Slashdot Mirror

← Back to Stories (view on slashdot.org)

Car RFID Security System Cracked

Posted by michael on from the nothing-to-worry-about dept.

jmichaelg writes "The NY Times reports that the security chip in new auto keys has been cracked. A team at Johns Hopkins have found a method to extract the 30 bit crypto key that tells your car that the physical key in the ignition switch is the correct key. Texas Instruments has sold some 150 million security chips that are stored in the car key. The devices are credited with reducing car thefts of some car models by 90%. Stealing a crypto key requires standing next to the victim and broadcasting a series of challenges to the key and capturing the responses. The team claims an iPod-sized device would suffice to steal the crypto key in under a second. They advise wrapping your keys in foil when you're not using them. TI admits the team has cracked their code but denies there's any problem."

1 of 383 comments (clear)

  1. Re:The More Appropriate Question... by jmichaelg · · Score: 5, Informative
    The key isn't being broadcast. Here's what happens:

    The chip is an rfid device which means when it gets close to the reader, the reader sees it. The reader encrypts a string of bits using a crypto key shared by the reader and car key and then broadcasts the encrypted bits. The car key sees the broadcast and decrypts the bits using the same crypto key. It then does something to the bits, i.e, add 5, divide by 8, whatever and then recrypts the result. The encrypted result is broadcast back to the reader which sees the encrypted result. It decrypts the result, and compares it against its version of the result. If they match, then the car starts.

    At no time does the key get broadcast. The attacker just pretends to be the reader and sends several encrypted strings and looks at the results coming back and acts on that information. The attack succeeds because the attacker has access to huge processing power whereas the car key is relying on the power it can suck out of the rfid antenna. The disparity in available power drives what's feasible for the key to do in a short amount of time. If the key were substantially longer, the car key would take considerably longer to decrypt and encrypt which means you'd put your key in the ignition and nothing would happen while the car key was thinking. Not something most folks would tolerate. The attacker on the other hand, can take the encrypted bits coming out of the car key, and given enough samples, can just brute force the crypto key.

    I'll bet the next level of security will entail the car supplying the car key with enough power so the embedded chip can crank a bigger crypto key.