Do you think that stealing cars is something that can be done only by humans? No, you are very wrong! A laptop is a real danger to your new fancy car! Is a metter of o few seconds to steal a car using a laptop, no minutes or hours, just seconds. Imagine this: you go to buy a cofee and when you came back no more car, and you didn’t heard anything: no screaming, no alarm security, nothing, just that your car is not there anymore...
High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key - mechanical or otherwise - to start the engine, so-called ‘keyless’ setups require only the presence of a key fob to start the engine.
How is it done?
Force the window open abit, unlock the door, lock the door, pop the hood, disconnect the car battery (new cars dont have backup battery- only aftermark alarms such as DEI/Clifford comes with backup battery) find the ignition cable (usually the red cable)thats it u just bypass everything and if it doesnt work then u have more time to find the alarm which is always under the dash and bamm done gone in 15seconds.
Decrypting one 40-bit code sequence can not only disengage the security system and unlock the doors, it can also start the car—making the hack tempting for thieves. The owner of the code is now the true owner of the car. And while high-end, high-tech auto thefts like this are more common in Europe today, they will soon start happening in America. The sad thing is that manufacturers of keyless devices don’t seem to care.
Sophisticated Antitheft systems
Wireless or contactless devices in cars are not new. Remote keyless entry systems, those black fobs we all have dangling next to our car keys, have been around for years. While still a few feet away from a car, the fobs can disengage the auto alarm and unlock the doors; they can even activate the car’s panic alarm in an emergency.
A real good anti-theft immobilizer system based on Radio Frequency Identification (RFID) technology from manufacturers is TI-RFid™. First introduced to the European market in 1993, immobilizer systems became mandatory equipment on all new vehicles sold in Europe starting in 1995. With theft rates of immobilizer-equipped vehicles dropping by 90% in 1997 *, immobilizer systems have become the most effective option in automotive security available.
Following this success, factory and aftermarket immobilizer systems are now featured on many models sold throughout North America including Chrysler, Ford, Hyundai , Mitsubishi , Nissan , Suzuki , and Toyota . In 1999 alone, more than 12 models came equipped with immobilizer-based security systems including - the Ford Windstar, Contour, and Crown Victoria; Jeep Grand Cherokee; Nissan Pathfinder ; Toyota Landcruiser and 4Runner; Dodge Neon; Plymouth Breeze; Lincoln Continental and Town Car; and the Mercury Marquis.
The heart of an immobilizer system is a tiny electronic device, called a transponder, which is embedded into the vehicle’s ignition key. The transponder contains a unique and unalterable identification code that corresponds to that particular vehicle.
Every time the key is inserted into the ignition, a radio frequency (RF) reader located in the steering column is triggered. The reader is comprised of a small antenna integrated with the ignition switch and the steering lock cylinder, and a transceiver, which is connected to a control module in the engine’s central computer. The computer controls vital automotive functions, such as the ignition and fuel supply circuits.
As the ignition is turned, the reader is activated and sends out a wireless signal to the transponder. The signal powers up the transponder’s capacitor, allowing it to transmit its unique code back to the reader. The code is then sent to the control module, which compares it to the code stored in its memory. If the two codes match, and the appropriate additional security challenges are passed (depending upon the type of transponder featured in the immobilizer system), the control module enables the engine’s computer or the fuel pump relays. If the codes do not match, an alarm indicator will show and the engine will not start, rendering the vehicle impossible to drive until the proper key is inserted for ignition.
To steal in a few seconds...
How a keyless car gets stolen isn’t exactly a state secret; much of the required knowledge is Basic Encryption 101. The authors of the Johns Hopkins/RSA study needed only to capture two challenge-and-response pairs from their intended target before cracking the encryption. In an example from the paper, they wanted to see if they could swipe the passive code off the keyless ignition device itself. To do so, the authors simulated a car’s ignition system (the RFID reader) on a laptop. By sitting close to someone with a keyless ignition device in their pocket, the authors were able to perform several scans in less than one second without the victim knowing. They then began decrypting the sampled challenge-response pairs. Using brute-force attack techniques, the researchers had the laptop try different combinations of symbols until they found combinations that matched. Once they had the matching codes, they could then predict the sequence and were soon able to gain entrance to the target car and start it.
How to remediate...
The RFID industry move away from the relatively simple 40-bit encryption technology now in use and adopt a more established encryption standard such as the 128-bit Advanced Encryption Standard (AES). The longer the encryption code, the harder it is to crack. The authors do concede that this change would require a higher power consumption and therefore might be harder to implement, nor would it be backward compatible with all the 40-bit ignition systems already available. The authors also suggest that car owners wrap their keyless ignition fobs in tin foil when not in use to prevent active scanning attacks, and that automobile manufacturers place a protective cylinder around the ignition slot. This latter step would limit the RFID broadcast range and make it harder for someone outside the car to eavesdrop on the code sequence.
Unfortunately, the companies making RFID systems for cars don’t think there’s a problem. The 17th annual CardTechSecureTech conference took place this past week in San Francisco, and I had an opportunity to talk with a handful of RFID vendors; none wanted to be quoted nor would any talk about 128-bit AES encryption replacing the current 40-bit code anytime soon. Few were familiar with the Johns Hopkins/RSA study I cited, and even fewer knew about keyless ignition cars being stolen in Europe. Even Consumer Reports acknowledges that keyless ignition systems might not be secure for prime time, yet the RFID industry adamantly continues to whistle its happy little tune. Until changes are made in the keyless systems, my next car will definitely have an ignition key that can’t be copied by a laptop.