Hi,
Anyone seen the stuff in the news (possibly old news) about the commonly used Keeloq security system being cracked?
http://blog.wired.com/27bstroke6/2007/08/researchers-cra.html
If so, does anyone have a definitive list of vehicles potentially affected by this - I'm keen to know if my car is affected or not.
Also, does anyone know if there is anything which can be done to safeguard against the attack? Presumably if you never use your remote key fob then
nobody can "sniff" your codes - yes?
Cheers,
Craig.
It can be cracked without you pressing any of the buttons.....
but it would require "their" equipment to be within range of your keys for just over an hour with a very fast computer.....
Worrying though....
Yes I know they can hack my specific keys if they have close contact with them but I also believe they can do this 1 hour process with ANY set of keys
for a given manufacturer (or perhaps model?) and then they can hack any other specific car in a couple of seconds by sniffing the remote central
locking signal.
I'm guessing that the "1-hour" codes will soon propagate via the internet for all car types which will then leave individual cars
vulnerable to local sniffing. I'm thinking the best bet is to physically safeguard my keys (as I always do) and stop using the remote locking to
prevent sniffing.
However, I still don't know if my car uses Keyloq or not. It's a 2005 ('54) SEAT Cupra R 225.
Cheers,
Craig.
VAG aren't mentioned by the inquirer in their report.
They have Honda, Ford, General Motors, Mercedes Benz and Jaguar.
http://www.theinquirer.net/?article=41929
A classic example of security by obscurity being a broken way to do business.
The security algorythms I've worked with have an increasing time delay between sussesive failed challenges to prevent brute force cracking
techniques. I guess not everyone does this.
Your remote central locking key only transmitts when you press the button, so this cannot be "sniffed" just by being near you. Immobiliser
keys have a very small range (a few 10s of mm) so you'd have to be stood against the machine for them to read your key. Again, not all cars are
the same.
So stick a big yellow kludge on your steering wheel to make it awkward for them. No problem.
If you read the wikipedia link VW are mentioned as using the system.
Reality check - your car will be safe for quite some time. I'm guessing the average car thief isn't some uber criminal so won't have
the right kit.
I also believe there are some flaws in the statement. The battery power in a keyfob is minimal - it would be very hard in practice to scan a fob from
any distance. Think of all the other electronic devices giving out distorting electromagnetic radiation.
quote:
Originally posted by MikeR
If you read the wikipedia link VW are mentioned as using the system.
Reality check - your car will be safe for quite some time. I'm guessing the average car thief isn't some uber criminal so won't have the right kit.
I also believe there are some flaws in the statement. The battery power in a keyfob is minimal - it would be very hard in practice to scan a fob from any distance. Think of all the other electronic devices giving out distorting electromagnetic radiation.
Somewhere in the internet I found the schematics for an inmobilizer, activated via a hidden magnetic switch. then it is active while the key is on.
Once you remove the key, it activates again. As there is no visible switch, it is very unlikely that the thieve will sort it out.
quote:
Originally posted by Angel Acevedo
Somewhere in the internet I found the schematics for an inmobilizer, activated via a hidden magnetic switch. then it is active while the key is on.
Once you remove the key, it activates again. As there is no visible switch, it is very unlikely that the thieve will sort it out.
