Slashdot Mirror

← Back to Stories (view on slashdot.org)

Breaking a Car's Cipher

Posted by kdawson on from the soon-all-cryptographers-will-drive-fancy-cars dept.

An anonymous reader alerts us to research out of Belgium and Israel that claims a practical attack on the KeeLoq auto anti-theft cipher. Here are slides from a talk (PDF) at CRYPTO 2007. From the researchers' site: "KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or a Jaguar. The cipher is included in the remote control device that opens and locks your car and that controls the anti-theft mechanisms. The 64-bit key block cipher was widely believed to be secure. In a recent research, a method to identify the key in less than a day was found. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). The attacker than runs the implemented software, finds the secret cryptographic key, and drives away in your car after copying the key." Update: 07/23 15:27 GMT by KD : One of the researchers, Sebastiaan Indesteege, pointed out that the link to the paper was incorrect; their paper has not yet been released to the public. I also managed to mis attribute his nationality. He is Belgian, not Dutch. My apologies.

22 of 253 comments (clear)

  1. Obligatory by Billosaur · · Score: 4, Funny

    KITT: Michael, someone's trying to hack into my operating system! Help me Michael!

    --
    GetOuttaMySpace - The Anti-Social Network
  2. Re:So? by iggymanz · · Score: 4, Funny

    a long time ago I had a girlfriend who liked to put her hand in my pocket and had access to my master key for hours. one day she took something from me using the key, but it wasn't my car

  3. oh brudder by e-scetic · · Score: 2, Funny

    Another reason to carry around an RFID jammer.

    Quick, someone create Faraday pants, or should I line my pockets with tinfoil?

  4. Re:So? by tomstdenis · · Score: 3, Funny

    Step 1. Stop being lazy. Just turn the damn key in the door.

    Step 2. Yeah, if they used 3DES or Blowfish at the time, this wouldn't be an issue.

    Step 3. See Step 1.

    --
    Someday, I'll have a real sig.
  5. The NSA can break into your car in 5 seconds by Anonymous Coward · · Score: 1, Funny

    They use your stolen coins and mints to help supplement their black budget.

    Occasionally, when computer time is not available, they use a brute-force attack with a crowbar.

    1. Re:The NSA can break into your car in 5 seconds by morgan_greywolf · · Score: 2, Funny

      They use your stolen coins and mints to help supplement their black budget. So that's what's been happening to all my spare change. And all this time I thought it was my wife.
      --
      My blog
  6. Re:So? by dkf · · Score: 5, Funny

    That means the person next to you, or a few feet/meters away could be stealing the car keys. So now we need tinfoil pocket protectors as well as tinfoil hats?
    --
    "Little does he know, but there is no 'I' in 'Idiot'!"
  7. All Ur Virtual Dice... by Anonymous Coward · · Score: 1, Funny

    All ur virtual fuzzy dice are belong to me!

  8. Re:So? by Otter · · Score: 5, Funny
    This being Slashdot though, all the cryptography "experts" will tell us how things should have been implemented.

    Sorry, we can only communicate through analogies to either automobiles or door locks. Discussion of actual automotive door locks is therefore impossible, and referring to Belgium as "the Netherlands" will have to be the site's sole contribution.

    --
    What I'm listening to now on Pandora...
  9. Daewoo? more like Daew00t. by that+IT+girl · · Score: 3, Funny

    It may protect your car if you own a Chrysler, Daewoo,...
    That's okay. If you own a Daewoo, you could hand the key to a thief and they still wouldn't steal it. Nothing to see here, move along.
    --
    10 FILL MUG WITH COFFEE
    20 DRINK COFFEE
    30 GOTO 10
  10. Re:Belgium not The Netherlands by Daimanta · · Score: 5, Funny

    This is in Belgium, not Holland.
    It's the Netherlands, not Holland.
    --
    Knowledge is power. Knowledge shared is power lost.
  11. Re:So? by Pojut · · Score: 2, Funny
    I hate to be a bastard, but someone has to say it.

    The information stored on this chip is directly linked to the VIN number of the car
    Vehicle Identification Number Number?
    --
    Living With a Nerd
  12. Re:So? by robbiethefett · · Score: 3, Funny

    I just like the fact that when someone steals my Jag, they don't have to break the window, or even damage the door lock.. All I have to do is wait for Lo Jack to track down my unscathed car and thank the police when they return it. Sweet. Technology really is making life better for everyone.

    --
    "Luke, you've switched off your targeting computer, what's wrong?"
  13. Re:So? by MadMidnightBomber · · Score: 2, Funny

    But Belgium doesn't exist!.

    --
    "It doesn't cost enough, and it makes too much sense."
  14. Re:Belgium not The Netherlands by AVee · · Score: 4, Funny


    It is however an understandable mistake to make, as most Dutch know very well, you can't expect Belgians to figure these things out.


    But than again, it's not like linking to a .be domain is a dead giveaway is it?

  15. Re:So? by Anonymous Coward · · Score: 4, Funny

    You bastard.

  16. Broken Cipher, you say by Hoplite3 · · Score: 2, Funny

    Well, that's very interesting, but I have to go.

    I'm headed to the annual "Vegan food and wifi jamboree" at the co-op where I expect to "win" a new Prius.

      Of course I have to bring my laptop. Don't worry, just because I'm sitting at the table next to you doesn't mean I'm using my machine to crack the crypto on your key while we enjoy our roasted yams. I'm just writing my tract about municipal wifi and organic gardening.

    Oh, yeah? You own a Prius? In red? I always liked red. Man, you have the only red one here...

    --
    Use the Firehose to mod down Second Life stories!
  17. Re:So? by wiredlogic · · Score: 4, Funny

    This being Slashdot though, all the cryptography "experts" will tell us how things should have been implemented.

    A Beowulf cluster of keys (bound by a token ring) would make it difficult to interrogate any specific key.

    --
    I am becoming gerund, destroyer of verbs.
  18. Re:So? by somersault · · Score: 2, Funny

    tbh, I wouldn't mind being trapped by boobies

    --
    which is totally what she said
  19. Re:So? by Phisbut · · Score: 4, Funny

    If a car thief has access to your keys for an hour, aren't you going to lose your car anyway?

    Basically, these electronic-chips-encrypted-stuff-on-the-car-key aren't meant to make it any harder for a car thief to get your car. It's just there to manage to increase the penalty for car theft.

    Car theft isn't that much of a crime nowadays. However, breaking the cipher will net you a DMCA violation and such things will carry the death penalty pretty soon.

    --
    After 3 days without programming, life becomes meaningless
    - The Tao of Programming
  20. Re:So? by somersault · · Score: 2, Funny

    Is that a remotely networked kitten in your pocket, or are you just happy to see me?

    --

    Im in ur pockets, jackin ur keez

    --
    which is totally what she said
  21. Re:So? by jridley · · Score: 2, Funny

    Yup, my brother's truck has no working door locks, and the ignition is an on/off switch and the starter is a pushbutton.
    Nobody'd steal it though. Heck, even I check under/behind the seat before I get in; I'm always worried that some kind or animal will have started living in there and I might get bit.