Cryptographers Unlock Code Of 'Thiefproof' Car Key

KingFish

A Johns Hopkins University team plans to announce Saturday that it has cracked the security behind "immobilizer" systems from Texas Instruments. They are used in millions of Fords, Toyotas and Nissans.

Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at Lowe's. Nothing unusual about that, except that the automobile industry has spent millions of dollars to keep him from being able to do it.

Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce Saturday that it has cracked the security behind "immobilizer" systems from Texas Instruments. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in millions of Fords, Toyotas and Nissans.

All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it.

An executive with the Texas Instruments division that makes the systems did not dispute that the Hopkins team had cracked its code, but said there was much more to stealing a car than that. The devices, said the executive, Tony Sabetti, "have been fraud-free and are likely to remain fraud-free."

Source: c|net

pseudonym

Now I'm not one to shoot down an accomplishment...... Oh wait, I am. WHAT THE HELL ARE YOU WASTING YOUR TIME ON THIS FOR!!?!??!?! Hey look everyone, we learned to steal cars!! Everyone look at MEEEEEEEEEEEEEE!!!!

Put your minds to better use morons.

deepsea

Oh, wait, we learned to steal cars if you'll let us hold your key, then stand around while we download the information, crunch it on our laptop and create a chip to trick the security system. Before someone will go to this much trouble, they will use a rollback, pick the car up and drive away with it. 2 minutes and gone, start to finish, if they're slow.

MountainDew

These guys are just showing that spending millions on creating security systems doesn't mean they're secure. Now they'll work harder to keep our stuff secure.

Sputnik

mtdew is right.

They clearly explain how difficult this is for the average car theif (and however easy it would be for me and half a dozen EEs could throw together something to do this). The big thing is that it'd have to be a bunch of engineers working on something like this to actually pull it off: think of MIT carjackers.


It's just a Proof of Concept for TI to munch on and fix (10 bucks says they go with something similar to the public key SSL next time)

deepsea

Two more questions, though. Isn't it rolling code technology? You'd also have to get to the car before it was started again by the owner. Also, how long do the batteries in these keys last? Is there an inductive charging method, or do you throw the key away after it has been drained?

maxanon

One can normally change the battery on a dead key fob but some chips are passive technology that doesn't require power from the key itself. This is a sad thing when schools are getting into the hacker culture, but if its keeps kids in school all the better. Plus, if you break in, aren't you going to trigger the alarm?

Can the school be sued it a lot of cars get stolen this way since they can be seen as aiding criminals? Anyhoo, physical access is the greatest security hole to anything. My adage is that if anyone wants to steal something bad enough they can. All these gizmos are to deter the casual thief.

Camman

All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it.

wow really, is that <b>all</b> you have to do?

And maxanon is right, the amature thief isn't going to go to all that trouble, if you want something bad enough you're gonna find a way to do it, but technology like this will prevent the average bozo who just wants to hotwire a car.