• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Security weakness found in remote locking/transponder keys

M

Mark R

Diamond Member
Bunch of mathematicians describe flaw in a ubiquitous transponder system

Apparently, there are some weaknesses in the KeeLoq technology used in over 50% of car keys (those keys used by Chrysler, GM, Honda, Daewoo, Fiat, Jaguar, Toyota, VAG, etc.) which can allow the keys to be cloned wirelessly, just by bringing the cloning device into range of the key (no buttons need to be pressed).

It's not totally practical as it requires about 1 hour of proximity, and further processing of the data which takes approx 2 days on 50 dual-core systems. But, the possibility is there.

FWIW, high-end cars like BMWs, MB, etc. use a different system.
 
Doesn't really sound like a flaw. If I leave my keys somewhere where someone has access to them for an hour, I'm the idiot.
 
Originally posted by: Dman877
Doesn't really sound like a flaw. If I leave my keys somewhere where someone has access to them for an hour, I'm the idiot.
Click to expand...

What are you talking about? Anyone hanging around in the next office or maybe in the same room during a dinner date or a party can easily be in range for an hour.
 
To be clear, this does NOT clone the remote transponder. It clones the RFID chip that is inside the physical key. The range of this RFID chip is a few feet, vastly less than the range of the remote transponder.

To use this the thief would need to be within range of the physical key for an hour (so within a couple feet of it), and would still need to find a way to either make a copy of the physical key or to pick the lock in order to use this to defeat the car's security system.

ZV
 
Originally posted by: Zenmervolt
To be clear, this does NOT clone the remote transponder. It clones the RFID chip that is inside the physical key. The range of this RFID chip is a few feet, vastly less than the range of the remote transponder.

ZV
Click to expand...

The exploit requires being within the short-range transponder's range - a few inches.

However, one of the reasons that the KeeLoq technology is so popular, is because it is cheap and because, in its latest version, a single RFID chip handles both the short-range transponder and long-range remote functions.

The same chip, using the same encryption algorithm and key performs both functions.

 
Originally posted by: Mark R
Originally posted by: Zenmervolt
To be clear, this does NOT clone the remote transponder. It clones the RFID chip that is inside the physical key. The range of this RFID chip is a few feet, vastly less than the range of the remote transponder.

ZV
Click to expand...

The exploit requires being within the short-range transponder's range - a few inches.

However, one of the reasons that the KeeLoq technology is so popular, is because it is cheap and because, in its latest version, a single RFID chip handles both the short-range transponder and long-range remote functions.

The same chip, using the same encryption algorithm and key performs both functions.
Click to expand...

Interesting, but you cannot really mean the same chip. You must mean the same code/algorithm. The transponder obviously isn't using an RFID chip. It's using an active RF transmitter.

And I'm not sure that the transponders truly do have the same codes as the keys. Every time that I've had to replace a transponder, it's the car that has to be programmed to accept the transponder's code, even if the original keys still work. For example, my Volvo only had one transponder when I bought it and I had to buy a second transponder. To program the second transponder, I had to first clear the transponder portion of the car's computer and then follow the procedure to get the car to synch with the transponders, which both had a unique, fixed cipher. None of this required reprogramming of the physical keys, which do contain RFID chips in them as well. So my Volvo currently has the original keys with their RFID chips and two transponders that do not match the RFID codes in the keys.

Volvo is listed as one of the companies using KeeLoq. Granted, my S70 is older and the system may have been changed since the version used in it, but it doesn't make sense to me to pair the physical key to the transponder like that. Seems like it would make it much more difficult to legitimately replace a key fob while not offering a real increase in security.

In any case, as you point out, someone would need to be within inches of the key for an hour's worth of time. Since I keep my keys in my front pants pocket, I'd notice if someone were within inches of my keys for that long. 😛

ZV
 
Originally posted by: Mark R

It's not totally practical as it requires about 1 hour of proximity, and further processing of the data which takes approx 2 days on 50 dual-core systems. But, the possibility is there.
Click to expand...


So your telling me a typical car theif will have access or even know how to setup 50 dual core systems. I think most (not so bright) car theifs will simply break the window and stick a screw driver in the ignition. This may not be such a practicle solution for them. Also a much easier way to get keys to a car you don't own is simply write down the VIN and go to the dealer. I lost my keys!!!!! They are supposed to check your registration. But I did this to one toyota that I owned and no one asked shit. They just made a new key.
 
Originally posted by: steppinthrax
Originally posted by: Mark R

It's not totally practical as it requires about 1 hour of proximity, and further processing of the data which takes approx 2 days on 50 dual-core systems. But, the possibility is there.
Click to expand...


So your telling me a typical car theif will have access or even know how to setup 50 dual core systems. I think most (not so bright) car theifs will simply break the window and stick a screw driver in the ignition. This may not be such a practicle solution for them. Also a much easier way to get keys to a car you don't own is simply write down the VIN and go to the dealer. I lost my keys!!!!! They are supposed to check your registration. But I did this to one toyota that I owned and no one asked shit. They just made a new key.
Click to expand...

So that's why car thieves steal vehicle registration papers these days....
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top