Site Ogre, Admin & FFBN Exotic pole dancer :)
Scientists crack security system of millions of cars
University team breaks code of KeeLoq system used by major manufacturers
By James Hamilton
IT'S THE WORST NIGHTMARE OF THE REMOTE-CONTROL AGE - GERMAN SCIENTISTS claim to have cracked the code of the electronic blipper that locks and unlocks cars and garage doors.
The team from Ruhr University says it is now relatively straightforward to clone the remote control devices that act as the electronic keys.
The scientists say they have overcome the KeeLoq security system, which is made by US-based Microchip Technology and is used by Honda, Toyota, Volvo, Volkswagen and other manufacturers to transmit access codes using radio frequency identification technology.
advertisementThe revelation caused consternation among the car makers. Volvo said it took security extremely seriously, but preferred not to comment further until its technical teams were able to look at the scientists' claims to establish whether they could be substantiated. At Volkswagen, a spokeswomen would make no comment. Honda also said it would pass the information to its engineering teams, echoing the view: "We obviously take security very seriously."
If the claims are correct, it could pose a major headache for the car companies, whose keyless entry systems are becoming increasingly more common in their high-end marques.
The research team from Ruhr's Electrical Engineering and Information Sciences Department said the crack applies to all known car and building access control systems that rely on the KeeLoq cipher. It targeted and ultimately cracked its RFID as part of its research in embedded security. "The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters," says professor Christof Paar, head of the communication security group at the department.
Timo Kasper, a PhD student who worked on the research, blamed KeeLoq for keeping the cipher secret. He said: "If they had made it public they would have found out 20 years ago that it's insecure. Now it's a little bit too late, because it's already built into all the garages and cars."
Because most access devices are publicly available, it's not too hard for attackers to get their hands on one to perform the analysis. The hack requires about £1500 worth of equipment and a fair amount of technical skill, but once the unique master key for a particular model is available, it works universally, Kasper said.
Paar's team used various code-breaking technologies to develop several attack variables. The researchers said that the most devastating was the so-called side-channel attack on car keys (or building keys), which can be cloned from a distance of several 100 meters.
Based on the research, an attacker can reveal the secret key for the remote control in under an hour, and the manufacturer key of the corresponding receivers in less than a day.
"Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key and to open your garage or unlock your car," says Paar. "With another malicious attack, a garage door or a car door can be remotely manipulated so that legitimate keys do not work any more. Thus, after the security of the building or car has been breached, the attacker can prevent you from future access."
The scientists said the KeeLoq's security relies on poor key management, in which every key is derived from a master that's stored in the reading device. Moreover, it uses a proprietary algorithm that had already been shown to generate cryptographically-weak output.
That algorithm was kept secret for most of the last 20 years but 18 months ago an entry on Wikipedia published it. The research team almost immediately spotted weaknesses.
Microchip officials have been quiet on the revelations, relying instead on a prepared statement which said: "The paper requires detailed knowledge of the system implementation and a combination of data, specialised skills, equipment and access to various components of a system, which is seldom feasible.
"These theoretical attacks are not unique to the Keeloq system and could be applied to virtually any security system."