Feeds

Wikipedia-reading boffins jimmy keyless door to entire universe

Your car, your garage, and your office unlocked

High performance access to file storage

Armed with the master key, the researchers move to the second step, which involves eavesdropping on the targeted access device as it communicates via RFID with a remote control key. This can be done from a distance of 100 meters or more and requires the capture of just two messages.

By plugging the intercepted message data into a laptop and analyzing it, the researchers are able to obtain the unique key that the remote device uses to communicate with the access reader. The key can then be loaded onto a blank remote. Because of the speed and distance allowed in an attack, targets would likely have no idea their garage door opener or RFID-based car key had just been cloned.

"There are no fingerprints or other traces left," Kasper said. "That's the funny thing about the attack."

The demonstration is separate from a Keeloq hack that went public last summer. That method took closer to a day to crack the device key and required close proximity to the remote. Microchip later labeled the attack "theoretical," and said the technique wouldn't be effective in real-world scenarios.

The new research follows by a few months the cracking of encryption in the widely used Mifare Classic smartcard, which is used around the world to control access subways, military installations and other restricted areas. In both cases, the companies relied on proprietary algorithms that ultimately were found to produce cryptographically weak output.

Kasper said the Keeloq is used in more than 90 per cent of the world's garage door openers and in many devices for controling access to buildings. The device uses a 64-bit encryption key, a length that makes a brute force attack impractical, if not impossible, in real-world situations. It also employs what's known alternately as hopping code and rolling code, which requires a new authentication code each session. That prevents attackers from gaining unauthorized access by capturing old output and retransmitting it to the reader.

"The lesson is that manufacturers definitely have to apply appropriate encryption in their devices and protect the encryption against side-channel attacks," Kasper said. "This is not only a topic that applies to garage door openers and car alarms; it applies to all kinds of RFID applications, all kinds of access systems. It has to be appropriately secured." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.