Feeds

Crypto boffins break car cypher

Gone in 24 hours

Providing a secure and efficient Helpdesk

Cryptographic researchers have identified a practical attack against the KeeLoq car anti-theft cypher. KeeLoq serves as the cryptographic underpinning of several car anti-theft mechanisms distributed by Microchip Technology.

The technology is used in a wide variety of car remote controls from manufacturers including Chrysler, Daewoo, Fiat, General Motors, Honda, Jaguar, Toyota, Volvo, and Volkswagen.

Each device has a unique key that has up to 18 billion billion combinations, though in practice a much lower key space is used. Nonetheless, the hardware-dedicated block cypher used in KeeLoq was thought to be secure.

But a team of security researchers from Belgium and Israel has developed a technique to identify the key in less than a day. The technique requires close proximity to an intended mark's key for about an hour, during which time the key is "probed". Data from this operation is then analysed for clues that allow the researchers to identify the unique key associated with a device.

Thereafter, a counterfeit remote control might be built. "Once we have found the key, we can deactivate the alarm and drive away with your car," the researchers claim.

It's probably wiser to worry about the likes of Chris the Crafty Cockney rather than carjacking cryptographers, of course. It's far easier to capture the code used by a target when he opens his car and then replay it, rather than getting into all this complicated code breaking stuff.

Nonetheless, the research underlines a previously unidentified avenue of attack against widely-used car anti-theft mechanisms, as well as showing that KeeLoq isn't as secure as people previously thought.

The research was the work of three groups from the computer science department of Technion in Israel, the research group COSIC of the Katholieke Universiteit of Leuven in Belgium, and the maths department of the Hebrew University in Israel. A talk on the research (pdf slides here) was presented at the recent Crypto 2007 conference. ®

Internet Security Threat Report 2014

More from The Register

next story
MARS NEEDS WOMEN, claims NASA pseudo 'naut: They eat less
'Some might find this idea offensive' boffin admits
LOHAN crash lands on CNN
Overflies Die Welt en route to lively US news vid
Comet Siding Spring revealed as flying molehill
Hiding from this space pimple isn't going to do humanity's reputation any good
Experts brand LOHAN's squeaky-clean box
Phytosanitary treatment renders Vulture 2 crate fit for export
No sail: NASA spikes Sunjammer
'Solar sail' demonstrator project binned
Carry On Cosmonaut: Willful Child is a poor taste Star Trek parody
Cringeworthy, crude and crass jokes abound in Steven Erikson’s sci-fi debut
Origins of SEXUAL INTERCOURSE fished out of SCOTTISH LAKE
Fossil find proves it first happened 385 million years ago
Human spacecraft dodge COMET CHUNKS pelting off Mars
Odyssey orbiter yet to report, though - comet's trailing trash poses new threat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.