Proprietary crypto again?!?!?!
"Texas Instruments claimed its proprietary cryptographic systems might be stronger than AES."
Do I have to explain the utter and complete FAIL in that sentence?
Weak cryptography means that car engine immobiliser technology has become easy for crooks to circumvent. Nothing weaker than 128-bit AES is considered sufficient protection for e-commerce transactions, but car manufacturers are still using proprietary 40-bit and 48-bit encryptions protocols that are vulnerable to brute force …
"....Nohl was able to crack the Hitag 2 car immobiliser algorithm.....in around six hours...."
Which if you want something that'll never be cracked is useless. If, on the other hand, you want something that stops an opportune thief making off with a car, it's entirely adequate.
In this particular case, if you wanted to nick it you'd be better off going with the time-honoured method of bringing along a trailer or low-loader and taking it away. Ok, it means that once the thieves have it they can get it running without having to banjax the immobiliser gear, but who gives a flying f***? I don't see that the smug feeling of knowing the thieves are out a few hundred quid for a new ECU is any great comfort.
The point of an immobiliser is to deter the opportunist. If someone *really* wants your particular motor badly enough (i.e. there's enough in it for them) they'll have it, even if it's kept locked in a garage with all the wheels removed and stored seperately.
I am forcibly reminded of a demonstration run by an aftermarket immobiliser / alarm firm in the States, who promised that anyone who could drive away their brand spanking new Corvette, equipped with their latest and greatest, could have it. An engineer turned up with a roll of duct tape and a Corvette wiring loom and bagged himself a new car.....
... were sitting in back of a van near target vehicle with crypto breaking code running. Once code was found and the car was unlocked then one bod gets out the van and drives the car off. Van then drives off separately.
A few hours waiting in a van for the chance to drive off in a 'free' 50k plus car is not a bad rate of return.
This is about the immobiliser - the chip in the key that says whether or not the car's going to start when you turn the key.
So it's not 6hrs in a van waiting for the indicators to flash and the car to unlock, but 6hrs in the car turning the key.
I still don't understand what was wrong with the PIN-style code that '90s Peugeot/Citroen cars used as an immobiliser.
(And why is there a "nicking your keys" icon?)
Cracking the encryption algorithm doesn't make the encryption any less secure unless the agorithm has some sort of weakness in it. Knowing the encryption algorithm gives you little, what you need are the encryption keys. I'm not sure how long it would take to brute force the 40-bit keyspace if you know the algorithm, but for the manufacture that uses the VIN as a key it would be pretty short.
For an average car, stolen by joyriders/ram raiders, etc, then 6hrs to defeat the immobiliser is sufficient deterrent.
For a £500,000+ worth of sports car, then thieves may well consider stealing it in a low-loader, hiding in a lock-up somewhere, reprogramming the immobiliser, and then shipping off to the Far-East.
I disagree. 6 hours is short enough that any car is vulnerable. People routinely park their cars for 8 hour (or longer) stretches of time: At work, whilst they sleep, long term airport parking...
What it basically boils down to is that cars with these devices are now as vulnerable as every other car out there. It just takes time.
"What it basically boils down to is that cars with these devices are now as vulnerable as every other car out there." But some cars can be nicked with a bent coat hanger and a bit of wire, so a car with an immobiliser that takes computer time and radio kit to crack isn't really as vulnerable, is it?
And of course, that is 6 hours of a current spec laptop. Make that 4 hours for a good desktop rig, right now, (for a car that has been towed away) or about 30 minutes in ten to twenty years time when these become the easy touch. For a high-spec car right now I wouldn't accept 128 bit as being adequate.
"For an average car, stolen by joyriders/ram raiders, etc, then 6hrs to defeat the immobiliser is sufficient deterrent."
For the _first_ time. It shouldn't take any longer for next times than legal owner to open the car, a couple of seconds. Once security is broken, it will stay broken.
And once the software needed to do this is on the internet, anyone can do it in that time. Even me. Essentially same as no locks whatsoever: Immobilizers stop only honest people.
All of sudden, mechanical locks seem secure again: You can't bypass them with small piece of software.
Just to give the Anonymous Coward nightmares about security, might i suggest these youtube videos of mechanical locks being bypassed:
http://www.youtube.com/watch?v=uEbcy-WDqW4
A video showing a decoding tool and instant key cutter for Audi's two track keys. Combine this with a reprogrammed ecu that has had the immobiliser switched off (less than 5 mins to swap the ecu) and you could drive the car away.
And for the really crappy immobiliser systems that just have an rfid tag in the key that spits out a 128bit number to a reader in the steering column, if you could get close enough to the key to read it you could potentially even bypass it with an ipod:
http://www2.informatik.hu-berlin.de/~ploetz/analyzing-an-unknown-access-control-system.pdf
See pages 13 - 16 for details on building your own very clever but ghetto rfid interceptor/replayer using an ipod/phone/media player.
That was the case in older cars, but now the trend is that all the ECUs "talk" over the bus, and have to agree that they are all in the correct car; i.e. all the ECUs have to "match". You cannot just change one easily. Think about the number of ECUs (engine, gearbox, dashboard, radio, aircon, electric steering...)
Of course you can guarantee that if the proper garages can change an ECU that has "failed", then the crooks will be able to do it sometime!
A person I know has just scrapped a perfectly good car because the fuel pump broke... he can't just get one from a scrappy because all the bits talk to each other and he would have to change every computer in the car.... so the car is now scrap - for want of a second hand fuel pump - what an environmental disaster... the replacement car needed making, this one needs cutting up and melting down... all that energy and just because some idiot thinks that they can be clever and defeat a thief - when frankly the thief could still walk away with the car if they wanted.
Why not take the ecu from the original broken fuel pump and mount it on the "new" pump? And there are places that can copy over the data from one ecu to another for a very reasonable price.
About 2 years ago, my now aging 02 plate vectra started having issues with the ECU. I had the guy at the garage suck air in through his teeth and the £ signs appeared in his eyes then told me it was going to be £1900 to fix it...
I went to a Vauxhall dealer , £750+VAT for a ECU, £300+vat to program it,,, then £250+vat to fit it... They would only cover it under warrantee if they fitted it... (3 bloody bolts and 2 clip on connector blocks)
This place on the interwebs, they would refurbish my old broken ecu for 50 quid, or if it was beyond repair they would sell me a refurbished ECU and transfer the EEprom data from mine to the "new" one fort £120...
And which bright spark decided the best place to attach a computer to a car was to bolt it to the engine block?
"The point of an immobiliser is to deter the opportunist. If someone *really* wants your particular motor badly enough (i.e. there's enough in it for them) they'll have it, even if it's kept locked in a garage with all the wheels removed and stored seperately."
No, it's not. Major function is to prove that a) it was locked and b) there was immobilizer installed because c) insurance money. Losing the car is just a minor function.
Its function is also to prevent theft by simply driving the car off and it doesn't do even that. Major failure by any sense: A thief have only to crack the security (with a easily reproducible software, cost zero) and then he can open the doors and drive car away: No difference to what the owner can do. And probably at less cost that factory wants from new keys from owner.
Tell me again that how that isn't a total failure?
Especially when the insurance company isn't paying a penny if there's no signs of breakage, but claim that you sold the car and you are a criminal when you try to collect the insurance money.
Some have even succeeded to jail the car owner for fraud with argument "These immobilizers are impossible to circumvent, thus owner has fraudulently sold it".
_That's_ the way it goes.
Yes it stops an oppotunistic thief however you answer why thefts are increasing. Low loader takes it away and now the thiefs have a way of breaking the immobiliser in their own time whereas previously they had to do other things.
Basically it speeds things up for them once it's back at "base"
The solution, of course, is to take the people who undertake such studies to court for their criminal attempts to circumvent lawful protection mechanisms and disseminate their studies to the car thieves of the world. There's clearly nothing else to do.
As for TI... well. I have an encryption system here that 'might' be stronger than AES too. My license fees are quite reasonable.
> The solution, of course, is to take the people who undertake such studies to court for their criminal attempts [...]
If you'd read the article, you'd see that car thefts had already (predating this study) been on the rise. The guy(s) who put this study together is/are obviously in the full disclosure camp. By having one of these "white hats" release their results basically explains how the "black hats" have been savvy to this sort of attack for a while, and points the way towards better security all round.
That wasn't so hard to understand, I hope?
I *like* card based systems but wireless keyfob based systems can and will be hacked by people sitting in a van with wireless sniffers. Its a no risk - low cost strategy that thieves of valuable (high end) cars will use.
Once the car security key is found (VIN?) the van can act as the fob as long as it keeps within 20 or so metres. DVLA will even provide VIN for ~3UKP :-)
This all reminds me of the tale of a fleet of new ford police cars delivered to a midlands force. All the cars were parked in the undergound car park with the press et.al. As the press officer was extolling the virtues of the new cars, a "guard duty" plod used his then analogue radio and managed to unlock almost all the brand new police cars, flashing the headlights etc.
The trick of using a CB "key rattle" to open a ford had been know for well over a year - but that force had never come across it till then - press had field day.
This is why I like my code I have to type in by hand. Not immensely secure, but not connected to anything by any kind of radio or IR signal, just a number that I have to remember.
Of course, the real security here is having a car so old it has a keypad immobiliser. Nobody will get much joy from riding in that...
Why hang around? All your crim needs to do is park up in a place like an overnight garage of a luxury hotel. He (/she) then sets going his downloaded L33tposhmotorhackzxzwarez* application to wirelessly bruteforce as many cars as possible.
Then he just leaves his car & equipment and buggers off on foot, to return in the small hours with a gaggle of chavy mates & harvest whichever cars have already been unlocked by then.
And you could make much more than £50k a night doing that.
* should I copyright that name?
In 1994 I applied for a patent on an immobiliser that guarded against this. In order to describe the improvement I first described a 'strawman' design for a poorly-designed system that would be easy to attack. I then described how to fix it.
The lawyer who drafted my application told me that my strawman matched a design from Texas Instruments.
"err, isn't the whole point of security that its only as strong as the weakest link... "
It's all about proving that your car has been stolen, really. At least in this case: Like said in other posts, securing any car that it's impossible to steal, is very difficult. But when it's as easy to thief to drive away as the owner, then "immobilizer" is worthless piece of crap.
Also: If you can't prove it's stolen, you don't get money from insurance and that's the real loss.
For a time a car theft ring near me used flatbed trucks and fork lifts used to transport pallets of brick and block. They just hoisted the car on the truck, reattached the lift and drove off. The cars were cut up and sold for parts. The only reason they got caught was the genius forklift operator bragged to the wrong guy his lift was big enough to lift a car.
I just imported a car from Japan and the b*gger only came with one remote key fob. Although made by Nissan, the NFC system used is a Renault one who want a metric arm and leg to program me a copy. I wonder if I can do it myself.
Interestingly they claim to be able to only issue four of a particular fob before the ECU has to be replaced which would suggest in this case the VIN itself is not the encryption key, but rather they have a secret list of unique keys which get assigned to each vehicle, which is not a bad thing I guess if it means the key and the car can both keep track of how many times they've spoken to each other.
5-6 hours parked in one place cracking a car's ignition kill is a long time for a car thief. All kinds of stuff could happen and all kinds of people could see you and mention you to a parking attendant/cop/local security guard during that time. Not to mention you could be 3/4 the way through cracking the encryption when the owner can come outside and drive off to the grocery store or something.
I could see this being useful for stealing a very expensive car that you know is parked in a private garage or something while the owner is out of town/gone for the night, but I don't know if you will see this used to steal the average person's ride.
Trade your 'posh' car in for a bike and a bus pass.
Or live in the city and get a 'city' car that has the requisite number of bumps and dings as not to win a beauty prize, yet can be driven in all sorts of weather. (Oh that's right. It usually doesn't snow in the UK like it does in the Midwest of the US. ;-)
most crypto algorithms are known. the key to them is the key. of course there are week algorithms and using the vin as the key is just stupid. hiding the algorithm is just an extra layer. knowing the key used for one car should not help with the next. again shorter keys will be easier to brute force as technology moves on, but then fob tech will move on.
I predict: In no sooner than ten years' time, they'll finally upgrade to 128-bit encryption - at five times the cost to the consumer, then portraying that necessary feature on the item, as if it had attributed any kind of "value added" quality to the basic, essentially dysfunctional model.
For marketers, I suppose, ignorance really may resemble bliss. What a happy game....
Moticed increased number of cars stolen, so geek presumes it's due to crytography.
Bollocks.
Increased number of cars stolen = Number of house broken to steal keys (this has seen a huge increase in recent years) / handbag snatches / picked pockets.
It' s far easy to get a stick with a hook on to take the keys through the letterbox than spend 6 hours craking a code. Or simply force you way in when with wifey with stupid size 4x4 answers door (we know someone this happened to.)
Bear in mind average car thief != Code cracking geek.
But many immobilisers have another method to defeat bruit force attacks, they stop listening after a set number of incorrect attempts.
This technique is obviously not applicable to real time IT application communication, but in a car it's not a major problem.
If an immobiliser "sleeps" for 10 seconds after 5 incorrect attempts it reduces the brute force rate significantly. 1800 an hour, which doesn't even cover the possible permutations of a 10 bit key, let alone a 40 bit key which would last longer than the car!
I think some may be confusing remote unlocking with immobiliser technology. Remote unlock usually has a range of 10 - 50 meters whereas modern immobiliser tech has a range in the region of 10 cm.
The immobiliser uses a small, passive radio frequency device (for simplity I'll refer to this as RFID) in the keyfob and the appropriate tranceiver in the ignition barrel.
Attacks can involve; stealing the key and cloning the RFID chip (although the crim may as well just use the key to drive the car away); or using brute force against the encrytion used by the system..
The brute force attack has been made significantly easier by the trend towards storing service information in the keyfob. Once a valid RFID tag is determined, the car ECU transmits mileage and other service parameters back to the keyfob, immediately confirming that the correct private key has been guessed and shortening the total time required to complete a brute force attack.
As is often the case, it's a combination of factors that has lead to the fail. I think it's a bit alarmist to say "you might as well leave your car unlocked" - the attacker still needs physical access to the car.
Merry Christmas.
...built in via the rear view mirror as an additional measure? Finger print ID etc should be easy to install, approx weight of driver even easier. Go ahead, steal my keys, but unless you're a fat bald ugly git you can't have my motor.
Insurance companies would love to have a photo of the driver stashed in a black box for every claim.
Why only go as far as 128-bit AES? If you need it to be secure,go for REALLY secure. Compare the expected life span of the car to the progress of CPU speeds required to crack the encryption.
Retinal scanner might be next on the list, but I don't want my eyeball gauged out, stuck on a pencil then discarded in a pile of quarter-light glass on the pavement.
When I was buying my first car, one of the options was an "immobiliser" that was a switch under the dashboard. Which is fine as a DIY job, but not if it's considered a serious deterrent (if you're hotwiring the ignition, you'll be down there anyway). If I could be bothered I'd remove a spark plug, but I go with the "this car isn't worth anything and it's full of empty drinks cans and greasy bags my lunch came in" approach (not that this stopped someone removing a number plate - although they may have been going to nick the car, but since the reason it was parked there was that the engine mountings had broken...)
A friend had his bright purple with tiger-print seat covers Corsa nicked for a ram raid. There's no accounting for taste. That said, these people aren't bright - someone one knackered both front door locks and the boot, and broke the plastic surround for the rear window, while thinking about nicking a portable TV from my car. What was wrong with breaking a damn window, or opening the door with the traditional coathanger, I don't know. Personally, I'm inclined to install a pneumatic spike under the driver's seat, wired via a timer to the ignition, and see whether the thief notices the timer switch. Mind you, it might require some cleaning afterwards.
Couple of things:
If someone wants to steal something, they will. Many but not all thieves want a quick and easy, low risk payoff.
I'm not at all surprised that someone managed to figure out how the system works and develop an exploit. It would be interesting to hear the answers to some of the questions posed by people here--particularly the one about "does it take that long for every car or is it faster once it's been figured out".
If you get enough people to look at something, or you get the *right* person to look at something...and it's all over.
The world's a large place, with lots of people. No one can think of everything. I don't know why companies continue to persist with the belief that their limited staff of engineers--while no doubt intelligent, at least some of the time--are going to think of everything or come up with something that compares well to more "public" cryptography systems like AES. It's been proven time and again that this simply isn't so.
Engineering answers the questions that people were asking at the time something was designed. Good engineering might go a litte further than that, but the pressure to build things cheaper or get them out faster tends to put a damper on that. The problem here is that the questions change over time and the engineering that went into a twenty year old car computer hasn't and is unlikely to change in response. I think it safe to say that the average car computer, its microcontroller and programming all live in a safe, closed world where it isn't (or at least has not) been necessary to expect the sudden arrival of seriously unexpected conditions or even explotation. If you were to look for exploitable conditions and security issues, I'm sure you would soon realize that the situation is pretty dire because those things were considered unlikely to be problems.
Finally, even modern cars that people complain about being "unserviceable" (a claim that's not entirely true or that holds up particularly well when you understand what is going on) still work on the same basic principles that older, more "approachable" cars did...they still have fuel systems, batteries with which to start from, electrical centers with labeled fuses and relays, or even spark plugs and high voltage wiring that is readily identified if you know anything about an engine.
With most cars, it's quite easy to open a fuse panel and pull the fuel pump or starter relay...or something a little more devious that leaves the vehicle lacking a particular function, like lights or instrument panel. Many times they're even clearly labeled. This won't stop a determined thief (see above) but it will make things more difficult to the casual thief and very probably increase the time required to steal the car, which can increase the risk of being caught or at least asked questions. A car driving around without headlights at night is also more likely to be stopped and the driver questioned.
Or just take the battery with you, although it might be a bit heavy and sloppy. ;-)