Feeds

Crypto boffins break car cypher

Gone in 24 hours

Beginner's guide to SSL certificates

Cryptographic researchers have identified a practical attack against the KeeLoq car anti-theft cypher. KeeLoq serves as the cryptographic underpinning of several car anti-theft mechanisms distributed by Microchip Technology.

The technology is used in a wide variety of car remote controls from manufacturers including Chrysler, Daewoo, Fiat, General Motors, Honda, Jaguar, Toyota, Volvo, and Volkswagen.

Each device has a unique key that has up to 18 billion billion combinations, though in practice a much lower key space is used. Nonetheless, the hardware-dedicated block cypher used in KeeLoq was thought to be secure.

But a team of security researchers from Belgium and Israel has developed a technique to identify the key in less than a day. The technique requires close proximity to an intended mark's key for about an hour, during which time the key is "probed". Data from this operation is then analysed for clues that allow the researchers to identify the unique key associated with a device.

Thereafter, a counterfeit remote control might be built. "Once we have found the key, we can deactivate the alarm and drive away with your car," the researchers claim.

It's probably wiser to worry about the likes of Chris the Crafty Cockney rather than carjacking cryptographers, of course. It's far easier to capture the code used by a target when he opens his car and then replay it, rather than getting into all this complicated code breaking stuff.

Nonetheless, the research underlines a previously unidentified avenue of attack against widely-used car anti-theft mechanisms, as well as showing that KeeLoq isn't as secure as people previously thought.

The research was the work of three groups from the computer science department of Technion in Israel, the research group COSIC of the Katholieke Universiteit of Leuven in Belgium, and the maths department of the Hebrew University in Israel. A talk on the research (pdf slides here) was presented at the recent Crypto 2007 conference. ®

Remote control for virtualized desktops

More from The Register

next story
Antarctic ice THICKER than first feared – penguin-bot boffins
Robo-sub scans freezing waters, rocks warming models
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Your PHONE is slowly KILLING YOU
Doctors find new Digitillnesses - 'text neck' and 'telepressure'
Reuse the Force, Luke: SpaceX's Elon Musk reveals X-WING designs
And a floating carrier for recyclable rockets
Britain's HUMAN DNA-strewing Moon mission rakes in £200k
3 days, and Kickstarter moves lander 37% nearer takeoff
Bond villains lament as Wicked Lasers withdraw death ray
Want to arm that shark? Better get in there quick
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.