How thieves steal keyless ignition system cars
05-06-2006, 02:58 PM
#1
Team Owner
Thread Starter
How thieves steal keyless ignition system cars
Something to think about. It took me less than 5 minutes to find the necessary software online to crack 40 bit encrypted RFID chips. Hardware is another $200... Story below:
http://news.com.com/2100-7349_3-6069...9287&subj=news
http://news.com.com/2100-7349_3-6069...9287&subj=news
05-06-2006, 03:03 PM
#2
Instructor
Member Since: Apr 2005
Posts: 192
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by HyperX
Something to think about. It took me less than 5 minutes to find the necessary software online to crack 40 bit encrypted RFID chips. Hardware is another $200... Story below:
http://news.com.com/2100-7349_3-6069...9287&subj=news
http://news.com.com/2100-7349_3-6069...9287&subj=news
05-06-2006, 03:40 PM
#3
Team Owner
Thread Starter
Originally Posted by ^2fastC6^
Any car can be stolen if someone wants it bad enough. You can have the most advanced security system available and it can still get flat bedded away.
05-06-2006, 04:00 PM
#4
Race Director
You think we move back? Nah, keys where much easier. ANy good thief could break into a key type car in about 30 secs and be motoring down the road. You will never stop the professional and this system is much harder to get into by the amature.
People really need to stop worring about having there car stolen. That is why you carry insurance.
People really need to stop worring about having there car stolen. That is why you carry insurance.
05-06-2006, 04:03 PM
#5
rules
1/ park in as safe a place as U can
2/ don't leave any valuables in the car ( this may even include removing and keeping with you the registration and insurance papers as these might contribute to identity theft
3/ have the car properly insured
4/ don't have many or any expensive mods on the car that the insurance won't pay for
5/ maybe install a lojack?
it's only a car, they steal the one you have you get another.
I wish cars the vette still had a stupid dumb metal key.
Proly this would fix dbs? too much electronics in the car that IMO is not needed
2/ don't leave any valuables in the car ( this may even include removing and keeping with you the registration and insurance papers as these might contribute to identity theft
3/ have the car properly insured
4/ don't have many or any expensive mods on the car that the insurance won't pay for
5/ maybe install a lojack?
it's only a car, they steal the one you have you get another.
I wish cars the vette still had a stupid dumb metal key.
Proly this would fix dbs? too much electronics in the car that IMO is not needed
05-06-2006, 04:18 PM
#6
Originally Posted by TMyers
You think we move back? Nah, keys where much easier. ANy good thief could break into a key type car in about 30 secs and be motoring down the road. You will never stop the professional and this system is much harder to get into by the amature.
People really need to stop worring about having there car stolen. That is why you carry insurance.
People really need to stop worring about having there car stolen. That is why you carry insurance.
100%They have been stealing cars that have keyed ignitions for the better part of a century.
05-06-2006, 04:59 PM
#7
Originally Posted by HyperX
Something to think about. It took me less than 5 minutes to find the necessary software online to crack 40 bit encrypted RFID chips. Hardware is another $200... Story below:
http://news.com.com/2100-7349_3-6069...9287&subj=news
http://news.com.com/2100-7349_3-6069...9287&subj=news
First, the Corvette doesn't use a passive RFID chip, instead the fob contains a battery which powers a circuit similar to a rolling code garage door opener circuit. While there are some similarities to the way RFID systems work, there are also significant differences which render many of the article's statements invalid.
Second, the car doesn't issue a challenge until a door switch or hatch switch has been closed by being grasped by the person trying to gain entry. Unlike BMW or Lexus, the car doesn't continuously broadcast challenges, just being close to the car doesn't activate the system. So in order to try to break into the system, one would need to stand next to the car repeatedly operating a door switch or hatch switch while trying to discover the (changing) patterns of challenge and response necessary for the car to unlock. Even with good encryption breaking software, that would take a long time because of the need for manual mechanical action. In other words, the potential thief has to stand next to the car, fooling with the door for a long time, which is likely to attract attention.
Attacks on a fob are a little more plausible. Low frequency challenges could be issued by custom hacking hardware to the fob without the owner's knowledge. The UHF responses could then be analyzed in an attempt to discover the pattern behind the particular rolling code. These automatic responses, which occur without requiring user actions or knowledge, are the weak point of the system.
Downside for the potential thief is that he has to stay in close proximity to the car's owner (less than 4 feet in order for the fob to detect the low frequency challenges) for an extended period of time to crack the encryption.
Bottom line, I'm much more concerned about thieves with a rollback than I am with a hacker trying to break the rolling code encryption by snuggling up to me in a bar or cafe.
BTW, one of the howlers in that article was about "immobilizers" that don't let the fuel pump run. The author says the thief can then only drive the car a few blocks, and that's why valet keys don't need them. Apparently he's not familiar with automotive fuel injection systems. What he said might possibly have been true in the days of carbs, where there was enough fuel left in the float bowls to start the engine and run it for a short time. But a fuel injected engine won't even start if the pump isn't running to provide fuel pressure, and won't run anyway unless the car's computer is actively providing signals to open and close the injectors, and commanding spark at precise times. That's why hot wiring a modern car won't work. If you can't convince the computer you're authorized, that car simply won't start or run.
05-06-2006, 05:24 PM
#9
Team Owner
Member Since: Jan 2004
Location: Boston MA
Posts: 38,571
Received 595 Likes
on
176 Posts
St. Jude Donor '06-'07-'08 & '12-'13
This does not APPLY to the corvette system!!
I have been working wih RFID for over 3 yrs now wit access control systems and it is only as safe as you set it up
I have been working wih RFID for over 3 yrs now wit access control systems and it is only as safe as you set it up
05-06-2006, 05:25 PM
#10
Race Director
Member Since: Aug 1999
Location: Manhattan, KS Missing SoCal since 2005
Posts: 17,542
Likes: 0
Received 1 Like
on
1 Post
Originally Posted by water boy
As usual, the dog steps in to enlighten us all.
Thanks, you are a vast source of knowledge.
WB
Thanks, you are a vast source of knowledge.
WB
Very good synopsis!
05-06-2006, 05:36 PM
#11
Team Owner
Thread Starter
Originally Posted by burtonbl103
This does not APPLY to the corvette system!!
I have been working wih RFID for over 3 yrs now wit access control systems and it is only as safe as you set it up
I have been working wih RFID for over 3 yrs now wit access control systems and it is only as safe as you set it up
Glad to see the vette has more sophisticated systems than MB. I only hope thats true. BTW - I work with RFID also, my company is one of the first investors in Alien Technologies, and I am aware of security issues.
05-06-2006, 05:40 PM
#12
Team Owner
My auto insurance is always up-to-date. If the thief wants it, bring it on. Don't let me catch him/her doing it, though. I've got a 12-ga. pump that holds 7 shots.
The sky is not falling.
The sky is not falling.
05-06-2006, 07:02 PM
#13
Team Owner
Member Since: Mar 2006
Posts: 32,809
Likes: 0
Received 0 Likes
on
0 Posts
BCS Bet for St. Jude '09-'10-'11, '15
If thieves put half the effort into following a legal venture as they do in their illegal acts there would be no doubt in my mind they would be successful.
05-07-2006, 03:19 PM
#15
Safety Car
Member Since: Jan 2006
Location: Miami FL
Posts: 4,598
Received 69 Likes
on
45 Posts
2020 C6 of the Year Finalist - Unmodified
St. Jude Donor '08-'09-'10-'11-'12-'13-'14-'15-'16,'17,'18-'19-'20-'21-'22
well, not EVERY time . . .
I have been indebted to Shopdog and his seemingly infinite fountain of wisdom since I joined the Corvette Forum.
But now I have a slight difference of opinion with him. I DO have a method of interrupting current to the electric fuel pump in my fuel-injected Nissan Maxima, and if I do not reactivate the electricity, the car WILL start and will idle for about 15 to 20 seconds before it dies. There is residual fuel pressure trapped in the system (which is why many cars instruct you to depressurize the system completely before changing a fuel filter) and it is enough to allow the car to start and run. I have even driven the Maxima (about 50 yards) with the fuel pump not activated.
This may not apply to other fuel-injected cars, but it does indicate that Shopdog's generalization is not 100.00% applicable to ALL fuel-injected cars. And since I am one year older than Shopdog, he should not feel like some young punk is calling him a liar.
As one of my professors said "One test is worth a thousand calculations."
Respectfully submitted -
But now I have a slight difference of opinion with him. I DO have a method of interrupting current to the electric fuel pump in my fuel-injected Nissan Maxima, and if I do not reactivate the electricity, the car WILL start and will idle for about 15 to 20 seconds before it dies. There is residual fuel pressure trapped in the system (which is why many cars instruct you to depressurize the system completely before changing a fuel filter) and it is enough to allow the car to start and run. I have even driven the Maxima (about 50 yards) with the fuel pump not activated.
This may not apply to other fuel-injected cars, but it does indicate that Shopdog's generalization is not 100.00% applicable to ALL fuel-injected cars. And since I am one year older than Shopdog, he should not feel like some young punk is calling him a liar.
As one of my professors said "One test is worth a thousand calculations."
Respectfully submitted -
05-07-2006, 04:25 PM
#18
Race Director
Originally Posted by shopdog
That article is rife with technical bloopers, and doesn't apply directly to the system used in the Corvette anyway.
First, the Corvette doesn't use a passive RFID chip, instead the fob contains a battery which powers a circuit similar to a rolling code garage door opener circuit. While there are some similarities to the way RFID systems work, there are also significant differences which render many of the article's statements invalid.
Second, the car doesn't issue a challenge until a door switch or hatch switch has been closed by being grasped by the person trying to gain entry. Unlike BMW or Lexus, the car doesn't continuously broadcast challenges, just being close to the car doesn't activate the system. So in order to try to break into the system, one would need to stand next to the car repeatedly operating a door switch or hatch switch while trying to discover the (changing) patterns of challenge and response necessary for the car to unlock. Even with good encryption breaking software, that would take a long time because of the need for manual mechanical action. In other words, the potential thief has to stand next to the car, fooling with the door for a long time, which is likely to attract attention.
Attacks on a fob are a little more plausible. Low frequency challenges could be issued by custom hacking hardware to the fob without the owner's knowledge. The UHF responses could then be analyzed in an attempt to discover the pattern behind the particular rolling code. These automatic responses, which occur without requiring user actions or knowledge, are the weak point of the system.
Downside for the potential thief is that he has to stay in close proximity to the car's owner (less than 4 feet in order for the fob to detect the low frequency challenges) for an extended period of time to crack the encryption.
Bottom line, I'm much more concerned about thieves with a rollback than I am with a hacker trying to break the rolling code encryption by snuggling up to me in a bar or cafe.
BTW, one of the howlers in that article was about "immobilizers" that don't let the fuel pump run. The author says the thief can then only drive the car a few blocks, and that's why valet keys don't need them. Apparently he's not familiar with automotive fuel injection systems. What he said might possibly have been true in the days of carbs, where there was enough fuel left in the float bowls to start the engine and run it for a short time. But a fuel injected engine won't even start if the pump isn't running to provide fuel pressure, and won't run anyway unless the car's computer is actively providing signals to open and close the injectors, and commanding spark at precise times. That's why hot wiring a modern car won't work. If you can't convince the computer you're authorized, that car simply won't start or run.
First, the Corvette doesn't use a passive RFID chip, instead the fob contains a battery which powers a circuit similar to a rolling code garage door opener circuit. While there are some similarities to the way RFID systems work, there are also significant differences which render many of the article's statements invalid.
Second, the car doesn't issue a challenge until a door switch or hatch switch has been closed by being grasped by the person trying to gain entry. Unlike BMW or Lexus, the car doesn't continuously broadcast challenges, just being close to the car doesn't activate the system. So in order to try to break into the system, one would need to stand next to the car repeatedly operating a door switch or hatch switch while trying to discover the (changing) patterns of challenge and response necessary for the car to unlock. Even with good encryption breaking software, that would take a long time because of the need for manual mechanical action. In other words, the potential thief has to stand next to the car, fooling with the door for a long time, which is likely to attract attention.
Attacks on a fob are a little more plausible. Low frequency challenges could be issued by custom hacking hardware to the fob without the owner's knowledge. The UHF responses could then be analyzed in an attempt to discover the pattern behind the particular rolling code. These automatic responses, which occur without requiring user actions or knowledge, are the weak point of the system.
Downside for the potential thief is that he has to stay in close proximity to the car's owner (less than 4 feet in order for the fob to detect the low frequency challenges) for an extended period of time to crack the encryption.
Bottom line, I'm much more concerned about thieves with a rollback than I am with a hacker trying to break the rolling code encryption by snuggling up to me in a bar or cafe.
BTW, one of the howlers in that article was about "immobilizers" that don't let the fuel pump run. The author says the thief can then only drive the car a few blocks, and that's why valet keys don't need them. Apparently he's not familiar with automotive fuel injection systems. What he said might possibly have been true in the days of carbs, where there was enough fuel left in the float bowls to start the engine and run it for a short time. But a fuel injected engine won't even start if the pump isn't running to provide fuel pressure, and won't run anyway unless the car's computer is actively providing signals to open and close the injectors, and commanding spark at precise times. That's why hot wiring a modern car won't work. If you can't convince the computer you're authorized, that car simply won't start or run.
Great info!
