Feeds

Wikipedia-reading boffins jimmy keyless door to entire universe

Your car, your garage, and your office unlocked

High performance access to file storage

Armed with the master key, the researchers move to the second step, which involves eavesdropping on the targeted access device as it communicates via RFID with a remote control key. This can be done from a distance of 100 meters or more and requires the capture of just two messages.

By plugging the intercepted message data into a laptop and analyzing it, the researchers are able to obtain the unique key that the remote device uses to communicate with the access reader. The key can then be loaded onto a blank remote. Because of the speed and distance allowed in an attack, targets would likely have no idea their garage door opener or RFID-based car key had just been cloned.

"There are no fingerprints or other traces left," Kasper said. "That's the funny thing about the attack."

The demonstration is separate from a Keeloq hack that went public last summer. That method took closer to a day to crack the device key and required close proximity to the remote. Microchip later labeled the attack "theoretical," and said the technique wouldn't be effective in real-world scenarios.

The new research follows by a few months the cracking of encryption in the widely used Mifare Classic smartcard, which is used around the world to control access subways, military installations and other restricted areas. In both cases, the companies relied on proprietary algorithms that ultimately were found to produce cryptographically weak output.

Kasper said the Keeloq is used in more than 90 per cent of the world's garage door openers and in many devices for controling access to buildings. The device uses a 64-bit encryption key, a length that makes a brute force attack impractical, if not impossible, in real-world situations. It also employs what's known alternately as hopping code and rolling code, which requires a new authentication code each session. That prevents attackers from gaining unauthorized access by capturing old output and retransmitting it to the reader.

"The lesson is that manufacturers definitely have to apply appropriate encryption in their devices and protect the encryption against side-channel attacks," Kasper said. "This is not only a topic that applies to garage door openers and car alarms; it applies to all kinds of RFID applications, all kinds of access systems. It has to be appropriately secured." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.