- Aug 29, 2007
Keyless entry pwned! Researchers say it takes less than an hour
The group says most car manufacturers are still using KeeLoq, an encryption technology developed in the 1980s, for their keyless systems. It's pretty good technology, they say, that normally would take 100 computers several decades to break. But by listening in to communication between key fobs and cars, the researchers say they can narrow down the number of code options and, instead of say, 50 years, they're in your car in about 50 minutes.
While they admit it's much easier and quicker to break into a single car with an old-fashioned baseball bat, their new, high-tech method has one merry advantage. They lay out a scenario of a packed holiday-shopping-season parking lot. Parked in the center, a van full of snooping equipment and computers listens to hundreds of keyfobs wirelessly locking car doors. Then, with little more than a few keystrokes and an hour or so later, the crooks sing "Jingle Bells" to the tune of hundreds of car doors opening in harmony.
The group claims its intentions aren't to ruin everybody's Christmas morning, but instead hopes car manufacturers wake up and update their 20-year-old technology. So this holiday season, remember to keep your valuables and packages hidden well, and lock your cars' doors the old-fashioned way.
The research group's short press release is available after the jump.
[Source: MSNBC via Gizmodo]
KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or Jaguar. The cipher is included in the remote control device that opens and locks your car and that activates the anti-theft mechanisms.
Each device has a unique key that takes 18 billion billion values. With 100 computers, it would take several decades to find such a key. Therefore KeeLoq was widely believed to be secure. In our research we have found a method to identify the key in less than a day. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). Once we have found the key, we can deactivate the alarm and drive away with your car.
This research is the joint work between 3 research groups: the computer science department of the Technion, Israel, the research group COSIC of the Katholieke Universiteit Leuven, Belgium, and the math department of the Hebrew University, Israel.