Car digital keys are hackable

Where are my khakis?

By Nick Farrell

Mon Aug 27 2007, 09:31

ISRAELI and Belgian boffins have discovered that the algorithm used in anti-theft digital key systems cars made by Honda, Ford, General Motors, Mercedes Benz and Jaguar are flawed.

According to Wired, it took the boffins an hour of remote access to the digital key of one car made by a manufacturer, to crack the code for that key. From there it was a doddle to work out the code for all the digital keys made by that manufacturer.

According to one of the boffins, Orr Dunkelman, a researcher from the University of Leuven in Belgium there is a master key from which is derived the key for each car a company makes.

The code, known as KeeLoq, was leaked to a Russian hacking web site last year and this enabled the boffins to look at the system for vulnerabilities.

The boffins attacked a digital key wirelessly by sending 65,000 challenge/response queries to it. After 65,000 responses, or an hour's worth of connection, they use software they designed to decipher that key's unique code in a day.

The hack gives the attacker the 36 bits of information that are common to all of the keys for one model of car after that it only takes only a few seconds to crack the rest.

According to Wired, a hacker could get the rest of the key in a few seconds by sniffing the communication between the digital key and the car when an owner opens it.

More here. µ

Anonymous goes after Syria Aided by poor passwords Thursday, 9 February 2012, 11:49 AM Read more	Israel promises to strike back after hacking attack Credit card details are released Monday, 9 January 2012, 11:24 AM Read more
Team Poison posts a list of hackable police web sites SQL and FTP weaknesses Wednesday, 26 October 2011, 16:50 PM Read more	Security industry is divided over Shady Rat Will the real severity please stand up Thursday, 18 August 2011, 12:00 PM Read more
Ipad 2 unlocked and jailbroken thanks to PDF exploit But it's still a risky business Wednesday, 6 July 2011, 14:52 PM Read more	Tunny machine is rebuilt at Bletchley Park Reconstructed cipher machine marks an epic feat of deduction Friday, 27 May 2011, 15:59 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Lead Project Planner

A leading global organisati...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Car digital keys are hackable

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review