Those digital car keys are pretty cool. Some of them can even start the car while you’re still outside it. But with that kind of high tech, apparently, comes some vulnerability. Some Belgian and Israeli researchers have found a flaw in the security algorithm which is used in keys from Honda, Ford, General Motors, Mercedes Benz and Jaguar. They say that after about an hour of remote access to the key from one car, they were able to crack the code for the key, and on top of that, figure out the key initialization process which is used to program the keys for all of the cars made by that manufacturer. The keys use something called KeeLoq, which is usually considered secure because each key uses a unique value out of several billion. However, some proprietary information about the KeeLoq system leaked onto a Russian website last year (oy, AGAIN with the Russian websites), and that information gave the researchers the start they needed. It took about five days to develop the cracking procedure and a few months to refine it. At this point, the process involves sending thousands of test signals to a key for an hour or so and keeping track of the key’s responses. With that done, a computer can then figure out the first 36 bits of the 64 bit key, which are practically identical for every model a manufacturer makes – and from there, it’s a matter of minutes: set up your notebook next to a parking garage, intercept the code from someone’s key as they lock their car, encode it to a chip, and then use that to unlock the car. The researchers say they’re planning to release the details of their findings publicly, but they won’t do that until they’ve heard from Microchip, which is the company that makes the KeeLoq system. Read more about this at Wired. |
Home
Calendar
Search
Register
Login
Logged
