back to article Wikipedia-reading boffins jimmy keyless door to entire universe

A team of German scientists say they have cracked the encryption of a device widely used in keyless entry systems that electronically secure cars, garages and office buildings. The finding by the scientists from Ruhr University in Bochum, Germany, means it is now relatively straightforward to clone the remote control devices …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Alert

    Can't be that bad

    Its been in use for 20 years, and is *very* widely used with easy access to all the components, and yet they've only just got around to cracking it. And even then it isn't trivial. And it needed help from a Wiki entry. (Who posted that by the way - a rival supplier?)

    For cars it'll still be easier to just steal the keys, as this will get you around all the security systems not just the KeeLoq part. (Immobiliser transponder is usually a different system to the remote locking transmitter, so wouldn't be touched by this)

    As for building security, if your only security relies on a chip card then you aren't trying hard enough.

    I'm sure people will use this for bad things, but I'm not sure the threat is particularly severe - at least for now.

  2. Anonymous Coward
    Happy

    Makes me glad...

    ...my car is not worth stealing.

  3. R Callan
    Linux

    Minor nit

    How far is a meter? All of my meters are significantly different in size. The only one I could use for measuring distance is my metremeter and that is just over a metre long.

  4. Mike Silver badge

    equipment costs

    ok, so for around "$3,000" in equipment (what's that in real money? probably down to £50 by now?) you can have an attack that lets you sit around some types of vehicle, wait for someone to open their car, then do some analysis of the data, and then next time they leave their car there you can come back and get in, sounds like a good investment

    however personally i would go for the even smarter investment, around £5 can get you a hammer, which can gain you instant access to any type of vehicle, no waiting around, no wondering if that vehicle is vulnerable to your snooping or not, you just walk up to the car, use your vehicle entry device, and get instant access - as an added bonus the hammer can also be used as a weapon if the vehicles owner should catch you in the act - and that's not all, buy now and your hammer comes complete with the ability to control construction equipment such as "the nail", this is a limited time offer so buy now to avoid being disappointed

    you know where the smart money is...

  5. Charles Manning

    So what?

    Good old mechanical vehicle/garage locks have been "cracked" since the beginning of locksmithing. That does not mean that all cars get pinched.

    Locking a vehicle or building just sets a barrier to entry: effort/risk/cost vs payback. When you lock a car you just make it a bit harder to steal and the crim will hopefully steal some other car or not bother that night.

    Cracking Keeloq just changes the payback curve. Buying a few $K of fancy kit plus doing fancy sums is still beyond what the average thief is prepared to do.

  6. Dan Goodin (Written by Reg staff)

    @Minor nit

    R Callan,

    Here in San Francisco, that's how meter is spelled . . . or is it spelt?

  7. Anonymous Coward
    Thumb Up

    @Mike

    Have you ever tried to break a car window with a hammer? - it's harder than you might think, and attracts far more attention than you might want.

    I prefer an automatic centre punch...

  8. Ned Ludd

    Hammer Time?

    I thought a spark plug was the preferred tool for busting into cars.

  9. Tim Bates

    Garage door = entry to houses.

    Most people with an automatic garage door also have a door from the garage into the house. And 99% of people will leave that unlocked, since no one can open the garage door anyway, right?

    It wouldn't be hard to imagine an organised burglary group implementing this. It'd make getting in easier and less obvious to neighbours. If the owner is out, then they'd even be able to park a ute in the garage and load up undetected.

    Of course an alarm system foils that, but there'd be tonnes of suburban houses that have remote garage doors and no alarm.

    As for the spelling of the base metric distance unit... metres is the correct spelling, and US spelling is pointless if the US residents refuse to use them.

  10. Keith T
    Unhappy

    Customers the big loosers here

    Now microchip will be able to sell its customers equipment to replace what it has installed over the last 20 years.

    Sounds profitable.

    Only the customers loose.

  11. Anonymous Coward
    Anonymous Coward

    One time pads now practical

    With flash being so cheap, one time pads are now practical (shared key sequences of random numbers).

    You could generate a true random sequence of keys, burn them into both car and key) and use that.

    8 bytes per key, say you open the door 1000 times a year, an 8Mb flash would last 1000 years before reusing the sequence.

  12. Dave Bell

    Don't these guys know the basics?

    Kerckhoffs' principle, presented in 1883.

    If this system depends on the algorithm being a secret, it's improperly designed.

  13. Humph

    Re: One time pads now practical

    "...before reusing the sequence"

    Just to nit-pick, isn't the idea of a one-time pad that it is used only once?

  14. This post has been deleted by its author

  15. Steve

    You wouldn't use this to steal just ONE car...

    You'd arrive early and park near a large lawyers/bankers/rich bastards' office and clone about twenty keys as people arrive in the morning. The next day, a bunch of people with caps pulled low for the cameras calmly walk in and drive off with a lot of very expensive cars.

    To much work for your average herbert, but a reasonable return on your investment if you choose the right target.

  16. Anonymous Coward
    Anonymous Coward

    @Dan Goodin

    Surely you mean "french yard" ... after all you insist on using "english pint" (for something that isn't!)

  17. Anonymous Coward
    Anonymous Coward

    re: One time pads now practical

    Actually, I thought that was how they worked. I remember reading an article about the technology: they had an overlap so you could press the key button a few times without getting out of sync with the car even if you were out of range; if you pressed it 50 times or so, it would stop working.

  18. Fatty Treats

    Ramifications

    Several correspondents argue that this is not that useful or easily used security hole, e.g. Mike points out this is "an attack that lets you sit around some types of vehicle, wait for someone to open their car, then do some analysis of the data, and then next time they leave their car there you can come back and get in". Doesn't the article say that once you crack it you can do it for any *model*?

    So you while away a few hours in a Tesco car park after which you can open *any* Ford Focus/Honda Accord/generic Toyota... sounds alright to me.

  19. Matt

    Ute

    Is that a good looking female sheep, about a metre long?

    So $300, or €80 to break into a lot of cars without damage or being too suspicious. Sounds like a good investment if you're that way inclined. Especially as the price will fall if it's worked on a bit more.

    My cars a Fiat so the remote never works anyway............

  20. Anonymous Coward
    Thumb Up

    "I'm not sure the threat is particularly severe"

    Well no, but the words "master keys", "posted on Interwebs" and "within 1 week" come to mind.

    Let's have some redistribution of income here...

    PARTY!!!

  21. Joe Harrison

    Serves them right for being so greedy

    When I were a lad your car key was made of one slim piece of metal and if you lost it you had another one cut for 2/6d. Now it's a chunky lump of plastic and a new one costs 200 quid. You're over a barrel too if you want to get back into your motor. I hope someone does flog off cheap replacements that you can reprogram yourself.

  22. Anonymous Coward
    Happy

    @Dan Goodin

    What colour, oh sorry, color shirt have you got on, did you buy that aluminium, sorry again aluminum foil I asked for :p

  23. Martin
    Alert

    @Keith T - while we're being picky....

    The customers lose! They don't loose.

    Loose = opposite of tight.

    Lose = opposite of find.

  24. Remy Redert

    @AC

    Why would you cycle to the next key if there was no response from the car at all? That just causes problems.

  25. Gavin Nottage

    re: One time pads now practical

    Cars come with two keys, so would they have separate sequences, or try and sync up somehow? I guess they'd go for separate. It would mean if you lost a key, the stealership would just need to reprogram the car's part for a new key - or more likely open up some module and replace the corresponding chip/board for the new one - pretty expensive, but then people shouldn't lose keys!

  26. Mister Cheese
    Alert

    @Oliver, AC and Dan

    @Oliver

    Keyless entry in the Prius is not an option on the UK models.

    @AC(@Dan) - Septics have a smaller pint than us hardy Brits. So when one of them brags to you he drank 5 pints of beer in one night, he actually means only 4 pints of shandy.

    @Dan - It's spelled 'metre' since it's based on the Greek 'metron'. Ask 100%-accurate Wikipedia if you don't believe me. A meter is what I use to counter-argue my extortionate gas-bill. That's that gaseous form of gas, and not the liquid-form you favour over there...

  27. Ash

    @AC (American language pedant)

    Aluminium is actually pronounced aluminum; the boffins (a phrase popular with El Reg) some time ago decided that the name didn't look right on the periodic table next to Plutonium, Caesium, Francium, and other elements. They decided to add the extra "i" to make it look pretty.

    http://periodic.lanl.gov/elements/13.html

  28. Gilleain Torrance
    Happy

    $3000 dollars worth of equipment?

    ...or if you buy them from China, about $150, or some other ridiculously small price.

    Also in your cart : GPS/mobile jammer. For innocent purposes only.

  29. Test Man
    Thumb Up

    @Oliver and Mr Cheese

    I believe the latest model Micras use this sort of keyless entry, although I think it applies to starting the car, not sure about opening the door though.

  30. JeffyPooh

    "...requires....specialized skills..."

    So does cracking the encryption on a DVD: <click-click>

    My car fob only reaches about 10 feet, so I'll keep an eye out for hackers with laptops leaning on my motor's bonnet.

  31. Anonymous Coward
    Happy

    Generic title

    "I believe the latest model Micras use this sort of keyless entry, although I think it applies to starting the car, not sure about opening the door though."

    Renault have been using card keys for a while, and I dare bet you'll find a fair few Laguna owners who aren't that keen on the idea (let's just say that the keycard system had a few, erm, issues when it first came out)

    Makes me glad I'm running a 10yo Clio - even if someone was taken with an urge to nick it, and had the keys, they'd more than likely give up before the immobiliser decided to disarm itself :-)

  32. jai

    @Ash - aluminium

    that article you link to states the following:

    "Davy proposed the name aluminum for the metal and later agreed to change it to aluminum. Shortly thereafter, the name aluminum was adopted to conform with the "ium" ending of most elements, and this spelling is now in use elsewhere in the world"

    which makes no sense at all - they've spelt it wrong there somewhere, but which one?

    and anyway - the point is not the pronouciation of the end of the word, it's the begining bit that the sceptics have trouble with. it's not aloo-minum, it's al-u-min-um(ium whichever)

  33. Andus McCoatover

    @JeffyPooh

    <<My car fob only reaches about 10 feet, so I'll keep an eye out for hackers with laptops leaning on my motor's bonnet.>>

    But, I bet your motor doesn't use a Yagi/high-gain/Pringles antenna to pick up the signal....

    ....we really need a "bleeding obvious" icon....

  34. Chewy

    interesting

    Can anybody think of a reason why my alarm refuses to set near the police station?! Not that I think anybody would steal my 10 year old brick.

  35. JeffyPooh
    Happy

    @Andus McCoatover

    By your "Pringles" etc. comment you appear to assume that the keyfob is transmitting in the 2.4 GHz. Not every consumer electronics uses the same 2.4 GHz band. My keyfob, like most, isn't 2.4 GHz. It is, like many, in the 300-something MHz band. Makes your high gain antenna pretty unweildy. Your Pringles can WiFi antenna would have to be replaced with a garbage can size keyfob-compatible antenna.

    So, beware hackers loitering on the sidewalk and aiming tripod-mounted garbage cans in your direction while fiddling with their laptop.

  36. Michael Kean
    Stop

    Door Bell

    @ Chewy:

    I once hardwired a cordless doorbell transmitter to a 12v battery on my bicycle years ago, so if the bike was nicked (small town) I could find it again with the doorbell. Side effect unexpectedly was that it jammed car door opener buttons within 10-20 metres of the bike. Perhaps there is something similar at the cop shop?

  37. Andus McCoatover
    Coat

    @JeffyPooh - Good Point!

    Actually, good point, I didn't think of that.

    <<So, beware hackers loitering on the sidewalk and aiming tripod-mounted garbage cans in your direction while fiddling with their laptop.>>

    So, I'd need to equip myself with an RFID-enabled, (recycled) tinfoil-lined Wheelie bin, and wear a donkey jacket and some wellies to appear in "Mufti".

    'Course, I'd need to choose the 'correct' day of the week^H^H^H^H fortnightly collection day for me to get away with it, but, hell your 10-year old Lada's maybe worth it! (if all I can afford is a donkey jacket). Er, did they have radio in them thar days?

    </Joke!> Have a good weekend! -Andy

    (Mine's the jacket in the wheelie bin. Yep, the one that smells a bit. Ta Muchly.)

  38. StopthePropaganda

    somebody

    must've watched "Gone in 60 Seconds" too many times. The "new" version and the original.

    Social engineering cracks thru fancy encoded key security for cars as well as passwords for PC's.

    As for the hammer guys, there's an even easier (lazier) way to get thru even the most advanced auto security, deployed by west coast and east coast "gangstas" for years: the carjacking. Let the owner disable the security system then threaten to kill them if they don't get out of the car. Modern variations by "undocumented" gangs on the West Coast includes shooting them even after they get out of the car just to prove brutality.

  39. PM
    Stop

    At least in the states

    A $50 pistol will get you most auto's. Unless the owner is stooopid.

  40. Charlie van Becelaere
    Alien

    @ Martin

    Thanks for the explanation.

    I was worried here, trying to deduce what the customers had loosed upon us all.

    I, for one, was ready to greet our new customer overlords, but now I see there's no need.

    Also, didn't Burt Reynolds appear in a pair of films about the metre?

    Cheers

  41. Anonymous Coward
    Thumb Up

    @StopThePropoganda

    Shooting people after they get out wouldn't be terribly bright, as people would realize pretty soon that they're just as well off clobbering the throttle as obeying the carjacker.

    Gangstas may be mean, but they're not dumb.

    In other news... Jimmy entry with Wikipedia? A touch of class, Reg. Well-played.

  42. RaelianWingnut

    @AC - One Time Pad

    If you use a one-time-pad more than once, it isn't a one-time pad.

  43. Matt Bradley

    @Chewy

    Yep - I have similar problem with my >10 year old motor. Under certain circumstances, when parked in particular locations, the "lock" button refuses to work. Move ten metres (or is that meters.. hehe!), and it works fine. Personally, I suspect that it is Wi Fi networks interfering with my key / receiver.

    As regards the original article / exploit: I imagine this will be very useful to organised cirminals trying to gain access to large properties / expensive cars, but not much use to anybody else. Anything that requires the villian to hang around with a few kilos of electronic equipment just in order to clone the key is going to be worthless to the average car thief or burglar: they can just break a window. I imagine that the manufacturers of high end home security systems and executive motors are already using security far more sophisticated than this, so this makes this discovery a non-problem.

    Nice to see boffins are still doing their jobs well but personally, I'm still more worried about some scally smashing my window for my radio, than some techie sitting in the bushes with a laptop.

  44. Oldfogey

    @@ Chewy

    There is a strong suspicion that the new Police Tetra radio system can upset car door locks and fancy ignition systems if set up carelessly.

    There is probably a Tetra base station at your Police Station.

    I don't think I would want a car that unlocked/locked depending on the proximity of a keyfob. I suspect I would soon have a flat battery and worn out locking mechanism, as it is parked just outside the window!

  45. Ole Juul

    Old school

    People don't use these kinds of locks because they don't want their car stolen. They use them because they think they're cool. To prevent theft of your car, you pull a spark plug wire when you leave it. If you're really serious, pull the fuel line too. That worked in the old days and I'm sure it works even better nowadays when everybody is a nerd and nobody is a mechanic.

  46. Jon Aldridge

    But what will be particularly annoying...

    ...will be to come back to an emptied car, then have the insurance company monkey tell you that in the absence of any signs of forced entry, it can only be that you forgot to lock it, so it's not their problem.

  47. Solomon Grundy
    Heart

    @David Wiernicki

    Lots of car jackings result in the owner being shot even after they have surrendered the vehicle - a simple search will return hundreds of news entries for the U.S. alone.

    Criminals don't have to be bright, victims just have to be stupid(er). This pansified country that is the U.S. has turned self-defense into a crime too, so the peasants are afraid to defend themselves.

    South Africa is even worse, they don't even count the car jackings that result in murder anymore because it is so common - they even have a thriving industry built around preventing car jacking: http://transportation.frost.com/prod/servlet/market-insight-top.pag?docid=JSAA-5NCK62&ctxixpLink=FcmCtx25&ctxixpLabel=FcmCtx26.

  48. Anonymous Coward
    Boffin

    @Chewy

    Touch the tip of your key to your head when you press the button. You melon acts as an antenna and increases the range significantly.

  49. Daniel B.
    Dead Vulture

    @Solomon Grundy

    Enter Mexico City.

    From midnight to 5am, it is perfectly legal to run red-lights. Why, you may ask? Because standard procedure is that if you see some strange dude coming to your car at a stoplight, you just floor it and take off, no matter what color the stoplights on.

    Carjackings over here very often involve violence, gunshots, or "express kidnappings" consisting in said carjackers taking you for a nice city tour, withdrawing cash from your credit and debit bankcards. Oh, and occasionally you'll get shot even if you do comply.

    Dead vulture after getting mugged in the Buenos Aires neighborhood.

This topic is closed for new posts.

Other stories you might like