @02:03AM (#11511752) Homepage
    Good thing I always keep my keys wrapped in tinfoil.
    • by Black Parrot ( 19622 ) on Saturday January 29, 2005 @02:12AM (#11511790)

      > Good thing I always keep my keys wrapped in tinfoil.

      I just carry mine under my hat.

  • Easy Access (Score:2, Informative)

    by Anonymous Coward
  • I have an excuse for the tiny tin foil hat or my car key.
  • by JVert ( 578547 ) <{corganbilly} {at} {}> on Saturday January 29, 2005 @02:04AM (#11511757) Journal
    Folks there is nothing to worry about, nothing to see here-OH MY GOD WHERE IS MY CAR?
  • And? (Score:2, Insightful)

    by Anonymous Coward
    Thieves go for the easiest target.

    Should they hotwire a car they need to steal an RFID code for, or the one (Like mine, sadly) that you just have to hardwire... or jam a screwdriver in the ignition and twist...
  • You know the world's coming to an end when a team of security experts from a respected institution advises wrapping your car keys in tinfoil so the Bad Guys can't intercept the secret signal!
  • by Bonker ( 243350 ) on Saturday January 29, 2005 @02:05AM (#11511762)
    Seriously, who makes any kind of security device with only a 30-bit key any more?

    • Someone made 150 million of them!
    • Yea, it doesnt matter if they were cracked or not... Its only 1,073,741,824 possible keys. Sit in a car for an hour or so with a key wired to a pda or computer and you can just try every combo.
      • by Anonymous Coward
        I cant speak for other car manufacturers but I can for chrysler. Thier systems are speced to take up to 3 seconds after ignition on to validate the key. This is an anti scan feature designed into the receiver. The key is only vaidated once per cycle (actualy you can get it to revalidate but you have to send the module a specific message over the vehicle bus, but it still takes three seconds)


        1073741824 combinations
        *3 seconds /60 sec/min /60 sec/hr /24 hr/day /365 day/yr

        gives us 102 years to scan all
    • They probably gave in to pressure from the NSA, which didn't want the encryption to be too hard to break. Those NSA folks like to joyride.:)

    • by Sycraft-fu ( 314770 ) on Saturday January 29, 2005 @04:38AM (#11512248)
      You have to realise that AES 256 takes some rather beefy hardware to implement. Even 3DES is non-trivial. Now it's all no big deal when you talk PCs, they've got power to spare. However when you are talking embedded apps, it's different. In this case you are talking a VERY tiny chip that obviously must have very low power requirements. This places realistic limits on what it can do.

      Also, when you get down to it, it's probably good enough. We aren't talking military secrets here, we are talking a car. The point isn't to make it unbreakable, because that's worthless, it's just ot make it harder to steal the car. You can't make a secure car. No matter what you do, someone can find a way to override it and steal your car. What this does is add a layer of security that makes it much harder for normal thieves.

      Physical security isn't like virtual security. We get so used to haveing essenitally perfect (until someone finds a hole) virtual security, some expect the same thing in the real world. No, actually basically all real security has known flaws when it's setup. However the difficulty in bypassing the security is considered to be higher than the reqard in doing so, if the security is good.

      Like for example I ahve a Medeco lock, and we use the same kind all over campus. Medeco locks aren't like normal locks, they have a biaxial pin system that makes them a real bitch to pick. Also means normal key copiers can't handle their keys. On top of that, Medeco patents and dilligently controls key distribution. You can't, in theory, go and get a copy of a Medeco key made without being the authorized owner of the lock.

      Well it's easy to find a way around that. Ignoring other ways in my house, one could simply bribe/corerce my roomate out of a key. While you couldn't easily copy it, the key itself would still be perfectly usable for getting in.

      Why then, would I pay a premium price for this lock, if I know it's not perfect? Because it's better than most. It does mean that my roomates can't copy the key and hand it out to girlfirends or the like, and it'll take a lot more physical abuse than a normal lock. It isn't perfect, but it's better.

      That's what you have to deal with in the world of physical security. You just try to design a system that it good enough to thwart whoever might want to circumvent it, make it not wroht their while. I mean realise that even if this had an uncrackable code on the keys, you can wire around it, given time and skill. The engine is still just started by a simple electrical connection. It's not easy to access what you need to make it happen, but it's easier than you might think.

      Basically, I'd rather have a weak crypto key that's feasable to make than nothing at all. Most people aren't going to pay for an expensive seperate crypto unit that is physically fairly large, which is what you'd need to do strong crypto at this point. So put weak crypto in the key, which is still better than most cars (a screwdriver is about all one needs to override the key on my car) and it helps.
      • AES-128 in a PIC (Score:3, Informative)

        by Migraineman ( 632203 )
        I've implemented the 128-bit AES algorithm in a PIC16F873. Here's the Microchip page with the app note and source code. [] The app note has performance metrics - 5273 cycles to encrypt; 6413 to decrypt (section 6, page 14.) My implementation, written from scratch, has comparable performance.

        Since the PIC is a single-cycle execution unit, clocks correlate directly to real-time once you spec the operating frequency. At 40kHz clock (=10kHz instruction execution frequency) it'll take 527mS to encrypt one 12
      • To put it bluntly, you don't know what you are talking about.

        I work in the smart card industry. You can buy smart card chips that do 3DES and 2048 bit RSA for less than a dollar. You can buy a complete contactless card (what idiots here would call RFID) that has a Java operating system, does 3DES in less that 70 milliseconds and does RSA with on card key generation for about $6, and considerably less than that in volume. These chips have specialized hardware to speed and secure the crypto operations, b

  • Encryption scheme broken... whooda thought it.

    But this may be the funniest thing I've ever read on Slashdot:

    > They advise wrapping your keys in foil when you're not using them.

  • by Caeda ( 669118 ) on Saturday January 29, 2005 @02:10AM (#11511781)
    Isn't who the heck uses such a small secutiry key, but who the heck makes one that broadcasts at all? A metal key in a metal ignition has no reason to broadcast its code through the air!
    • Didn't some cars have a plain keyless switch on the dash you can use with the actual key still in your pocket? I think this might be the reason for the RF.
    • by jmichaelg ( 148257 ) on Saturday January 29, 2005 @10:14AM (#11513006) Journal
      The key isn't being broadcast. Here's what happens:

      The chip is an rfid device which means when it gets close to the reader, the reader sees it. The reader encrypts a string of bits using a crypto key shared by the reader and car key and then broadcasts the encrypted bits. The car key sees the broadcast and decrypts the bits using the same crypto key. It then does something to the bits, i.e, add 5, divide by 8, whatever and then recrypts the result. The encrypted result is broadcast back to the reader which sees the encrypted result. It decrypts the result, and compares it against its version of the result. If they match, then the car starts.

      At no time does the key get broadcast. The attacker just pretends to be the reader and sends several encrypted strings and looks at the results coming back and acts on that information. The attack succeeds because the attacker has access to huge processing power whereas the car key is relying on the power it can suck out of the rfid antenna. The disparity in available power drives what's feasible for the key to do in a short amount of time. If the key were substantially longer, the car key would take considerably longer to decrypt and encrypt which means you'd put your key in the ignition and nothing would happen while the car key was thinking. Not something most folks would tolerate. The attacker on the other hand, can take the encrypted bits coming out of the car key, and given enough samples, can just brute force the crypto key.

      I'll bet the next level of security will entail the car supplying the car key with enough power so the embedded chip can crank a bigger crypto key.

    • by Transcendent ( 204992 ) on Saturday January 29, 2005 @10:54AM (#11513233)
      Yes it does, unless you somehow create dual contacts to the key within the ignition (you can't just have a floating communications signal... you need a reference voltage), which will have HUGE reliability problems. Recalls galore with that one.

      In all seriousness, there are many, many ways to get around PATS (Passive Anti Theft System)...the RIFD technology they're talking about. Probably one of the most common "professional" ways of stealing the car is just carrying around an extra PCM (Powertrain Control Module) which doesn't rely on a signal from a PATS module to start the car... just disconnect the old module and connect it to the new one, and away you go.

      Think that doesn't work? Well the Europeans think so. They have installed an extra casing around the PCM to deterr just this kind of theft. People don't realise that they've already found ways around all the security measures they have with cars... it's just that joe crack head can't steal your car, but the guys who make a real living off this will.
  • Tinfoil hats (Score:3, Informative)

    by Anonymous Coward on Saturday January 29, 2005 @02:11AM (#11511786)
    You know, I'm starting to wonder if there was something to all those old sci-fi movies and tv shows where the characters were all wearing shiny tinfoil-like clothes. Perhaps in the future we will all be wearing stuff like that to prevent others from wirelessly stealing our keys/wallet/identity, etc.
    • Dude, in the future They will be manufacturing the tin foil, and let me tell you, it will not have the same beam-reflecting qualities that current tin-foil does. It'll be shiny Saran Wrap, which we all know is utterly useless when it comes to Their various beams (mind, credit card, etc.) That's why I'm stockpiling *real* tin-foil now, to give to my grandkids.
      • >That's why I'm stockpiling *real* tin-foil now, >to give to my grandkids

        I hate to break your heart, but they haven't made 'real' TinFoil for almost 30 years. What you're using is aluminum foil.

  • Interesting point (Score:5, Informative)

    by Saint Aardvark ( 159009 ) * on Saturday January 29, 2005 @02:13AM (#11511797) Homepage Journal
    Dan Bedore, a spokesman for Ford, said the company had confidence in the technology. "No security device is foolproof," he said, but "it's a very, very effective deterrent" to drive-away theft. "Flatbed trucks are a bigger threat," he said, "and a lot lower tech."

    All you'd have to do is put a towing company logo (or something made-up and likely-looking), and who'd say anything?

    And take your time getting ready to leave, because the very worst that'll happen is that someone'll come back early and bribe you into leaving.

  • Consider these assertions:
    1) Cars are large and easy to track.
    2) There are smaller, less traceable things to steal.
    Because of 1 and 2, anyone who steals cars is stupid.
    Stupid people can't figure out how to create this circumvention, so your car is safe.

    The only problem with this logic is that smart people are more than willing to sell things to stupid people to help them increase the depth of their stupidity.
    • Your engine, transmission, water pump, brake calipers, body panels... your car is worth a ton when it's in pieces. Good luck hunting them all down.
    • by Anonymous Coward
      You've never parked a $30,000 car in or around NY City, have you? Every day, dozens of cars are stolen, and either chopped or loaded onto some form of transport and shipped somewhere else. I know people that have had it happen, and one person, it's happened twice. The police can't catch them, or don't care. If you have a car that is "wanted", then it's gone. And it doesn't have to be expensive, or new. Mitsubishi mid-range SUV, several years old was one, and a Sebring convertible, 1 year old was the o
    • Consider these assertions:

      1) Cars are valuable
      2) Cars are mostly homogenous

      The reason cars are stolen is that they're not unique. They are probably one of the more valuable non-unique things that can be stolen easily.
  • Hmmm... (Score:4, Funny)

    by the pickle ( 261584 ) on Saturday January 29, 2005 @02:18AM (#11511812) Homepage
    Does this mean I might no longer have to pay the dealer $80 each for duplicate Honda Odyssey keys? Because that would be nice.

  • Well.... (Score:3, Informative)

    by Culexus ( 686962 ) on Saturday January 29, 2005 @02:23AM (#11511827)
    I worked as a locksmith for awhile and getting those keys made is expensive to say the least. Plus you need a transponder machine to encode a key with the correct information. And they don't come cheap. Where I live it's usually over a $100 to get a new transponder key made and some dealerships charge around $60-$70 to make you a new one.
    • Interesting...

      The drive away protection system used by BMW was one of the earliest examples of these systems and it remains relatively unchanged. The system is part of the Digital Motor Electronics (DME) box that controlls engine function (made first by Bosch and now the BMW boxes are built by Siemmens). Every car is assigned 10 keys, three of those keys being issued with the new vehicle (two main keys and a "Valet" key).

      Should an owner request/need a new key, the local dealership needs to send the car's
    • Re:Well.... (Score:5, Interesting)

      by Technician ( 215283 ) on Saturday January 29, 2005 @04:05AM (#11512152)
      Where I live it's usually over a $100 to get a new transponder key made and some dealerships charge around $60-$70 to make you a new one.

      If you don't loose your keys, you can save a bunch of money. Blanks are easy to find on the Internet. I have a Prius. Blanks were about $20 each. This is much cheaper than what the dealer wanted. On the Prius, the key isn't really programed. It's simply seral numbered. The car is then programmed to accept a particular key. You can do this yourself if you have the master keys. Almost any key shop will cut your supplied blank for very little. My spare keys cost me a buck each to have cut. Finding a blank key that you can custom program to an existing accepted serial number for my car would take some expensive hardware. Copying the serial number of the key into a new chip is only half the difficulty. Getting the alarm shut off so you can enter the car undetected to hack the physical ignition cylinder is the next challange.

      All but the most high tech thief would find it difficult to sniff the key, copy it to a writable blank, and then using the blank to take the car. As a defense, I can always add a bunch of extra transponder keys that have been lost to my keyring. Reading a bunch of wrong codes could make it more difficult. Anytime when I now trade in a car, I'm keeping the spare keys just to keep them on my keyring to confuse sniffers.
  • by ari_j ( 90255 ) on Saturday January 29, 2005 @02:28AM (#11511845)
    I'm already wearing a tin-foil hat, and it has a hidden inside pocket. Voila, problem solved!
  • "The team claims an iPod-sized device would suffice to steal the crypto key in under a second."

    And cue Thinkgeek slashvertisement in 3...2...1...

  • If it's wrapped in tin-foil, how will people cook it in the microwave?
  • Okay, who had 3 months on the betting pool!

    I wonder if a 40 bit key is a power-related problem with the key (IE can't adequately transmit a longer key with the small amount of power available) or just a "40 bits is enough security for anyone" problem or "law enforcement says don't use anything they can't crack" problem...
  • For real geeks (Score:2, Informative)

    by dmitriy ( 40004 )
    Those of us who ever tried to figure out what a certain poorly-documented register on an ASIC really does, and enjoyed it, please read on: []
  • by dhj ( 110274 ) *
    Ok, so anytime encryption is cracked it lessens security and this is definitely bad publicity for TI. However, this will not have car theives coming out in droves to steal cars that utilize "smart" keys. Here is what's required to defeat these keys:

    The theif must know who the owner of the car is.

    The theif must get close to the owner to challenge the key and crack its code.

    The theif must break into the car, and hotwire the car as he would to steal any other car (he still doesn't have the physical key).
    • 1. Stand outside a hip nightclub
      2. See who valets their Mercedes
      3. Stand next to them in line and crack the key code.
      4. Hotwire said Mercedes.
      5. Profit!

      Theives will steal whatever is in demand. And not ALL of them are low tech idiots.

      How about a modification on the scenario in Gone in 60 Seconds. There, they had to get a new set of keys from Stuttgart. Now...someone on the inside can decrypt keys on the fly, right in the dealership. Sell the codes to whomever.

  • hey cool (Score:4, Funny)

    by cruel_elevator ( 533309 ) on Saturday January 29, 2005 @02:56AM (#11511942)
    First, it was suggested that you wrap your newfangled passports in tin foil. Now it's car keys. I guess it's time for Calvin Klein, Gucci, DKNY and other designers to release their line of tin-foil clothing. Or how about clothing with pockets reinforced with tin foil?

    Wait, that sounds like a profitable idea. /me runs off to patent office.
  • by snot whistle ( 585599 ) on Saturday January 29, 2005 @03:13AM (#11511985)
    the old method requires you stand next to the person with the key and hit them on the head with a shovel.

    more effective, but not as 1337.
  • Security is an illusion. What if you had a stamped key (the old kind) and someone stole that from you. Rather than standing next to you (is this suspicous?), they could just take your key and run off with your car.

    Take karate and forgetaboutit.
  • Tinfoil key rings!!!!!!!!! It'll be even bigger than the hats! Everyone knows people value their car more then their mind!

    Come on, this can work...

  • Unless I'm mistaken, car keys that use RFID are two form authentication. So what if they have the "code" for your key. Unless they also happen to have a key that's also the right shape, it's not going to do them any good.
  • by tinrobot ( 314936 ) on Saturday January 29, 2005 @03:48AM (#11512096)
    From the NYT article:

    "The "immobilizer" technology used in the keys has been an enormous success. Texas Instruments alone has its chips in an estimated 150 million keys. Replacing the key on newer cars can cost hundreds of dollars, but the technology is credited with greatly reducing auto theft."

    I think this is more of a scam to sell expensive keys than anything. I'll take my five dollar key and my chances.
  • Hmm, I wonder why it was cracked?

    They can already crack much larger keys so you expect them to find a 30 Bit Key quick simple.

    Yeah I know that it could have a much better alogrithm (sp? sue me I'm tired) than some other keys (WEP anyone) and you need to send the right challenges and the right type of sequence to make a passive transmitter talk to you.
  • New Prius (Score:3, Informative)

    by Soljin ( 854395 ) on Saturday January 29, 2005 @04:04AM (#11512149)
    My parent's new Prius has absolutly no ignition at all just a "Smart Key" that automatically opens the car when it gets with in a set distace. And once inside they key remotely enables a button that you push to start the car. I don't know if it's the same chip but if you could get that code remotely it would make it very easy to steal a 2005 prius. I mean walk up, open the car, sit and bush a button.
  • This is good news for car owners. If cracking the RFID were impossible, the only reasonable method of theft would be carjacking, which can be hazardous for the victim.
    Same reason that PINs are better than fingerprints for ATMs.
  • by Builder ( 103701 ) on Saturday January 29, 2005 @06:53AM (#11512490)
    In some countries, car theft is not just something that happens occasionally - it's an industry. And as in all industries, there are the rank amatuers and the pro's - For the pro's, this looks like a good option.

    Consider South Africa - an entire arms race grew up around car theft. First the thieves just took cars when they were parked, so the insurance companies insisted that everyone have alarms and immobilisers.

    The thieves got around those pretty quick - rumour is that a lot of professional's signed up for work at installation centres, learnt their way around them, and went back to work.

    Next step was the gearlock - a device that locks the gearstick into a specific gear. IIRC, you couldn't remove the key on the earlier units unless you had the gearlock in, and if your car was stolen, the insurance company insisted on seeing all 3 keys.

    Now with cars being so hard to steal, the age of the hi-jack was ushered in. If they can't get your car while it's parked, they'll take it while it's roll rolling.

    In response, anti hi-jack systems became the norm. I can't remember how it was activated, but basically the bad guys show up, you let them take the car, they roll 20 metres down the road and the car cuts out and an alarm starts going off.

    Around the same time we also go Satellite tracking, although I seem to remember something about it actually using the cellular infrastructure (GSM) not satellite - I may be wrong on this. Initially, the recovery rate on stolen and hi-jacked cars went through the roof. Unfortunately, the bad guys just upped the stakes. Soon we started seeing more kidnappings and murders as part of hi-jacks because if you can't call the stolen car in, they have longer to chop it.

    Many vehicles were stolen to order, and not just new cars. Older cars that were common on the road were often targetted, then broken for spares. Cars that you wouldn't normally think twice about were stolen for export to Botswana and Zimbabwe, because the availability of spares for these made them popular vehicles.

    Of my close circle of family and friends, we have had at least 10 cars stolen. Of those, not a single one has been recovered, so it's not a huge risk occupation really :)

    I'm willing to bet that if this flaw is used anywhere, it will be used in South Africa - it's just one more tool for the biggest growth industry around :)
  • by Legion303 ( 97901 ) on Saturday January 29, 2005 @07:10AM (#11512519) Homepage
    Coming soon to a Pocket PC near you!

    On the plus side, TI can file John Doe lawsuits against the thieves (for DMCA violations, of course) if your car is stolen.
  • Nevermind the cars (Score:3, Insightful)

    by Presence1 ( 524732 ) on Saturday January 29, 2005 @10:34AM (#11513126) Homepage
    Nevermind the cars, it is the other applications that are more important. Yes, this crack might actually be used to steal some cars, but I doubt it will become prevalant. As was pointed out in the article and other posters, the physical part of the key provides additional security, and the flatbed tow truck and other techniques are much easer methods to use.

    However, it is much more of a problem in other RFID applications, where the RFID chip is the only key, e.g., highway toll tags (Ezpass), credit card replacements (Exxon/Mobil Speedpass). Sure they say they have backup security in place, such as Speedpass' 'only two fill-ups per day'. But this can still allow for a lot of fraud.

    Worse yet, as was the case with identity theft, the the first victims will find it VERY HARD to clear their records and accounts; they will be presumed to be lying until it is common knowledge that the RFID is not secure.

UNIX is many things to many people, but it's never been everything to anybody.