We keep talking about the ultra-modern gadgets ensuring uber safety for our cars but one aspect which cannot be left untouched when talking on this issue is the precision with which the code hackers debar all possible coding(s) ultimately running away with your beloved saloon. If ever proactiveness is practiced at its best, it’s these hackers who use it durably.
A group of Israeli and Belgian researchers have found a weakness in the algorithm which is used to secure anti-theft digital key systems in various vehicles including those made by Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, VW, Clifford, Shurlok, Jaguar, etc. With this information they are able to device an attack to crack the code of anti-theft keys akin to KeeLoq.
KeeLoq is a hardware-dedicated NLFSR-based block cipher used in several car anti-theft mechanisms. The cipher is included in the remote control device which is used to lock and unlock many vehicles that employ Key-less entry system and digital key system including the keys which are embedded with a chip that transmits a unique digital code. The device can also mobilize or immobilize a vehicle and operates its alarm system.
The KeeLoq technology, which is owned by Microchip Technology to car makers and other entities, was widely believed to be secure. The algorithm used to be a secret, but last year there was a leak about the proprietary information on a Russian hacking website. Since then, the five researchers from the University of Leuven as well as the Hebrew University and the Technion in Israel began researching the system for vulnerabilities. Within a couple of days, the researchers claimed their first attack and then spent months refining their techniques.
The attack requires access to the digital key of one car made by a manufacturer for about an hour. The pollsters say they are able not only to crack the unique code for that specific key but can also determine the key initialization process used to code the digital keys for all of the cars made by that manufacturer. There is one master key from which is derived the key for each a company makes.
The course of action involves probing a digital key wirelessly by sending 65,000 challenges or response queries to it. Once the researchers amass 65,000 responses, they use particular software to decipher that key’s unique code. Once cracked, they know 36 bits of the 64 bits they need to know which are identical for every car model a manufacturer makes.
This clearly doesn’t mean that one could open any car which is the same model of the one he cracked. For that there’s a needs to crack the unique key used to open the other car. Since the 36 bits which are common to all of the keys for one model of car are already known, it takes merely seconds to crack those other keys by sniffing the communication between the digital key and the car. Once a key’s unique code is busted, one can encode it to a chip in a remote device.
Last week, the group of scholars contacted Microchip Technology to report their findings and discussed the answers they found at the Crypto conference. The group has denied any kind of releases of their research publicly until after they heard from Microchip.
Throughout the compilation of this post the only thing which was at the back of my mind was the other tits and pieces of safety devices I keep coming across. So, is all the safety proclamation fake, what good is it when you talk about the devices incorporated in your car over dinner with your friend only to find it missing from the parking lot in the morning. I’ve been led to believe now that my car in not at all safe and until date every related proclamation is fake, when there comes one I’ll let you know, until then, beware for the hackers are around.
[Image]
[Courtesy: Wired]
