Car Key Codes Cracked

[Laminge]

Quote:

Car key code cracked
Brian Witte in Baltimore
JANUARY 31, 2005

RESEARCHERS have found a way to crack the code used in millions of car keys, a development that could allow thieves to bypass the security systems on newer car models.

The research team at Johns Hopkins University said it discovered that the "immobiliser" security system developed by Texas Instruments could be cracked using a "relatively inexpensive electronic device" that acquires information hidden in the microchips that make the system work.
The radio-frequency security system being used in more than 150 million new Fords, Toyotas and Nissans involves a transponder chip embedded in the key and a reader inside the car. If the reader does not recognise the transponder, the car will not start, even if the key inserted in the ignition is the correct one.

It's similar to the new petrol purchase system being used in the US in which a reader inside the pump is able to recognise a small key-chain tag when the tag is waved in front of it. The transaction is then charged to the tag owner's credit card.

Researchers said they were also able to crack the petrol tag code.

"We stole our own car, and we bought gas stealing from our own credit card," said Avi Rubin, a professor of computer science at Johns Hopkins who led the research team.

Texas Instruments was recently given demonstrations of the team's code cracking capabilities, but the company maintains its system is secure.

The hardware used to crack the codes is cumbersome, expensive and not practical for common thieves, Texas Instruments business manager Tony Sabetti said.

"I think the way in which it's presented as being inexpensive to do and quick and all the rest of that is an exaggeration," Mr Sabetti said. "And because of that, we believe the technology still is extremely secure for the applications that it's used in."

But Professor Rubin said the code-breaking demonstrations illustrated that developers did not pay enough attention to security.

"I think the implications are that it sets us back about 10 years ago where we were with car security," Mr Rubin said.

In the seven years the technology has been in use, Texas Instruments has never had a reported incident where a car has been stolen or a gasoline-purchasing tag has been duplicated, company spokesman Bill Allen said.

The Johns Hopkins team, which was funded by RSA Security, recommended distributing free metallic sheaths to cover the radio frequency devices when they are not being used.

The Associated Press

Obviously in the states, but how long before it hits here?