Gone in 60 seconds--the high-tech version
By Robert Vamosi
Senior editor, CNET Reviews
May 5, 2006
Let's say you just bought a
Mercedes S550, a state-of-the-art, high-tech vehicle with an
antitheft keyless ignition system. After pulling into a Starbucks to
celebrate with a grande latte and a scone while checking your
messages on a BlackBerry, a man in a T-shirt and jeans with a laptop
sits next to you and starts up a friendly conversation: "Is that the
S550? How do you like it so far?" Eager to share, you converse for a
few minutes, then the man thanks you and is gone. A moment later you
look up to discover your new Mercedes is gone as well. Now,
decrypting one 40-bit code sequence can not only disengage the
security system and unlock the doors, it can also start the car--making
the hack tempting for thieves. The owner of the code is now the true
owner of the car. And while high-end, high-tech auto thefts like
this are more common in Europe today, they will soon start happening
in America. The sad thing is that manufacturers of keyless devices
don't seem to care.
Antitheft systems get
more sophisticated
Wireless or contactless devices in cars are not new.
Remote keyless entry systems, those black fobs we all have
dangling next to our car keys, have been around for years. While
still a few feet away from a car, the fobs can disengage the auto
alarm and unlock the doors; they can even activate the car's panic
alarm in an emergency. First introduced in the 1980s, modern remote
keyless entry systems use a circuit board, a coded Radio-Frequency
Identification (RFID) technology chip, a battery, and a small
antenna; the latter two designed so that the fob can broadcast to a
car while it's still several feet away. The RFID chip in the key fob
contains a select set of codes designed to work with a given car.
These codes are rolling 40-bit strings, meaning that with each use,
the code changes slightly, creating about 1 trillion possible
combinations in total. When you push the unlock button, the keyfob
sends a 40-bit code along with an instruction to unlock the car
doors; if the synced-up car receiver gets the 40-bit code it is
expecting, the car performs the instruction. If not, car does not
respond.
A second antitheft RFID use is for remote vehicle immobilizers.
These are tiny chips embedded inside the plastic head of the
ignition keys, and they are used in more than 150 million vehicles
today. Improper use prevents the car's fuel pump from operating
correctly. Unless the driver has the correct key chip installed, the
car will run out of fuel a few blocks from the attempted theft. (That's
why valet keys don't have the chips installed; valets need to drive
the car only short distances.) One estimate suggests that since
their introduction in the late 1990s, vehicle immobilizers have
resulted in a 90 percent decrease in auto thefts nationwide.
But can this system be
defeated? Yes
Like vehicle immobilization,
keyless ignition systems work only in the presence of the proper
chip. Unlike remote keyless entry systems, keyless ignition systems
are passive, don't require a battery, and have much shorter ranges (usually
six feet or less); instead of sending a signal, the keyless ignition
system relies on a signal emitted from the car itself. Keyless
ignition systems allow you the convenience of starting your car with
the touch of a button without removing the chip from your pocket or
purse or backpack.
Given that the car is more or less broadcasting its code and
looking for a response, it seems possible that a thief could try
different codes and see what the responses are. Last fall the
authors of a
study from Johns Hopkins University and the security firm RSA
used a laptop equipped with a microreader. They were able to capture
the code sequence, decrypt it, then disengage the alarm and unlock
and start a 2005 Ford Escape SUV without the key; they even provided
an online
video of their "car theft." But if you think that such a hack
might occur only in a pristine academic environment, with the right
equipment, you're wrong.
Real-world examples
Meet
Radko Soucek, a 32-year-old car thief from the Czech Republic.
Using a laptop and a reader, he is alleged to have stolen several
expensive cars in and around Prague. Soucek is not new to auto theft;
he has been stealing cars since he was 11 years old, but he recently
turned high-tech when he realized how easily it could be done.
Ironically, what led to his downfall was his own laptop, which holds
evidence of all his past encryption attempts. With a database of
successful encryption strings already stored on his hard drive, he's
now able to crack cars he's never seen before in a relatively short
amount of time.
And Soucek isn't an isolated example. Recently, soccer player
David Beckham had not one but two custom-designed
BMW X5 SUVs stolen, the most recent theft occurred in Madrid,
Spain. Police believe an auto theft gang using software instead of
hardware pinched both of Beckham's BMWs.
Gone in…a few minutes?
How a keyless car gets stolen isn't exactly a state secret; much of
the required knowledge is Basic Encryption 101. The authors of the
Johns Hopkins/RSA study needed only to capture two
challenge-and-response pairs from their intended target before
cracking the encryption. In an example from the paper, they wanted
to see if they could swipe the passive code off the keyless ignition
device itself. To do so, the authors simulated a car's ignition
system (the RFID reader) on a laptop. By sitting close to someone
with a keyless ignition device in their pocket, the authors were
able to perform several scans in less than one second without the
victim knowing. They then began decrypting the sampled
challenge-response pairs. Using brute-force attack techniques, the
researchers had the laptop try different combinations of symbols
until they found combinations that matched. Once they had the
matching codes, they could then predict the sequence and were soon
able to gain entrance to the target car and start it.
In the case of David Beckham, police think that the criminals
waited until he left his car, then proceeded to use a brute-force
attack until the car was disarmed, unlocked, and stolen.
Hear no evil, speak no evil
To remediate these hacks, the authors of the Johns Hopkins/RSA study
suggest that the RFID industry move away from the relatively simple
40-bit encryption technology now in use and adopt a more established
encryption standard such as the 128-bit Advanced Encryption Standard
(AES). The longer the encryption code, the harder it is to crack.
The authors do concede that this change would require a higher power
consumption and therefore might be harder to implement, nor would it
be backward compatible with all the 40-bit ignition systems already
available. The authors also suggest that car owners wrap their
keyless ignition fobs in tin foil when not in use to prevent active
scanning attacks, and that automobile manufacturers place a
protective cylinder around the ignition slot. This latter step would
limit the RFID broadcast range and make it harder for someone
outside the car to eavesdrop on the code sequence.
Unfortunately, the companies making RFID systems for cars don't
think there's a problem. The 17th annual CardTechSecureTech
conference took place this past week in San Francisco, and I had an
opportunity to talk with a handful of RFID vendors; none wanted to
be quoted nor would any talk about 128-bit AES encryption replacing
the current 40-bit code anytime soon. Few were familiar with the
Johns Hopkins/RSA study I cited, and even fewer knew about keyless
ignition cars being stolen in Europe. Even
Consumer Reports acknowledges that keyless ignition systems
might not be secure for prime time, yet the RFID industry adamantly
continues to whistle its happy little tune. Until changes are made
in the keyless systems, my next car will definitely have an ignition
key that can't be copied by a laptop.
Would you purchase or trust a
keyless ignition system on a new car?
|
|
