Slashdot Mirror
Breaking a Car's Cipher
An anonymous reader alerts us to research out of Belgium and Israel that claims a practical attack on the KeeLoq auto anti-theft cipher. Here are slides from a talk (PDF) at CRYPTO 2007. From the researchers' site: "KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or a Jaguar. The cipher is included in the remote control device that opens and locks your car and that controls the anti-theft mechanisms. The 64-bit key block cipher was widely believed to be secure. In a recent research, a method to identify the key in less than a day was found. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). The attacker than runs the implemented software, finds the secret cryptographic key, and drives away in your car after copying the key." Update: 07/23 15:27 GMT by KD : One of the researchers, Sebastiaan Indesteege, pointed out that the link to the paper was incorrect; their paper has not yet been released to the public. I also managed to mis attribute his nationality. He is Belgian, not Dutch. My apologies.
The linked paper is by Bugadanov (requires the entire code book). The authors of this paper have not published their paper in the wild (yet).
If a car thief has access to your keys for an hour, aren't you going to lose your car anyway?
Rob
KITT: Michael, someone's trying to hack into my operating system! Help me Michael!
GetOuttaMySpace - The Anti-Social Network
There's still a mechanical lock preventing the ignition from being engaged, and they would also have a steering wheel lock to work around. This is effectively bypassing the imobilizer that comes equipt on most modern cars. If someone wants your car bad enough now-a-days, they just take your keys from you.
For Christ's sake, get your geography right! the KU Leuven is one of the oldest universities in the world and quite well known around that same world. (For instance, it is the university where the Rijndael algorithmused in AES was developed.) Leuven is in Belgium. Belgium, like in 'the capital of Brussels", for ignorant Americans, or "the country of which Brussels is the capital" for the rest of us.
Linux user since early January 1992.
My truck doesn't have Air Conditioning, but I DO have an air conditioning button on my dash that connects the coil to ground.
Security through obscurity baby!
Some of these cars could quite possibly contain that whole "key in range push button to start" option. My cousin has that option on her car, though I forgot the make/model...
When man makes a better mousetrap, nature makes a better mouse.
Karma Whoring for Fun and Profit.
The research has been done in Belgium and Israël, not in the Netherlands and Israël as previuosly stated.
Another reason to carry around an RFID jammer.
Quick, someone create Faraday pants, or should I line my pockets with tinfoil?
They use your stolen coins and mints to help supplement their black budget.
Occasionally, when computer time is not available, they use a brute-force attack with a crowbar.
After following me around the mall for an hour with this little device, they would run the software, get into my Honda Civic, and then...
Hotwire it.
How easy is that? I think they'd just carjack someone before going through the trouble.
OK, what part of "Katholieke Universiteit Leuven, Belgium" looks like "researchers in The Netherlands"??
In other news: The Canadian president George W. Bush invaded Iran because of the 9/11 attack on the World Trade Center of Chicago.
According to their slides, all you need is proximity to one of these devices for an hour, and the master key for the manufacturer can be found - which is simply XORd to the vehicle ID to authenticate. They were relying on a vast keyspace instead of a secure encryption method - security through obscurity.
Break one key device, break them all.
The key fobs work by producing a new code each time you press it, and the car remembers which ones it's heard, preventing you from recording someone getting into the car and playing it back later.
So I guess the magic is that with an hour's worth of data, you can now figure out the sequence. But why bother? If you somehow can record 3600 fob activations in an hour away from the car, you can with no special knowledge make a key that will work 3600 times. More than long enough to fence the car, or steal the laptop inside.
All ur virtual fuzzy dice are belong to me!
While it may be simple to break the code on the chip, you still need a copy of the key unless the car is push-button-ignition.
These days, many high-end car keys are CNC cut (my mini's key has huuuuuge tooling marks from a spindle-out-of-square), which will actually cause a bit of trouble. This isn't something you could easily do a putty-transfer on, nor does the group of people who spend a lot of time breaking cyphers typically overlap with the group of people who have and can work with CNC equipment.
In the end, I think flatbedding the car is the way to go. All the big chop shops are doing this now. If you're small-time, carjack. Alternately, get a real job.
I like Mad Max's solution more. A bomb on the gas tank is a nice way to get rid of naughty people.
That's okay. If you own a Daewoo, you could hand the key to a thief and they still wouldn't steal it. Nothing to see here, move along.
10 FILL MUG WITH COFFEE
20 DRINK COFFEE
30 GOTO 10
The new keys are not like fobs that you have to push a button on ... they are transponders. The car pings them as you get close, and they respond with a code that unlocks the car. Basically, the car is pushing the transmit button.
-- Mitch
I just purchased a new car that doesn't have a mechanical ignition system. There's an place to attach the key (doesn't have metal teeth or anything), and a big "Start/Stop" button. The steering wheel lock is also electronic, and is controlled by the electronic signal from the key. I have no idea if my car uses KeyLoq--- I sure hope not.
Mechanical locks are on their way out, largely because they're ineffective against even moderately sophisticated criminals. That's the whole reason Immobilizer systems were rolled out in the first place. This attack effectively stips the immobilizer out of the car and rolls the security back to pre-Immobilizer levels. You only need to look at theft rates among models with and without immobilizers to see what impact that has.
Finally, for those who say that 1-hr access to the key is unreasonable: remember that the attack here is _key copying_, not theft. The immobilizer systems are designed to prevent copying, so that your valet or repair person can't make a copy of your key and steal it later. This attack takes a lot longer than other attacks which are out there (example), but it's still not out of the question.
The basic lesson of all these attacks is that manufacturers need to use strong cryptography rather than custom, homebrewed ciphers. Hopefully with fabrication prices dropping, this will be the last generation of truly ridiculous authentication systems.
They probably looked up Leuven in the Encyclopedia Britannica 6th Edition ;)
Knowledge is power. Knowledge shared is power lost.
Some cars have a system where there is no mechanical key. MB & MBW have it, I hear Toyota has some too, presumably Lexus too. Basically, you have a card or fob in your pocket and you press a button to start the car.
Why don't remote keys resync symmetric, unbreakable keys with the car every time they're physically inserted into the ignition?
...) properly.
When someone patents that device, just point to this post as prior art. If it's patent free, anyone can use it, and there's no excuse for not securing cars (and homes, and bikes, and
You're welcome.
--
make install -not war
A physical key is still a key, y'know? There is considerable overlap in concepts and techniques - why, putty transfer is simply a replay attack, while a rake is actually used to brute-force a lock by generating many pin position combinations in a very short time.
Something bad is coming when people are suddenly anxious to tell the truth.
Bleh. The mechanical lock and steering wheel lock on many cars can be bypassed in 5 minutes with a dent puller. Tap the dent puller into the key switch and pull really hard. The key lock will pop right out. Some cars have an anti-theft arrangement here, so YMMV.
And if someone wants your car bad enough, they'll just put into a flatbed tow truck and drive away with it.
My blog
I honestly think a flamethrower would be a little more effective.
try { Signature mysig = new CleverAttempt(); } catch(NonCleverSignatureException e) { postanyway(); }
a valet would be perfect cover.
set a device that could steal many keys underneath the box they store keys in...
you also do not need to be in physical control of the key. Merely near it.
The phrase "more better" is acceptable English. suck it grammar Nazis
I actually have removed those. Had a friend, with an old maxima, whose key broke off in the ignition. The maxima actually has a bypass starter located in the dash, but it doesn't free the steering wheel. What I ended up doing is cutting slots into the steering lock mechanisms break-off bolts and removing them. After that, the steering wheel was free and the car started via the bypass.
After taking a quick look at it, I'd say doing this would take 4 minutes at most on his car, now that I'm familiar with it.
His "key" is a flathead screwdriver. Still does it to this day.
import system.cool.Sig;
An attack is even easier if the key passively responds --
merely construct a repeater, and hide it near your target car owner. Walk up to the car with the other end of the repeater, and blam, free entry into the car.
Why aren't you encrypting your e-mail?
Who actually uses a valet key though?
honestly, I dont even know where mine is.
The phrase "more better" is acceptable English. suck it grammar Nazis
The hack wasn't by a university from the Netherlands, but one from Belgium (University of Leuven) together with researchers from Israel.
According to the local news here the hack would require you to be in the environment of the key for about 1 hour, after which it would require approximately 1 day of calculation to break the code.
No papers have been released yet - they would release them somewhere in April 2008.
Nice to see a fellow Mini driver on /.
Anyway, correct me if I'm wrong, but doesn't the Mini key communicate with the car's computer system when it's inserted?
I know when I take my car in for its 10k checkups, they just drop the key in this little scanner and pull the mileage off. Could be RF, too, for all I know. I guess one check would be to take my spare key around the car, but not use it to start/unlock the doors and then take it to the dealer and trick em.
KeeLoq's serials! :9
Yeah, but the Valet key has to perform one function by definition... allow you to open and drive the car.
If someone copies the valet key, regardless of whether it is mechanical or electronic, they can now steal your car.
Have you seen the laser cut keys? You can't rake those locks.
I don't think the key has the mileage on it. It does have the vin or some kind of serial on it. Whenever I bring the car in, they check the mileage on the dash.
That aside, the whole point of the article was about how the cipher is breakable, so in theory, someone could pretend to be the key in all virtual senses. My point was that the physical key still adds a degree of difficulty when stealing.
-05 mcc
Well, that's very interesting, but I have to go.
I'm headed to the annual "Vegan food and wifi jamboree" at the co-op where I expect to "win" a new Prius.
Of course I have to bring my laptop. Don't worry, just because I'm sitting at the table next to you doesn't mean I'm using my machine to crack the crypto on your key while we enjoy our roasted yams. I'm just writing my tract about municipal wifi and organic gardening.
Oh, yeah? You own a Prius? In red? I always liked red. Man, you have the only red one here...
Use the Firehose to mod down Second Life stories!
No such thing as a truly unbreakable anti-theft system.
1. What happens if someone genuinely loses their keys? There needs to be some way for the manufacturer to sort them out.
2. Car theft won't stop overnight. But it will cause more things like carjackings (rather more violent and distressing) and key theft.
3. In any major city, there are enough tow trucks that nobody will bat an eyelid if they see a car being lifted onto the back of one. It's brazen, but by the time it dawns on the driver that their car has been stolen it's in a lockup 100 miles away being modified to take a different key altogether.
No the intro clearly states that the thief has to have access to the remote control while is it in your pocket.
So next time you let a car thief put his hands into your pocket, make sure it's only for 50 minutes.
It is just me, or a lot of exploits like this. A Thief can gain access to ANYTHING in your house once they are INSIDE! OMFG!
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
There's an place to attach the key (doesn't have metal teeth or anything), and a big "Start/Stop" button.
I like my Prius also. I have an older one that still uses a chip in the key. When you hack my remote, you also have to hack my key. The Prius does not have a 12 volt starter at all. The throttle is fly by wire. The EV transmission is a computer controlled motor/generator set. Unless you can convince the computer to operate, there is absolutely no way to drive it off with nothing but the data from the remote.
The new model with the keyless fob for the ignition may be wirelessly exploitable. It is a cool idea though. Walk up to your car and the door unlocks. Nice if you are carrying packages. Get in and press start and drive away. The wireless key fob, even though very nice, may be a security hole.
The truth shall set you free!
If you are buying a fancy car to show off your wealth or whatever, when perfectly good alternatives exist, you deserve to be robbed.
If you can't afford to have your expensive car stolen, then can you really afford that expensive car?"
Not everyone buys an expensive car to show off....many people just like performance.
That being said, often it is NOT the ultra luxury, expensive cars that are the most often stolen ones, at least in the US. The past few years the list of most stolen cars are the common, non-expensive models, usually slightly older Hondas or Toyota Camry's or the like.
Those are easy to steal, and chop up for parts.....at stolen Porsche GT3 is gonna stand out like a sore thumb when it gets reported stolen, but, a camry will blend in to traffic like all the other ones out there.
While I'd hate to get my car stolen...much like anything I own, that IS what insurance is for.
I love my 'toys', but, really, there just isn't much in life that can't be replaced...cars, tvs, women, furniture...etc.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
As an American, I'll gladly admit that I don't know the difference between Dutchland and Belgia.
-- dR.fuZZo
I believe the Prius does that....I seem to remember a friend of mine showing me this 'feature'.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
OK, so in one hour with close proximity (measured in feet) to the controller, they can crack it. Give a guy (valet parking anyone?) your keys and he can copy it in 5 seconds. This is not news at all. You want to impress/scare me? Tell me they can do it without the remote.
excitingthingstodo.blogspot.com
Bahh ... I'm installing a trunk monkey. As long as they don't have bananas I'm fine!
I know on my grandparents car the valet key will only let the vehicle drive a certain distance as well.
Officer: "How many people had access to the key for an hour or more?"
reply: "Here's the short list."
It's simply not worth it to have to deal with electronics that break, batteries that die, etc.
That has turned out to be FUD now that they are getting lots of miles now. The battery pack is easier to change than a typical transmission and now costs less. In addition it has been proven more reliable. (Google search Prius Battery Failures). The little 12 volt battery is a much higher failure rate item needing a 3-5 year replacement cycle just like their conventional counterparts.
In the trade of of mechanical parts for electronic, most mechanical high failure items on the Prius has been eliminated.
Here is a short list..
No belts, not even for a water pump or AC.
No Hydraulics hoses or lines except the brakes.
No leaky AC rubber hoses or shaft seals.
No clutches, pressure plates, bands, or hydraulics of any kind in the transmission
Here is how the improvements work.
The AC is a sealed electric unit like a home refrigerator. The compressor is body mounted eliminating Leaky shaft seals, belts, clutch, and hoses.
The transmission has 7 moving parts. None of them is any kind of friction, shift, or hydraulic part. It's built like and as reliable as a differential. The battery pack is composed of 7.2 volt modules. A module failure does not equal a battery pack replacement.
The Power steering is a linear electric motor for assist. This eliminates the power steering pump, hoses, and power steering fluid issues.
The power brakes use a compressor so it is a trade off for the vacuum module for a compressor.
The cooling system is powered by electric pumps. It traded belt driven problems for electric pump problems. I haven't seen reliability reports on these pumps yet which is a good thing.
Even the starter moter with it's brushes, solonoid bendix gear and other failure items has been eliminated. The brushless AC Motor/Generator set in the transmission starts the engine.
I studied all these issues before I bought a Prius. TCO is an important number to me.
For me personally, Here are some of my stats.
I have 120,000 on my Prius. At 20,000 and 80,000 miles I changed tires (the originals don't wear well). At 70,000 miles I had to change the 12 volt battery in late 2005 so it lasted almost 4 years.
At the last tire change, I had the brakes checked. I have 80% remaining. Other than give it gas and regular oil changes, it has required zero repairs except a rock chip in the windshield.
Most other cars I drove with over 100,000 miles were getting into needing starters, alternators, brakes, belts, power steering, Air Conditioner, and transmission service.
The truth shall set you free!
A car analogy
Knowledge is power. Knowledge shared is power lost.
Actually, with a properly-prepared key blank you can impression "laser-track" locks just as easily as you can impression other types of pin-based lock. (Certainly in less than an hour -- and the key impressioning could be done in parallel with the technique described above.) While the key looks impressive, the internals of the ignition/door cylinders are often not very different than a traditional, wafer-based car lock.
Maybe Keeloq is broken and maybe it isnt but I think I'll wait for the paper and see what Microchip's response is before I assume these clowns are anything more than attention whores.
... window is a much easier way in.
UTF-8: There and Back Again
If the manufacturers ACTUALLY gave a crap about security they could easily enough make the system secure. Instead they're more interested in patentable special sauce and NIH.
The thing is, cryptography is at the same time very easy or very hard. It's very easy to utilize one of several freely available strong systems in order to be secure. It's very easy to invent a system from scratch that YOU don't know how to crack. It's very hard to invent your own system that nobody else will know how to crack. It's very easy to introduce a serious flaw when re-implementing someone elses crypto. If you haven't devoted your professional career to cryptography, the best bet is to utilize someone elses.
For example, Blowfish is completely free of encumberance and has several fully public domain implementations available in C. RSA is (now) equally free. It is well understood, has years of successful use behind it and years of analysis demonstrating that it would cost WAY more to crack the key than any car is worth (not to mention that it would take longer than the typical lifetime of a car). There are plenty of years old CPUs out there that have more than enough "oomph" to handle RSA and are well suited to embedded use. They might cost a dollar more, but this sort of system is not used in "bargain basement" cars.
They spend the extra cash on fine leather seats and steering wheel covers but use Yugo quality locks to protect it?
It consists of an RF transmitter to open the doors, etc, and a passive RFID chip that had to be read by the steering column before the car will start. If you look at the other products on the FCC site by Valeo, you'll see various steering column readers and door lock receivers. The transmitter is actually fairly complex - it uses rolling codes to help prevent theft by replaying/predicting codes.
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
Wow, I'm actually surprised they found the thing at all. My only experience with Lojack was pretty funny.. A friend of mine had this big passenger van he used for work. One night we went out to get drunk in Brooklyn, and parked the van on the street. Long story short, we got far too drunk, couldn't find the van, and ended up calling it in as stolen. The next morning the van was located using Lojack, and it happened to be about 2 blocks from where we *thought* we left it. The funny bit is that he had no idea it even had Lojack. I guess the moral of the story is that if you don't remember where you parked, Lojack can make you feel quite foolish.
"Luke, you've switched off your targeting computer, what's wrong?"
I've raked a lock open before.
Lock picking is NOT that complicated. Basically, just apply a rotation to the cylinder, while pushing each pin up until you find the one that binds. (Locks are not perfect, one pin will usually bind before the others.) Push that pin up until the shearline is at the right point, and the cylinder will rotate slightly, keeping that pin in place. Repeat to find the next pin that binds.
Now, there are some types of locks that make it harder to do this. (Through various means I won't get into here.) But ANY lock can be 'picked', even if just by bruteforcing it.
My old car just had a plain old key. No chip, nothing. When I bought it, all I got was one valet key and one original. I went into a locksmith store and asked for a copy of the original.
I assumed he'd just take the original and copy it, like most box stores. Not this guy. He said no thanks, went out to my car, and without my keys he made a working key in about 5 minutes.
I wouldn't have believe it possible unless I saw it with my own eyes. He filed a blank key until it worked, feeling the lock. I think he was showing off.
Anyway, point is, someone this good can fabricate the old keys in 5 minutes. 1 hour to copy a key & you must have physical access to the key is better than the old way.
They are stealing high MPG cars with more and more frequency. Sure, they aren't 'pretty' but they are being stolen.
And another reason your argument is stupid: Just because I have money to buy nice things, dosen't mean I should have them stolen. Nor should I expect it.
You own a house. Lots of people don't own a house. You should be robbed/broken into just because you have a house?
What happens if I park my car in the carport and lock it and then, some time later, walk by it on the way to the mailbox with keys in my pocket? The neighbor kid sees the locks pop open and helps himself to my CDs, GPS, etc.
Have gnu, will travel.
The problem lies in the modern TPMS systems. Tire Pressure Monitoring Systems regularly use the keyfob frequency to transmit to whatever smart power box controls your body functions (i.e. door locks, windows, ignition, headlamps, etc.) All they have to do is steal your tires with TPMS and voila, instant keyfob. Little details like cipher get blocked out when they realize that all they have to do is start putting the little pins on the IC to +5V or GND until the door locks pop.
Ok, interesting post, but why wasn't the master key posted? I want to make a legit copy of the key of my neighb^h^h^h^h^h^hjaquar. Without it, no 65 minute crack...
Most professional car theft rings are stealing the cars to strip them for parts that are then resold to mechanics who use the parts to repair other vehicles. That "business model" is why the most often stolen cars are often the most common (Toyota Camry, Honda Accord, etc).
people who have this knowledge will be more interested in breaking into Mercedes and high end cars, not fords and equivalents, however from the usual idiots i know, they wont waste their time trying to decipher a encrypted code......they just bash in the window or tap the window with porcelian and use a screwdriver to pop the ignition, or just do bumble bee, christmas tree(black yellow, green red) with the wires, then there usually arrested after not using the car for practical purposes(ie: going 200 on the highway with 5 police cars chasing them....that freind is in for around 20 years last i checked....fucking dumbass...)
-Noc
Yeah, emergency responders just love the idea of a vehicle that can suddenly accelerate on electrical power (no startup/noise/warning) just because a keyfob is in the vicinity. Even more fun than having a side impact air bag fire while you're trying to extract someone.
You can rake any pin lock, even the DSP and magnetic ones, the motion is just not 'raking' anymore. $100 will get you a nice set of jigglers, tailored to the make, model and year of car you wish to steal, and if they work on the barely used door lock, they will make short work of the ignition barrel.
... nor does the group of people who spend a lot of time breaking cyphers typically overlap with the group of people who have and can work with CNC equipment.
It's obvious that you haven't attended their conventions. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Currently on MSN's main website newsticker, there's an article showing a headline, "Are you afraid to file a car insurance claim?" That's what is called "directed questioning". Why should you be afraid to file a car insurance claim? The informed and rational mind would reject MSN's headline question -- why the insinuation of fear? Who said anything about being afraid? But the nature of directed questioning is that it is suggestive. Now the suggestion of fear has been made, and people who aren't so well informed or rational will hold the questionable fear-state in their mind while searching the article, which is probably also rife with suggestivity. But why all this suggestion, why not just be better informed (or more rational, take your pick)?
s ureYourCar/InsureYourCarDyn.aspx?cp-documentid=524 9792>1=10331
The article:
http://articles.moneycentral.msn.com/Insurance/In
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
It seems that the cipher (as in: cryptographic algorithm) is broken. It's not even "has been broken" because if it is broken now, it was broken yesterday. If it is indeed a XOR method, it has been known to be broken for a while. I think the author meant determining the value of a key for a car using a new, faster method to do so. The title is therefore rather wrong. Oh, and I've always understood that it should be "a cipher of a car" instead of "a car's cipher", but maybe that's only true for old style English.
Why am I even bothering to post this? Oh well, I've got karma to burn anyway. It *is* nothing less than the title of the summary, so maybe that's what triggered me.
"Follow me" the wise man said, but he walked behind.
That Porsche's aren't the most stolen car isn't quite relevant to whether they're more likely to be stolen. There's likely some skew towards Camrys, Carollas, and other relatively low end cars in the overall statistics simply because there's several thousand more Toyota Camrys sold in the United States than the number of Porsche. I would be willing to bet my weekly salary on that a single Porsche in a parking garage is more likely to be stolen than a single Carolla, though I would imagine that the chance of recovering a Porsche is probably higher, as it's much more difficult to sell a chopped Porsche for parts than it is a Carolla.
--
What does CNC have to do with anything? Any car key, including simple ones that you could do a putty transfer on could have been cut by a CNC machine. They probably all are originally anyway.
Your sig is incorrect. "The truth shall MAKE you free."
Um, that's someone else's tagline. I'll keep mine. The only change I've considered is changing it to "keep you free".
The truth shall set you free!
Where I live, the largest taxi company in town has switched the majority of its fleet to hybrids (they used to use propane crown victorias and such).
I queried a driver about the reliability. His vehicle (new body style prius) had around 200K km on it. He had replaced the tires once and brake pads etc (expendables). They have another in the fleet that had 300K km before they sold/upgraded it (not sure if it was a lease or owned or what have you). No problems with that one either, but they had gotten their money's worth out of it.
Even though it was completely anecdotal ("yeah these cars are great") I was impressed.. those taxi drivers drive the isht out of those poor cars. I don't think my own car (Accord) would stand up to that kind of driving long (clutch, tranny, brakes.. etc would all be suspect very quickly).
"If you are going through hell, keep going." - Winston Churchill
Even though it was completely anecdotal ("yeah these cars are great") I was impressed.. those taxi drivers drive the isht out of those poor cars. I don't think my own car (Accord) would stand up to that kind of driving long (clutch, tranny, brakes.. etc would all be suspect very quickly).
Stop and go driving is the car's good point. Many quickly point out heavy stop and go may reduce the mileage to 20, but compared to the standing the taxis do on a regular basis, that is excellent. Sitting with the engine running results in 0 MPG in traditional cars and hybrids. The difference is in a traditional car, the engine runs all the time unless the operator shuts it down and pays the starter wear penalty. The Prius with a long wait time is not running the engine over 80% of the time. It is not required by the EPA, but the fuel consumption rate at idle should be on the window sticker. Those fleeing Katrina and stuck in traffic often got less than 60 miles to the tank of gas.
Seattle did an experiment with Hybrid buses. They blew it and tried to save lots of money by putting them on the long haul express routes. Bad move. At expressway speeds and driving they don't do much better than their counterparts. They should have put them on the downtown routes and compared them in stop and go and stop and creep traffic. That is where they shine. Even when they shine in that type driving, the numbers are nothing to shout about. Stop and go driving kills economy even in a hybrid, but not nearly as bad. In some creep and stop traffic, I once got under 5 MPG for about 1 mile. It took almost 2 hours to make that mile.
I have put in inverter in my car (1,000 watt) and have used it to power things in power outages. I have literally locked a key in the car, shut off the lights, heater and anything else and let the car run an entire weekend running a fridge, small freezer, a couple CF lights, and a computer part time. Even though I left it idling an entire weekend, I still got 32 MPG on that tank of gas. I used less than a quarter tank. Not bad for a 12 gallon tank.
In that mode it typically runs for about 5 minutes and shuts down for almost a half hour then repeats the cycle.
The truth shall set you free!
Couldn't you just hotwire the car after cloning the cypher? Or is there something I'm missing...?
Besides, the jackass who stole my car stereo smashed my window. I want shatter-proof glass and a way to automatically hide my valuables.
No, I will not work for your startup
All the more reason why they are getting stolen: More and more people are feeling the 'Gas-pump sting' with their fancy cars, and are settling with more fuel-efficient cars.
How did you lock the key in your Prius? I can't lock my key in mine - the doors unlock when I close them with the key in it.
Leave the engine running, get out and use a second key to manually lock the doors from the outside. The remote key fob is inop when the ignition is on. (Not sure if this works on the newer models but works fine with mine.)
The truth shall set you free!