Wednesday, May 03, 2006

Crypto and car theft

Ever wonder what kind of handshake is going on between your luxury car and the keyless entry key fob? It seems that this is a solvable problem, although it depends a bit on how much CPU power the fob has.

Gone in 20 minutes

High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key — mechanical or otherwise — to start the engine, so-called ‘keyless’ setups require only the presence of a key fob to start the engine.

The expert gang suspected of stealing two of David Beckham’s BMW X5 SUVs in the last six months did so by using software programs on a laptop to wirelessly break into the car’s computer, open the doors, and start the engine.

“It’s difficult to steal cars with complex security, but not impossible. There are weaknesses in any system,” Tim Hart of the Auto Locksmith Association told the U.K.’s Auto Express magazine. “At key steps the car’s software can halt progress for up to 20 minutes as part of its in-built protection,” said Hart.

Because the decryption process can take a while — up to 20 minutes, according to Hart — the thieves usually wait to find the car in a secluded area where it will be left for a long period. That is believed to be what happened to Mr. Beckham — the crooks followed him to the mall where he was to have lunch, and went to work on his X5 after it was parked.

While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands.

...The Leftlane Perspective: Many modern cars now rely on software entirely for security. Gone are the days where microchips supplemented mechanical locks as an additional security measure. In the case of true ‘keyless’ systems, software is the only thing between a thief and your car. As computers become more powerful, will stealing cars become even easier? Never mind future cars with better security — what about today’s cars a few years down the road? With cars as inexpensive as the Toyota Camry offering entirely keyless systems, these concerns a relevant to all consumers.


STS said...

Time for another start up venture? Put a sort of hybrid "robot genius lojack" in the car so it calls you up if someone is trying out zillions of combinations ;) Wonder what you could sell that for?

steve said...

I think the whole protocol can be made 100% percent secure once the fob can do strong crypto... I'm surprised they are having problems with it now, probably only because the original designers didn't envision the system coming under serious attack.

dave s said...

I grew up in Berkeley, and fondly remember a VW Beetle which was regularly parked by a phone pole, back window broken out, front window rolled down, and a giant, hardened motorcycle chain with a big padlock around the window frame and the phone pole.

Obviously, this works better in a place like Berkely where it doesn't rain much.

Blog Archive