equipment costs

ok, so for around "$3,000" in equipment (what's that in real money? probably down to £50 by now?) you can have an attack that lets you sit around some types of vehicle, wait for someone to open their car, then do some analysis of the data, and then next time they leave their car there you can come back and get in, sounds like a good investment

however personally i would go for the even smarter investment, around £5 can get you a hammer, which can gain you instant access to any type of vehicle, no waiting around, no wondering if that vehicle is vulnerable to your snooping or not, you just walk up to the car, use your vehicle entry device, and get instant access - as an added bonus the hammer can also be used as a weapon if the vehicles owner should catch you in the act - and that's not all, buy now and your hammer comes complete with the ability to control construction equipment such as "the nail", this is a limited time offer so buy now to avoid being disappointed

you know where the smart money is...

So what?

Good old mechanical vehicle/garage locks have been "cracked" since the beginning of locksmithing. That does not mean that all cars get pinched.

Locking a vehicle or building just sets a barrier to entry: effort/risk/cost vs payback. When you lock a car you just make it a bit harder to steal and the crim will hopefully steal some other car or not bother that night.

Cracking Keeloq just changes the payback curve. Buying a few $K of fancy kit plus doing fancy sums is still beyond what the average thief is prepared to do.

Hammer Time?

I thought a spark plug was the preferred tool for busting into cars.

Garage door = entry to houses.

Most people with an automatic garage door also have a door from the garage into the house. And 99% of people will leave that unlocked, since no one can open the garage door anyway, right?

It wouldn't be hard to imagine an organised burglary group implementing this. It'd make getting in easier and less obvious to neighbours. If the owner is out, then they'd even be able to park a ute in the garage and load up undetected.

Of course an alarm system foils that, but there'd be tonnes of suburban houses that have remote garage doors and no alarm.

As for the spelling of the base metric distance unit... metres is the correct spelling, and US spelling is pointless if the US residents refuse to use them.

One time pads now practical

With flash being so cheap, one time pads are now practical (shared key sequences of random numbers).

You could generate a true random sequence of keys, burn them into both car and key) and use that.

8 bytes per key, say you open the door 1000 times a year, an 8Mb flash would last 1000 years before reusing the sequence.

Don't these guys know the basics?

Kerckhoffs' principle, presented in 1883.

If this system depends on the algorithm being a secret, it's improperly designed.

Re: One time pads now practical

"...before reusing the sequence"

Just to nit-pick, isn't the idea of a one-time pad that it is used only once?

You wouldn't use this to steal just ONE car...

You'd arrive early and park near a large lawyers/bankers/rich bastards' office and clone about twenty keys as people arrive in the morning. The next day, a bunch of people with caps pulled low for the cameras calmly walk in and drive off with a lot of very expensive cars.

To much work for your average herbert, but a reasonable return on your investment if you choose the right target.

@Dan Goodin

Surely you mean "french yard" ... after all you insist on using "english pint" (for something that isn't!)

re: One time pads now practical

Actually, I thought that was how they worked. I remember reading an article about the technology: they had an overlap so you could press the key button a few times without getting out of sync with the car even if you were out of range; if you pressed it 50 times or so, it would stop working.

Ramifications

Several correspondents argue that this is not that useful or easily used security hole, e.g. Mike points out this is "an attack that lets you sit around some types of vehicle, wait for someone to open their car, then do some analysis of the data, and then next time they leave their car there you can come back and get in". Doesn't the article say that once you crack it you can do it for any *model*?

So you while away a few hours in a Tesco car park after which you can open *any* Ford Focus/Honda Accord/generic Toyota... sounds alright to me.

Ute

Is that a good looking female sheep, about a metre long?

So $300, or €80 to break into a lot of cars without damage or being too suspicious. Sounds like a good investment if you're that way inclined. Especially as the price will fall if it's worked on a bit more.

My cars a Fiat so the remote never works anyway............

Serves them right for being so greedy

When I were a lad your car key was made of one slim piece of metal and if you lost it you had another one cut for 2/6d. Now it's a chunky lump of plastic and a new one costs 200 quid. You're over a barrel too if you want to get back into your motor. I hope someone does flog off cheap replacements that you can reprogram yourself.

@AC

Why would you cycle to the next key if there was no response from the car at all? That just causes problems.

re: One time pads now practical

Cars come with two keys, so would they have separate sequences, or try and sync up somehow? I guess they'd go for separate. It would mean if you lost a key, the stealership would just need to reprogram the car's part for a new key - or more likely open up some module and replace the corresponding chip/board for the new one - pretty expensive, but then people shouldn't lose keys!

@AC (American language pedant)

Aluminium is actually pronounced aluminum; the boffins (a phrase popular with El Reg) some time ago decided that the name didn't look right on the periodic table next to Plutonium, Caesium, Francium, and other elements. They decided to add the extra "i" to make it look pretty.

http://periodic.lanl.gov/elements/13.html

"...requires....specialized skills..."

So does cracking the encryption on a DVD: <click-click>

My car fob only reaches about 10 feet, so I'll keep an eye out for hackers with laptops leaning on my motor's bonnet.

@Ash - aluminium

that article you link to states the following:

"Davy proposed the name aluminum for the metal and later agreed to change it to aluminum. Shortly thereafter, the name aluminum was adopted to conform with the "ium" ending of most elements, and this spelling is now in use elsewhere in the world"

which makes no sense at all - they've spelt it wrong there somewhere, but which one?

and anyway - the point is not the pronouciation of the end of the word, it's the begining bit that the sceptics have trouble with. it's not aloo-minum, it's al-u-min-um(ium whichever)

@JeffyPooh

<<My car fob only reaches about 10 feet, so I'll keep an eye out for hackers with laptops leaning on my motor's bonnet.>>

But, I bet your motor doesn't use a Yagi/high-gain/Pringles antenna to pick up the signal....

....we really need a "bleeding obvious" icon....

interesting

Can anybody think of a reason why my alarm refuses to set near the police station?! Not that I think anybody would steal my 10 year old brick.

somebody

must've watched "Gone in 60 Seconds" too many times. The "new" version and the original.

Social engineering cracks thru fancy encoded key security for cars as well as passwords for PC's.

As for the hammer guys, there's an even easier (lazier) way to get thru even the most advanced auto security, deployed by west coast and east coast "gangstas" for years: the carjacking. Let the owner disable the security system then threaten to kill them if they don't get out of the car. Modern variations by "undocumented" gangs on the West Coast includes shooting them even after they get out of the car just to prove brutality.

@AC - One Time Pad

If you use a one-time-pad more than once, it isn't a one-time pad.

@Chewy

Yep - I have similar problem with my >10 year old motor. Under certain circumstances, when parked in particular locations, the "lock" button refuses to work. Move ten metres (or is that meters.. hehe!), and it works fine. Personally, I suspect that it is Wi Fi networks interfering with my key / receiver.

As regards the original article / exploit: I imagine this will be very useful to organised cirminals trying to gain access to large properties / expensive cars, but not much use to anybody else. Anything that requires the villian to hang around with a few kilos of electronic equipment just in order to clone the key is going to be worthless to the average car thief or burglar: they can just break a window. I imagine that the manufacturers of high end home security systems and executive motors are already using security far more sophisticated than this, so this makes this discovery a non-problem.

Nice to see boffins are still doing their jobs well but personally, I'm still more worried about some scally smashing my window for my radio, than some techie sitting in the bushes with a laptop.

@@ Chewy

There is a strong suspicion that the new Police Tetra radio system can upset car door locks and fancy ignition systems if set up carelessly.

There is probably a Tetra base station at your Police Station.

I don't think I would want a car that unlocked/locked depending on the proximity of a keyfob. I suspect I would soon have a flat battery and worn out locking mechanism, as it is parked just outside the window!

Old school

People don't use these kinds of locks because they don't want their car stolen. They use them because they think they're cool. To prevent theft of your car, you pull a spark plug wire when you leave it. If you're really serious, pull the fuel line too. That worked in the old days and I'm sure it works even better nowadays when everybody is a nerd and nobody is a mechanic.

But what will be particularly annoying...

...will be to come back to an emptied car, then have the insurance company monkey tell you that in the absence of any signs of forced entry, it can only be that you forgot to lock it, so it's not their problem.