• Aug 29, 2007
We all take for granted that the little plastic key fob in our pockets is a secure way of locking and unlocking our car doors. But a group of researchers say they have devised a way to relatively quickly decipher your car's unique code and totally pwn everything inside it.

The group says most car manufacturers are still using KeeLoq, an encryption technology developed in the 1980s, for their keyless systems. It's pretty good technology, they say, that normally would take 100 computers several decades to break. But by listening in to communication between key fobs and cars, the researchers say they can narrow down the number of code options and, instead of say, 50 years, they're in your car in about 50 minutes.

While they admit it's much easier and quicker to break into a single car with an old-fashioned baseball bat, their new, high-tech method has one merry advantage. They lay out a scenario of a packed holiday-shopping-season parking lot. Parked in the center, a van full of snooping equipment and computers listens to hundreds of keyfobs wirelessly locking car doors. Then, with little more than a few keystrokes and an hour or so later, the crooks sing "Jingle Bells" to the tune of hundreds of car doors opening in harmony.

The group claims its intentions aren't to ruin everybody's Christmas morning, but instead hopes car manufacturers wake up and update their 20-year-old technology. So this holiday season, remember to keep your valuables and packages hidden well, and lock your cars' doors the old-fashioned way.

The research group's short press release is available after the jump.

[Source: MSNBC via Gizmodo]

KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or Jaguar. The cipher is included in the remote control device that opens and locks your car and that activates the anti-theft mechanisms.

Each device has a unique key that takes 18 billion billion values. With 100 computers, it would take several decades to find such a key. Therefore KeeLoq was widely believed to be secure. In our research we have found a method to identify the key in less than a day. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). Once we have found the key, we can deactivate the alarm and drive away with your car.

This research is the joint work between 3 research groups: the computer science department of the Technion, Israel, the research group COSIC of the Katholieke Universiteit Leuven, Belgium, and the math department of the Hebrew University, Israel.



I'm reporting this comment as:

Reported comments and users are reviewed by Autoblog staff 24 hours a day, seven days a week to determine whether they violate Community Guideline. Accounts are penalized for Community Guidelines violations and serious or repeated violations can lead to account termination.


    • 1 Second Ago
  • 36 Comments
      • 7 Years Ago
      I love telling my neighbor (who used to be an editor at Car & Driver in the 70s) that online auto journalism sites do a far better job nowadays than auto magazines, and that they can be professional organizations too, not just some slacker collecting links from his couch.

      I really love it when I tell him all this and then while showing him my favorite site, up comes a news item that uses the word "pwned".
      • 7 Years Ago
      yeah 1992 maxima with manual locks only!
      • 7 Years Ago
      Loose your keys in the parking lot and it will be a while before anyone will find the car it belongs to. Loose the remote in a parking lot and it will be only minutes to locate the car and get in. I'm not certain a fob/remote is all that much more secure.
      • 7 Years Ago
      Is that supposed to be "pawn" instead of "pwn"? Or is that some acronym?

        • 7 Years Ago
        "pwn" is leet speak for "own" you moron.
        • 7 Years Ago
        ...and "Icheb" roughly translates into "I never get laid."
      • 7 Years Ago
      Chris...

      I loved seeing pwn. I thought it was quite fitting given the topic.
      • 7 Years Ago
      Ah high tech - what those researchers had was a wire coathanger connected to the ethernet port on a laptop. HEH

      I'm old enough to remember when GMC, Ford and Chrysler had only ONE KEY for each line of cars. That's right, only one key. Every car buyer thought his car's key was different and never bothered to try it in another model like it. To prove the point, my parents and I went to a movie, parking my Dad's 1937 Chevy on Main Street in our hometown. After the movie we returned to the car to go home. A couple walked up and began chatting with my parents. My dad offered them a ride home. They declined saying they also drove to the movie and we were in their car. Our car was three parking spaces up the street. They, too, had a 1937 Chevy.
      • 7 Years Ago
      Sorry, this is pretty much a non-issue.

      You have to hold down the button on your fob for 50 minutes straight for it to get the info it needs to unlock your car?

      Keys can be copied in 60 seconds. This is still an enormous advance over the level of security we used to have before electronic ignition systems.
      • 7 Years Ago
      Icheb, chill!

      some of you are being awfully rude for no damn reason. All some of these people wanted to know what "pwn" means and as that can seem in your mind "how the hell is that possible" remember not everyone spends over 70% of their day playing games, and this blog isn't Joystiq. Also, I pay games and could pwn you in UT 2004.
      • 7 Years Ago
      U r PWNED! Autoblog!!
      • 7 Years Ago
      Does anyone over 12 user "pwned" any more? That's about as clever as people who still cling to the antiquated M$ when referring to Microsoft. Buried as 'Kick to the Groin'.
      • 7 Years Ago
      Damnit! There goes Christmas!
      • 7 Years Ago
      "I remember the little red bubble by the rear view mirror."

      My BMW has that on the bottom part of the RV mirror. It's known as the "Clown Nose" by most BMW owners.
    • Load More Comments