Slashdot Mirror
Car RFID Security System Cracked
jmichaelg writes "The NY Times reports that the security chip in new auto keys has been cracked. A team at Johns Hopkins have found a method to extract the 30 bit crypto key that tells your car that the physical key in the ignition switch is the correct key. Texas Instruments has sold some 150 million security chips that are stored in the car key. The devices are credited with reducing car thefts of some car models by 90%. Stealing a crypto key requires standing next to the victim and broadcasting a series of challenges to the key and capturing the responses. The team claims an iPod-sized device would suffice to steal the crypto key in under a second. They advise wrapping your keys in foil when you're not using them. TI admits the team has cracked their code but denies there's any problem."
No problem? Come again?
Good thing I always keep my keys wrapped in tinfoil.
The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
Click that link from here: http://news.google.com/news?hl=en&ned=us&q=rfid+cr acked&btnG=Search+News
I have an excuse for the tiny tin foil hat or my car key.
Folks there is nothing to worry about, nothing to see here-OH MY GOD WHERE IS MY CAR?
nice, now I wonder what the team did with the ipod device... I sure hope they're not around my house, near my car which has the encryptic device... oh wait!!! Ahhh! Got 2 go...
Thieves go for the easiest target.
Should they hotwire a car they need to steal an RFID code for, or the one (Like mine, sadly) that you just have to hardwire... or jam a screwdriver in the ignition and twist...
You know the world's coming to an end when a team of security experts from a respected institution advises wrapping your car keys in tinfoil so the Bad Guys can't intercept the secret signal!
That's it. I'm no longer part of Team Sanity.
Seriously, who makes any kind of security device with only a 30-bit key any more?
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Ha, how did that happen?
Avi is a friend of mine, the folks at Johns Hopkins are doing some very impressive work (as you'll recall, he and Adam Stubblefield, his grad student, were the ones who took on Diebold in the electronic voting fiasco). Good for you guys and the whole team there at ISI!
I understand the White Hat concept, but too many of these "finds" get corrupted by professional criminals and soon are standard equipment for these people.
Do we need to give crooks ideas?
Encryption scheme broken... whooda thought it.
But this may be the funniest thing I've ever read on Slashdot:
> They advise wrapping your keys in foil when you're not using them.
Sheesh, evil *and* a jerk. -- Jade
Lot's of things are possible. Will any statistically significant number of people try this? And how many will be successful? Not many. It's still safer than a regular key system, people should lose sleep over more realistic problems.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Isn't who the heck uses such a small secutiry key, but who the heck makes one that broadcasts at all? A metal key in a metal ignition has no reason to broadcast its code through the air!
~~ Please keep your arms, legs, and outright stupidity inside the ride at all times. Thank You ~~
I don't think the "chip in a key" was necessarily intended to foil the professional auto thief, or someone otherwise that determined. Your car can always be flat-bedded away (alarm systems with pitch sensors probably help here). But it'll keep your next door neighbor's kid's punk friends from taking your car for a little adventure, without having to hassle with a Club.
Attention zealots and haters: 00100 00100
You know, I'm starting to wonder if there was something to all those old sci-fi movies and tv shows where the characters were all wearing shiny tinfoil-like clothes. Perhaps in the future we will all be wearing stuff like that to prevent others from wirelessly stealing our keys/wallet/identity, etc.
No worries, I'm sure TI will get together with the GAP and come out with some hip new metal key boxes...
Keyless entry has never been about security, it is just an excuse for people to show off their indicators...
All you'd have to do is put a towing company logo (or something made-up and likely-looking), and who'd say anything?
And take your time getting ready to leave, because the very worst that'll happen is that someone'll come back early and bribe you into leaving.
Carousel is a lie!
Guess we finally found a good use for those magnetic key storage boxes. :)
Best of all, they stick to tinfoil hats... (tinfoil, not aluminum foil so don't even go there)
~~ Please keep your arms, legs, and outright stupidity inside the ride at all times. Thank You ~~
Criminals are dumb. They never would have figured this out on their own. Really. They just want to get into a car and get it to a chop shop before the cops catch them.
By giving this information to the world, these researchers have made the security of the owners of these cars just a little more tenuous.
Thanks a lot, assholes.
Consider these assertions:
1) Cars are large and easy to track.
2) There are smaller, less traceable things to steal.
Because of 1 and 2, anyone who steals cars is stupid.
Stupid people can't figure out how to create this circumvention, so your car is safe.
The only problem with this logic is that smart people are more than willing to sell things to stupid people to help them increase the depth of their stupidity.
Mod me down and I will become more powerful than you can possibly imagine!
Does this mean I might no longer have to pay the dealer $80 each for duplicate Honda Odyssey keys? Because that would be nice.
p
In Korea, long hair is for old people!
Dude, where's my car?
paintball
...more gum! Just remember to save the wrapper for your keys and not the gum when you're done! Who knew chewing gum could actually provide an additional benefit? And best of all...we get to take part in the routine ritual of chewing gum and enjoying it!
See, I knew RFID was a bad idea. These automakers should should have followed Lexus' lead and used something secure like bluetooth instead.
Oh... wait... Nevermind
www.DIYTVAntennas.com
I worked as a locksmith for awhile and getting those keys made is expensive to say the least. Plus you need a transponder machine to encode a key with the correct information. And they don't come cheap. Where I live it's usually over a $100 to get a new transponder key made and some dealerships charge around $60-$70 to make you a new one.
Risk everything, or gain nothing.
This is why the key should have a fingerprint recognition system on it that generates an eliptical encryption key who's pair has to be typed in manually on the door keypad before car-entry can even take place. Once the user is inside the car, you can make the algorithm more complex...
Basically if your car with an immobilizer uses the unit from TI, you car is at risk. It's not clear which type will be affected, but the article says Fords, Toyotas and Nissans use this cheapo 30bit encryption key.
Thank god I paid more to get an Acura, instead.
I'm already wearing a tin-foil hat, and it has a hidden inside pocket. Voila, problem solved!
And cue Thinkgeek slashvertisement in 3...2...1...
Buy Steampunk Clothing Online!
If it's wrapped in tin-foil, how will people cook it in the microwave?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Okay, who had 3 months on the betting pool!
I wonder if a 40 bit key is a power-related problem with the key (IE can't adequately transmit a longer key with the small amount of power available) or just a "40 bits is enough security for anyone" problem or "law enforcement says don't use anything they can't crack" problem...
I already had relationship problems for 10 years.
You've opened it?!
Good luck - you have just been D****Wished!
Tonight at midnight, your true love will realize they love you.
Something good will happen to you at 1:00-4:00pm tommorow, it could be anywhere.
Get ready for the biggest shock of your life.
If you break this chain, you will be cursed with relationship problems for the next 10 years.
On top of still actually needing an imprint of the key to gain entry of the car! So really you'd need to stand next to the person, have them somehow give you the key long enough to make an imprint and then fabricate your own to steal their car.
I don't see the rate of theft for cars going up anytime soon. Instead I think what we'll see is that it will be easier and cheaper for people to get backup copies of their keys made, instead of having to shell out $20 ~ $80 at the dealership for them.
Do you really want all those EM frequencies going through your body? I sure as heck don't! Not enough studies have been done to prove/disprove anything. I guess putting them in tinfoil may have another benefit. I'll see what Wagner says about that.
-Palal
http://www.bismarcktribune.com/articles/2005/01/28 /news/local/nws05.txt
Those of us who ever tried to figure out what a certain poorly-documented register on an ASIC really does, and enjoyed it, please read on:
http://www.rfidanalysis.org/DSTbreak.pdf
Even with a key cloner, you have to be within a few inches of the key.
And they point out that far more cars are stolen with a flatbed truck.
The only risk is when someone has access to both the chip and the key, like a valet parking service.
Fortunately for me, my sig is RFID enable... oh crap.
Ok, so anytime encryption is cracked it lessens security and this is definitely bad publicity for TI. However, this will not have car theives coming out in droves to steal cars that utilize "smart" keys. Here is what's required to defeat these keys:
The theif must know who the owner of the car is.
The theif must get close to the owner to challenge the key and crack its code.
The theif must break into the car, and hotwire the car as he would to steal any other car (he still doesn't have the physical key).
We're talking about car theft here. Stealing cars isn't like the internet where you can "ping" a huge range of potential targets in seconds. Theives will still pass over the smart key cars and move to the ones they can steal without stalking the car's owner. I think TI can safely deny that there's a problem without being compared to Microsoft.
--David
It is well known that the locks that hold doors closed, including both the main door knob as well as deadbolts, are the primary means of securing one's home. However, these only provide the illusion of safety and security.
Various means exist to circumvent these door locks. The easiest of these, trying the windows of a house, is already handled by the addition of locks for the windows, but since most windows are not made of unbreakable glass, these are still at risk. Also, the door itself is a weak point, being made typically of wood, it is easily defeated with a strong kick.
Some people go so far as to leave a spare key near the door in case they forget it or get locked out. This key is a fundamental user error and while it does not make the use of a door theoretically less secure, it does appear as a risk factor in real-life systems.
The upshot of this is that doors do not provide the level of security that they give the illusion of providing. This may lead a user to have the false impression that their house is safe because they have installed 'strong' locks such as deadbolts, etc. This is not safe behavior.
Door locks should not be used for home security. In fact, their use puts the homeowner at risk, due to being lulled into a sense of false security. Though an alternative does not exist, it is not recommended that locks be used to secure your home.
TI isn't saying "not a problem" for marketing purposes...they're saying it because it _isn't_ a problem.
Keys are, and have never been anything but, a deterrent. Embedding challenge/response technology into the key is another deterrent. _ANY_ security you add to an object that, by its nature, is designed to be mobile is nothing more than a deterrent!
There is a reason why safes are usually abnormally heavy and cemented to the floor.
Might as well be a 2 bit, cheap-ass key now.
First, it was suggested that you wrap your newfangled passports in tin foil. Now it's car keys. I guess it's time for Calvin Klein, Gucci, DKNY and other designers to release their line of tin-foil clothing. Or how about clothing with pockets reinforced with tin foil?
/me runs off to patent office.
Wait, that sounds like a profitable idea.
Check top of page 4 of this ad for a product that has been available for years. No reason why this thing couldn't be modified to send a higher-powered signal to read a key that's not inserted into its cradle...say, a key being held by someone you're following who is walking away from their new car toward the mall...
which I guess is cheap for a rfid car key. Its a 2000 honda accord. and now its cracked? son of a b...well at least I still get the insurance discount.
I liked the part where Vin Diesel flipped the hemi at the end.
Man, movies are cool!
the old method requires you stand next to the person with the key and hit them on the head with a shovel.
more effective, but not as 1337.
Where's Robin Hood? We could kinda really use him now.
Security is an illusion. What if you had a stamped key (the old kind) and someone stole that from you. Rather than standing next to you (is this suspicous?), they could just take your key and run off with your car.
Take karate and forgetaboutit.
Tinfoil key rings!!!!!!!!! It'll be even bigger than the hats! Everyone knows people value their car more then their mind!
Come on, this can work...
To fight the war on terror, stop being afraid.
First off, the key doesn't use static from the ignition. Read about this baby that swallowed a key to have that bit set straight.
Secondly, responding to the parent of this post's parent, a neighbor of mine who owned an Integra Type R (that, it just so happens, was exactly like mine) had his car stolen in under two minutes while mall security guards watched. The monkeys smashed the window, opened up the passenger floorboard, snipped the immobilizer lead, shoved a screwdriver into the ignition, and drove off.
The very next morning his car was found, minus its motor and expensive bits, rolled over, several times, into a lake. That he didn't have insurance at the time doesn't make the implementation details of immobilizers more or less important. Improperly implemented, these chips are about as potent as Master locks on chicken-wire fences.
I think if someone is close enough to me to do such a wireless exchange, they might as well just pick my pocket and take the keys. :P Saves them the cost of the sniffer doohickey, plus you get the physical key along with the electronic one.
-Major Kusanagi, Section 9
You mean to tell me any EE undergrad can now break half of my Saturn with pda and antenna? Dang, I better check if my car insurance cover that...
Unless I'm mistaken, car keys that use RFID are two form authentication. So what if they have the "code" for your key. Unless they also happen to have a key that's also the right shape, it's not going to do them any good.
Does this also mean that the remote control door locks can be cracked as well? I wonder if this uses the same chip and system. It would be funny to drive through a parking lot while transmitting the "panic alarm" codes. That would make quite a racket!
From the NYT article:
"The "immobilizer" technology used in the keys has been an enormous success. Texas Instruments alone has its chips in an estimated 150 million keys. Replacing the key on newer cars can cost hundreds of dollars, but the technology is credited with greatly reducing auto theft."
I think this is more of a scam to sell expensive keys than anything. I'll take my five dollar key and my chances.
Anyone remember carjacking?
e hicles/
A bar that I frequent got robbed a few weeks ago, just before closing time on a slow night.
The thieves moved very quickly and the till was light, so they robbed the customers. Since there were only a few folks in the bar at the time, taking keys and wallets was pretty easy.
"Only an asshole gets killed over a car, kid,"
- Harry Dean Stanton, Repo Man
Ironically, 3 out of the top 5 cars in this study have RFID keys...
http://money.cnn.com/2004/10/19/pf/autos/stolen_v
Yeah - it sucks that you thought RFID might protect your car... Better to just insure it, park in well-lit spots, and give up your shit when someone puts a gun in your face.
First, the thief needs to get close enough to you in order to pick up the transmission. I don't know about anyone else, but I try to make it a point that people I don't know are kept a little more than arm's length. (With the exception of a nice gal D-cup and up without implants.)
p x and insert the plate number. (I hope I'm wrong about this.)
Next, the thief has to know EXACTLY which car you drive. Aside from going through the trouble of making the fake key with chip, they would look quit stupid (and suspicious) going to a parking lot and doing the trial-and-error method.
Third, they would have to know where & when you leave your car parked so as they can have the time to make the attempt to steal it without your notice.
Kind of alot of trouble to go through for the average car. Personally, I wouldn't worry too much about it unless you drive an expensive sports car. Plus nowadays people put in stero systems worth more than their car.. so the thieves (looking for the quick kill) would rather take the stereo.
However, I did hear of thieves managing to get keys through some dealerships by providing false proof of ownership. I believe all they would need is the VIN number. And in California, all they would need to get the VIN is go here http://www.smogcheck.ca.gov/vehtests/pubtstqry.as
!@#$% whole-grain cereal. When I want fiber, I eat some wicker furniture. - G. Carlin
Hmm, I wonder why it was cracked?
They can already crack much larger keys so you expect them to find a 30 Bit Key quick simple.
Yeah I know that it could have a much better alogrithm (sp? sue me I'm tired) than some other keys (WEP anyone) and you need to send the right challenges and the right type of sequence to make a passive transmitter talk to you.
Plus with all the money I save by not having to make payments or anything, I can get some cool stuff for my computer and all that. Thank you for all your work in making cars easier to steal. You've made my decision in slacking off seem more and more like the right choice.
My parent's new Prius has absolutly no ignition at all just a "Smart Key" that automatically opens the car when it gets with in a set distace. And once inside they key remotely enables a button that you push to start the car. I don't know if it's the same chip but if you could get that code remotely it would make it very easy to steal a 2005 prius. I mean walk up, open the car, sit and bush a button.
who really cares. I'd say that 99.99999% of all cars stolen are some kids who want a joy ride. These people wont bother buying a security device to steel a car and the other really small proportion wouldnt generally bother copying the code but would just steal the keys as well.
Mercedes key systems have been comprimised by German students as a rite of passage in many areas.
2 6873618276861283768126348?" /. through this guys wifi connection"
The TI just actually had a code instead of a straight forward signal transmission.
One time passwords should really be used on key codes. so even if the first time you capture it, the second time you will not.
Here is a patented HIGHLY COMPLEX example:
Key: "Hey kids, what time is it"
Car: "Who are you calling kids? punk, it is 3:12 on Grunesday at Octovemberial"
Key: "Groovy, erm, I bet I can tell you the number you are thinking, is it... 7348952983759872398572936871263162761287641892681
Car: "Wow, hey we do this every morning, can we just get rid of the all this redundant banter? I am trying to read
Key: "ZOMG!! Has tod_miller posted anything insightful recently?"
Car: "Who?"
the algorithm is:
XORbits.doItNowBiatch(whatEverDateTheCarSaid, "DEADBEEF");
Of course, deadbeef would need to be secure, and without actually physically stealing the key (which negates security) you will never know... and it can be different for all keys.
You would need to knwo the time format (and salt), and then capture hundreds of times to try and break the code. and even then you would suck.
Depending on the resolution chosen to for the time (nanosecond?) you would have to capture the original banter, then reproduce it within the same timeframe (sothe date stays the same)
Of course, things could leak out etc...
tada.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
This is good news for car owners. If cracking the RFID were impossible, the only reasonable method of theft would be carjacking, which can be hazardous for the victim.
Same reason that PINs are better than fingerprints for ATMs.
You have to realise that AES 256 takes some rather beefy hardware to implement. Even 3DES is non-trivial. Now it's all no big deal when you talk PCs, they've got power to spare. However when you are talking embedded apps, it's different. In this case you are talking a VERY tiny chip that obviously must have very low power requirements. This places realistic limits on what it can do.
Also, when you get down to it, it's probably good enough. We aren't talking military secrets here, we are talking a car. The point isn't to make it unbreakable, because that's worthless, it's just ot make it harder to steal the car. You can't make a secure car. No matter what you do, someone can find a way to override it and steal your car. What this does is add a layer of security that makes it much harder for normal thieves.
Physical security isn't like virtual security. We get so used to haveing essenitally perfect (until someone finds a hole) virtual security, some expect the same thing in the real world. No, actually basically all real security has known flaws when it's setup. However the difficulty in bypassing the security is considered to be higher than the reqard in doing so, if the security is good.
Like for example I ahve a Medeco lock, and we use the same kind all over campus. Medeco locks aren't like normal locks, they have a biaxial pin system that makes them a real bitch to pick. Also means normal key copiers can't handle their keys. On top of that, Medeco patents and dilligently controls key distribution. You can't, in theory, go and get a copy of a Medeco key made without being the authorized owner of the lock.
Well it's easy to find a way around that. Ignoring other ways in my house, one could simply bribe/corerce my roomate out of a key. While you couldn't easily copy it, the key itself would still be perfectly usable for getting in.
Why then, would I pay a premium price for this lock, if I know it's not perfect? Because it's better than most. It does mean that my roomates can't copy the key and hand it out to girlfirends or the like, and it'll take a lot more physical abuse than a normal lock. It isn't perfect, but it's better.
That's what you have to deal with in the world of physical security. You just try to design a system that it good enough to thwart whoever might want to circumvent it, make it not wroht their while. I mean realise that even if this had an uncrackable code on the keys, you can wire around it, given time and skill. The engine is still just started by a simple electrical connection. It's not easy to access what you need to make it happen, but it's easier than you might think.
Basically, I'd rather have a weak crypto key that's feasable to make than nothing at all. Most people aren't going to pay for an expensive seperate crypto unit that is physically fairly large, which is what you'd need to do strong crypto at this point. So put weak crypto in the key, which is still better than most cars (a screwdriver is about all one needs to override the key on my car) and it helps.
Don't be a pussy. If you're an engineer and you have it all figured out so it works and your manager tries to muck with the details; tell them to fuck off.
That's likely what happend here. The engineers knew the details and to use peer reviewed methods then the wanker came in and said "we can save a nickle per unit if you do it in 30 bits" and some pussy caved and said "ok" and the engineers had to deal.
Think 200 years from now. Are historians going to laugh at you for capitulating towards hobbled tech or are they going to sing your praises for being part of a great thing?
Shit rolls downhill. If you cave to save your job the people who coerced you won't lose theirs. They'll blame you and you'll still lose your job. So it's better to do things right and be able to use that in some machiavelian machinations towards the end than be fired with some embarassing tech you'll have to answer for in your interviews.
The engineers who worked on this are pussies for not standing up for themselves. If you don't, nobody else will.
The key is just a physical switch when all is said and done. A very large screwdriver with vice grips on it twisted hard enough will shear the lock mechanism. The automaker is counting on the RFID chip validation to stop this kind of attack. But now someone can clone the RFID chip and off goes the car.
Comment removed based on user account deletion
"Strictly speaking", a spokesmen announced earlier, "the problem only exists for those people who have their car stolen against their wishes".
Even the most secure cars can be stolen, like this car owned by the head of Mercedes
HIV Crosses Species Barrier... into Muppets
So I put the foil on my keys, is that it?
I have to agree with the manufacturer.. this probably isn't a problem. Car theft isn't a matter of following a particular human around until you can steal their car. Car theft is a matter of finding a car of the right type (read: maximum cost-to-stealable ratio) wherever you happen to be looking for cars, and then stealing it. Car thieves pride themselves on working very quickly, and they have to. Waiting for someone to leave their car, then getting close to them (which provides an opportunity to be spotted, and identified on a police report, and maybe you have mugshots on file...) takes much longer and is more dangerous.
All of which is beside the main protection the security code gives: it makes the car a little bit harder to steal than the car next to it. Under those conditions, it's always the next car that will get stolen. Why would a thief do 10 units of work to steal a car when they can get away with doing 9, by stealing a car that doesn't have this system?
When they all have this system, we'll have to re-evaluate that, of course.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
With great power comes great electricity bills.
What does Ipods have to do with this? Oh yes, this is Slashdot, of course...
In some countries, car theft is not just something that happens occasionally - it's an industry. And as in all industries, there are the rank amatuers and the pro's - For the pro's, this looks like a good option.
:)
:)
Consider South Africa - an entire arms race grew up around car theft. First the thieves just took cars when they were parked, so the insurance companies insisted that everyone have alarms and immobilisers.
The thieves got around those pretty quick - rumour is that a lot of professional's signed up for work at installation centres, learnt their way around them, and went back to work.
Next step was the gearlock - a device that locks the gearstick into a specific gear. IIRC, you couldn't remove the key on the earlier units unless you had the gearlock in, and if your car was stolen, the insurance company insisted on seeing all 3 keys.
Now with cars being so hard to steal, the age of the hi-jack was ushered in. If they can't get your car while it's parked, they'll take it while it's roll rolling.
In response, anti hi-jack systems became the norm. I can't remember how it was activated, but basically the bad guys show up, you let them take the car, they roll 20 metres down the road and the car cuts out and an alarm starts going off.
Around the same time we also go Satellite tracking, although I seem to remember something about it actually using the cellular infrastructure (GSM) not satellite - I may be wrong on this. Initially, the recovery rate on stolen and hi-jacked cars went through the roof. Unfortunately, the bad guys just upped the stakes. Soon we started seeing more kidnappings and murders as part of hi-jacks because if you can't call the stolen car in, they have longer to chop it.
Many vehicles were stolen to order, and not just new cars. Older cars that were common on the road were often targetted, then broken for spares. Cars that you wouldn't normally think twice about were stolen for export to Botswana and Zimbabwe, because the availability of spares for these made them popular vehicles.
Of my close circle of family and friends, we have had at least 10 cars stolen. Of those, not a single one has been recovered, so it's not a huge risk occupation really
I'm willing to bet that if this flaw is used anywhere, it will be used in South Africa - it's just one more tool for the biggest growth industry around
Remember: Changing the keys means also changing the locks: both the physical lock and the electronic code.
Irene KHAAAAAAN!
Of course, these moderators run a high risk of being metamoderated negatively.
Coming soon to a Pocket PC near you!
On the plus side, TI can file John Doe lawsuits against the thieves (for DMCA violations, of course) if your car is stolen.
The electronic keys from Mercedes are a good example of this done right. The key has an IR transceiver at it's head that exchanges one time codes with the car when the driver begins turning it. The received code is saved for next time and can't be intercepted without getting physically between the head of the key and the transceiver inside the lock. Even then, an intercepted code would have to be used before the victim returned to his car. Who is going to do a complicated install of capture equipment into a fortified lock at location A and then follow the victim to location B to steal the car? It's just far too conspicuous.
Mercedes overhauled security, rather than tacking on a secure by being obscure layer to the existing crackable standard - TI Immobilizer systems don't require advanced physical access, just proximity to the key at least an hour before the moment of a heist. Even worse, once the key is cracked it won't change either, so criminals can wait to strike and further avoid notice. Just wait till a tiny RFID scanner and a usable cracking program show up in the black market. A laid off engineer has too much potential to make dough with the ideas that have been released. The program could even do distributed processing on a broadcast LAN or via P2P.
Now someone is probably going to point out that they'll be laughing when the fancy Mercedes key runs out of batteries and leaves its owner stranded, but this isn't the case. The key can receive power from the car despite not having any visible metal contacts - likely because there is a coil embedded in the plastic key that will get power inductively when the key is inserted - without any wires. It's news on slashdot, but it's been shipping since 1997, and much longer before that for other applications.
As if that weren't it, the key doubles as an RF remote for locking/unlocking doors, popping the trunk, and a panic function. But wait there's more - the IR transciever portion of the key, when aimed at the driver door can open, close, or place anywhere in between all the side windows and sunroof at once. Great for getting into the car on a hot day or sealing up all the windows as you leave. Impressive what they they've put usably into a key, albeit oversized.
Finally, despite using a radically different model, Mercedes cleverly applied the familiar form and usage pattern of the existing standard to bridge it with the new one - a nice touch for user comfort without any compromise to security. Well engineered indeed.
and additional concern about US Govt efforts
regarding the use of RFID tags in official
documents, like passports.
Want to bet that the same/similar RFID chips
are being used on new passports, with similar
vulnerabilities?
http://www.rfidjournal.com/article/articleview/130 4/1/1/
SealBeater
-- Its survival of the fittest...and we got the fucking guns!!!
Since when is using a 30 bit encryption key a good idea? Keys like that are something that do not take all too long to break with our fast computers. Why didn't TI use a 128 bit or 256 bit key instead? It's supposed to be protecting a car so I'd expect them to use something pretty strong.
Where's my car?
This sucks, my car has one of those chips....
I am the unwilling control for my Origin.
Cool, can I get my B.S.-Grand Theft there?
Nevermind the cars, it is the other applications that are more important. Yes, this crack might actually be used to steal some cars, but I doubt it will become prevalant. As was pointed out in the article and other posters, the physical part of the key provides additional security, and the flatbed tow truck and other techniques are much easer methods to use.
However, it is much more of a problem in other RFID applications, where the RFID chip is the only key, e.g., highway toll tags (Ezpass), credit card replacements (Exxon/Mobil Speedpass). Sure they say they have backup security in place, such as Speedpass' 'only two fill-ups per day'. But this can still allow for a lot of fraud.
Worse yet, as was the case with identity theft, the the first victims will find it VERY HARD to clear their records and accounts; they will be presumed to be lying until it is common knowledge that the RFID is not secure.
..the same researchers found that wrapping your head in aluminum foil can prevent hackers with PalmPilots from stealing your brainwaves...the study also quotes a Sony representative as stating that "as long as Sony's proprietary BrainWave Encryption System is not tampered with, the chances of brainwave theft is negligible."
Since the TI key SW is secret, their overworked engineers have to cryptanalyze it themselves. Instead of the global community of specialists. Rather than beta test the crypto in open source, keeping just the secret unique numbers secret, they kept it proprietary. Now the cat's out of the bag, and millios of cars are at risk. When will insurance companies start pressuring manufacturers to open their source to the only process demonstrated to certify security, exhaustive peer review, with appropriate rates? Because when the tech hits the street, the peer review finally swings into action, though it's too late to revise before damage.
--
make install -not war
Dude! Where is my car?
Did anyone catch the part in the article where they successfully cracked a Mobil SpeedPass gas thingy?
"To validate our attack, we extracted the key from our own SpeedPass token and simulated it in our independent programmable RF device. We purchased gasoline successfully at an ExxonMobil station multiple times in the course of a single day using this digital simulator"
If this technology makes its way to the consumer credit card industry at large--to the point where my MC/Visa issuer tries to offer me one of these--I'll be sure to promptly decline.
If you're close enough to somebody to sniff their RFID car keys, you're close enough use coercive methods to take their keys away.
RFID is not going to be a deterrent to professionals: It will only delay them a few months while somebody figures out how to defeat the technology. This is not going to be a deterrent to amateurs: They will continue to threaten owners and take their keys away. How do you think the whole "carjacking" phenomenon came into existence? Because unattended cars were getting too hard to steal.
This is not my sandwich.
I've implemented the 128-bit AES algorithm in a PIC16F873. Here's the Microchip page with the app note and source code. The app note has performance metrics - 5273 cycles to encrypt; 6413 to decrypt (section 6, page 14.) My implementation, written from scratch, has comparable performance.
Since the PIC is a single-cycle execution unit, clocks correlate directly to real-time once you spec the operating frequency. At 40kHz clock (=10kHz instruction execution frequency) it'll take 527mS to encrypt one 128-bit block of data. Similarly, a 400kHz clock results in a 52.7mS block excrypt time. A maximum of 41-bytes of RAM are required for either encode/decode operations.
The claim that AES requires substantial hardware is bogus. AES is designed to be byte-processing friendly. It's much nicer than dealing with the bit-oriented DES and 3DES standards, especially in an 8-bit microcontroller environment.
I want AES encryption protecting my car...
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Ha ... I read the story and immediately did a search for "foil".
The higher the technology, the sharper that two-edged sword.
ergo, when you push your key into the ignition, it will push back the sheathe.
Loading...
1) Only allow querying at intervals (say 1 second). This makes scanning prohibative.
2) Use (any) kind of challenge/response scheme. Car issues a random 30-bit number, key hashes this with an internal secret and replies, car validates. Syncronizing the 32-bit secret with a new key could be dead simple... something as dumb as maybe dip switches in the glove compartment.
I don't know... I'm not an embedded systems engineer but this is really simple stuff.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Sometimes it seems as though simply exterminating the AC's would solve everything.
30 bits? That's all they rely on to secure a vehicle? I don't have to go into it for the geeks here but that's a woefully small number of combinations. When even 128 bit encryption used with WEP can be broken what the hell was TI thinking?
As it is, I bet the auto company is grinding its teeth and swearing, "Curse you, Johns Hopkinses! We'd sue you if you weren't Johns Hopkinses. Nasty, little Johns Hopkinses!"
-FL
1. "...by testing all 1,099,511,627,776 possible encryption keys..."
;)
2. "...The greatest distance that his company's engineers have managed in the laboratory is 12 inches, and then only with large antennas that require a power source."
Some guy walks up next to you and follows you around for about 1/2 an hour with a load of strong electrical equipment. If you could employ such a team you would have no need to steal a car
This article is a sham. Brute force can never be considered "cracking." Its cracked when you don't need to try all possible combinations to get the desired result.
Who said anything about the race of the professional car thieves ? If you scratch beneath the surface you'll find more than just a few of the syndicates are white owned and controlled.
So what does the lesson become then? That the Brits should have won the boer war and kept those uppity farmers in their place? Yeah - that sounds reasonable. It's not like a British subject was recently convicted in South Africa for participating in the planning of a coup. Oh, wait it is.
Maybe then the moral should be that you can't blame entire demographics for _anything_ and that you actually need to look at individuals.
But that would be like, work man!
Sheesh!
It's not car theft. It's car infringement. What? He didn't leave you a copy? Well, I guess it is theft after all.
I work in the smart card industry. You can buy smart card chips that do 3DES and 2048 bit RSA for less than a dollar. You can buy a complete contactless card (what idiots here would call RFID) that has a Java operating system, does 3DES in less that 70 milliseconds and does RSA with on card key generation for about $6, and considerably less than that in volume. These chips have specialized hardware to speed and secure the crypto operations, but any 8 bit processor with some storage can do 3DES in a reasonable amount of time.
As for AES, it was designed to be able to be run on smart cards and there are implementations of it.
In short, strong crypto on a keychain is feasible. I have half a dozen keyfobs on my desk right now that do it. The reason for the 30 bit key probably has more to do with export regulations involving the US and Japan than any technological problem.
Lasers Controlled Games!
One of the authors in this study(http://www.cs.jhu.edu/~astubble/) gives a lower bound of 24(!) for the number of times his projects have been mentioned on Slashdot.
please change me. - sig
> Brute force can never be considered "cracking."
Maybe not by your elitist definition. Tell me what you think when someone drives your car away because they brute-forced the encryption key.
(And you don't usually need to try EVERY key. You just need to try every key up to the one that works. On average, breaking a 2n-bit key takes 2^n trials.)
My other car is first.
Don't have to. Even though my little car gets me to work and back each day, no one could get very far with it. Even mechanics sent from the dealer would immediately call for a tow truck. It starts and runs, if you can figure out how that is accomplished, but when you try and drive it off, that is when the fun (or lack of it) begins. BTW, it's 30 years old, and leaks when it rains, too.
Number two for all time typoes in general
use since first observed 12 years ago.
Nobody looses a card game. They DO however
tend to loosen their belts a few times before they
but a new one.
But how is the conversion ratio to vw bugs?
All you need is a Vagcom cable and software and you can reprogram the immobilzer to accept whatever spare key you want. Also with 2000 vws, all you do is break the tumbler in the lock and turn it to the right and all the windows roll down. This applies to Late model Audi's as well.
http://shit.slashdot.org/article.pl?sid=05/01/29/0 233218
Sera
Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
No one said the key was being transmitted. They said the key was a transmitter. Parent is an idiot and answered the wrong question, and answered it incorrectly to boot.
...South Africa sounds like a really nice place to visit.
I've shot 9mm from a Cz 75, .380 wadcutters from an S&W semi-auto, .22 LR, .22 short (Olympic Rapid Fire), .45 from an M1911, and have handled some long arms. Back when I was in the military, we had FN C1s and we've moved to C7s and C8s since.
.300 WinMag from a very long range...)
.45 was the most accurate and controllable. It may not have such a high muzzle velocity or downrange KE, but I've seen the holes it punched through books we were using as targets (and low-grade steel plate). The hollowpoints especially carved huge wound channels through the books. It isn't ballistic jelly, but it convinced me that if I hit a target anywhere useful, they'd have a huge hole.
.45 had a smoother break to it when the trigger pulled and I shot better with it than with the 9mm, which I found jumpy.
.45), until I realized the hassle I was going to get here trying to get one - the barrel length restrictions here also preclude a lot of choices.
.45 ACP (M1911, robust!) and make sure I *practice* with it and that's probably more dangerous than I really require. If I can't get the job done with 5, I'm in dire straights and better be able to combat load quick.
.12 gauge (The Mossie is a lovely gun)(though up here most Shotguns are pinned at 3 rounds) or a katana are just about the best choice. For a lot of close in work, if you don't have proper weapon-retention training, your pistol is fairly dangeorus to you. That's another reason to like a gun that has an additional thumb safety. Not everyone knows about that, even if you lose the gun from your control.
.40 is fairly common in police work up here, as is 10mm. I have friends in the OPP and the RCMP. I think the OPP is using a Sig Sauer. I can't recall for certain, but I think last I looked the RCMP guys I knew were using an S&W. The qualification course for the RCMP for the revolver to semi-auto was a pretty serious one, I thought. Not just 'check in the old gun, check out the new one'.
:)
I find handguns are okay for the portability issue, but if I was ever in a gunfight, I want a 7.62x51 or a modern 5.56. (Or ideally, a
Of the ones I have fired, I find the
And up here, all mags are limited to 5 rounds. So the ability of a new autoloader to hold 15 is irrelevant. Since I can only get 5 in, I want the biggest 5 I can comfortably and accurately shoot. I find many of the higher vee rounds just too hard to control. The
I wanted to buy the Glock 30 or 31 (the
And since I can see them outlawing handguns here completely one day soon, I don't see the point of commiting big $$ to a modern wonderpistol. I'll buy a cheap old
Besides, if I was worried about home invasion, with the constricted spaces in my house, I don't doubt that a pump
I think
Anyway, as I say, if I have to hunt long pig, gimme a C7
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
If it was a 30-bit key, breaking it in software would be trivial - you wouldn't need FPGAs, just a lookup table.
Xenu loves you!
What no one seems to have mentioned is that there would be a person invading my personal space and having a nice chat with my key ring. Since my key ring normally lives either in my hand, coat pocket, or purse, you'd definitely be "in my space", in which case I'd notice you, and move away. If you move to follow me, you're going to make me really uncomfortable and if you do it a couple of times, you're going to get either asked WFT or maced.
This is more difficult than than you think to do this, which is why TI isn't particulary worried about it.
2 cents,
Queen B
HDGary secures my bank