Slashdot Mirror

← Back to Stories (view on slashdot.org)

Breaking a Car's Cipher

Posted by kdawson on from the soon-all-cryptographers-will-drive-fancy-cars dept.

An anonymous reader alerts us to research out of Belgium and Israel that claims a practical attack on the KeeLoq auto anti-theft cipher. Here are slides from a talk (PDF) at CRYPTO 2007. From the researchers' site: "KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or a Jaguar. The cipher is included in the remote control device that opens and locks your car and that controls the anti-theft mechanisms. The 64-bit key block cipher was widely believed to be secure. In a recent research, a method to identify the key in less than a day was found. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). The attacker than runs the implemented software, finds the secret cryptographic key, and drives away in your car after copying the key." Update: 07/23 15:27 GMT by KD : One of the researchers, Sebastiaan Indesteege, pointed out that the link to the paper was incorrect; their paper has not yet been released to the public. I also managed to mis attribute his nationality. He is Belgian, not Dutch. My apologies.

6 of 253 comments (clear)

  1. learn to read, you insensitive clod by Anonymous Coward · · Score: 5, Informative

    OK, what part of "Katholieke Universiteit Leuven, Belgium" looks like "researchers in The Netherlands"??

    In other news: The Canadian president George W. Bush invaded Iran because of the 9/11 attack on the World Trade Center of Chicago.

  2. Re:So? by dkf · · Score: 5, Funny

    That means the person next to you, or a few feet/meters away could be stealing the car keys. So now we need tinfoil pocket protectors as well as tinfoil hats?
    --
    "Little does he know, but there is no 'I' in 'Idiot'!"
  3. Re:So? CNC... by foodnugget · · Score: 5, Interesting

    While it may be simple to break the code on the chip, you still need a copy of the key unless the car is push-button-ignition.
    These days, many high-end car keys are CNC cut (my mini's key has huuuuuge tooling marks from a spindle-out-of-square), which will actually cause a bit of trouble. This isn't something you could easily do a putty-transfer on, nor does the group of people who spend a lot of time breaking cyphers typically overlap with the group of people who have and can work with CNC equipment.
    In the end, I think flatbedding the car is the way to go. All the big chop shops are doing this now. If you're small-time, carjack. Alternately, get a real job.

  4. Re:So? by Otter · · Score: 5, Funny
    This being Slashdot though, all the cryptography "experts" will tell us how things should have been implemented.

    Sorry, we can only communicate through analogies to either automobiles or door locks. Discussion of actual automotive door locks is therefore impossible, and referring to Belgium as "the Netherlands" will have to be the site's sole contribution.

    --
    What I'm listening to now on Pandora...
  5. Re:Belgium not The Netherlands by Daimanta · · Score: 5, Funny

    This is in Belgium, not Holland.
    It's the Netherlands, not Holland.
    --
    Knowledge is power. Knowledge shared is power lost.
  6. Re:So... by RandoX · · Score: 5, Interesting

    All you need is the correct sequence on the parking brake.

    The mythical Honda override exists: It's a series of presses and pulls of the emergency brake. Each car, it seems, has a unique override code, which correlates to the VIN.