Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Car immobilizers cracked due to crappy proprietary crypto

Cory Doctorow at 3:13 am Sat, Dec 18, 2010

— FEATURED —

THE LATEST

Guatemala: Nation's highest court throws out Ríos Montt genocide trial verdict and prison sentence

Feature

Eurovision 2013: An American in London

Book Review

The Twelve-Fingered Boy - mesmerizing YA horror novel

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Karsten Nohl of Security Research Labs, a white-hat hacker, believes that a recent spike in car theft is due to a break in the car immobilizer security systems; thieves are able to re-mobilize the immobilized vehicles. My question is: how long until someone builds a TV-B-Gone for car engines that lets you stop cars with the click of a button?
Juels says that these cracks were possible because the proprietary algorithms that the firms use to encode the cryptographic keys shared between the immobiliser and receiver, and receiver and engine do not match the security offered by openly published versions such as the Advanced Encryption Standard (AES) adopted by the US government to encrypt classified information. Furthermore, in both cases the encryption key was way too short, says Nohl. Most cars still use either a 40 or 48-bit key, but the 128-bit AES - which would take too long to crack for car thieves to bother trying - is now considered by security professionals to be a minimum standard. It is used by only a handful of car-makers...

What's more, one manufacturer was even found to use the vehicle ID number as the supposedly secret key for this internal network. The VIN, a unique serial number used to identify individual vehicles, is usually printed on the car. "It doesn't get any weaker than that," Nohl says.

Criminals find the key to car immobilisers (via Schneier)

(Image: Invalidka - Soviet car for disabled people, a Creative Commons Attribution (2.0) image from dittaeva's photostream)

 
  • Adobe issues security advisory for Flash Player, plans fix "during ...
  • Wash., DC transit authority uses proprietary RFID system, gets ...
  • Can you audit the software that goes in your body? - Boing Boing
  • If other industries were as evil as the record companies - Boing Boing

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE:  Business • Technology

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

  • AirPillo

    and the password was “password”, right?

    • pinehead

      Don’t be silly. It was “1 2 3 4 5.”

  • Dom

    You should read some of this study on the security of the modern vehicle.

    http://www.autosec.org/pubs/cars-oakland2010.pdf

    “Even at speeds of up to 40 MPH on the runway, the attack packets had their intended effect, whether it was honking the horn, killing the engine, preventing the car from restarting, or blasting the heat. Most dramatic were the effects of De- viceControl packets to the Electronic Brake Control Module (EBCM) — the full effect of which we had previously not been able to observe. In particular, we were able to release the brakes and actually prevent our driver from braking; no amount of pressure on the brake pedal was able to activate the brakes. Even though we expected this effect, reversed it quickly, and had a safety mechanism in place, it was still a frightening experience for our driver. With another packet, we were able to instantaneously lock the brakes unevenly; this could have been dangerous at higher speeds.”

  • AGC

    Off topic but what model of car is that in the picture?

  • Baldhead

    Well they can stop cars with the click of a button- it’s how Bait Cars work to catch thieves. They usually use it to kill the engine of course- applying brakes to a driver who’s not expecting it is a very bad plan. Now to stop ANY car- that’s different but I’m sure law enforcement would like such a thing.

  • Niklas

    … and how long until Gizmodo uses it at a car show?

  • Anonymous

    I read an article on car thieves a few years back – they actually flashed their own firmware on to the car computer. No amount of crypto will help if you have physical access to the hardware!

  • Michael

    “Usually” printed on the car? By law, the VIN must be visibly affixed to the car; that’s the entire point of a vehicle identification number.

  • mercator

    There are a lot of cyclists that would pony up good money for a Car-B-gone device. Is there a kickstarter page for this yet?

  • quail

    It’s sad, but they really don’t care about true encryption. They want something that mechanics, dealers, repo men, etc. can hack or figure out at a moment’s notice, thus the reason for the VIN number being used. It would be nice to know which cars are vulnerable to this and make plans to never buy them.

    • IronEdithKidd

      $5 says GM.

  • chris

    The first thing you should be taught in any cryptography class:
    http://en.wikipedia.org/wiki/Kerckhoffs's_Principle

    Quit using proprietary crypto systems.

  • Anonymous

    maybe to car manufacturers should have read this first….. http://www.schneier.com/crypto-gram-9902.html

  • Nadreck

    Oh, so that’s how the car-immobilising Bat Beam worked.

  • teapot

    how long until someone builds a TV-B-Gone for car engines that lets you stop cars with the click of a button?

    Last weekend there was some asshole who parked in my space all weekend. By the end of last night I decided the only course of action was to fry the car’s electrics with an EMP.

    Today’s task was to search for a solution online.

  • Anonymous

    “What’s more, one manufacturer was even found…”

    DAARG!! I see this more and more these days- sentences beginning with ‘What’s more,…’ and it’s really starting to drive me crazy. In this case those two words could have been omitted and it would have read just fine. If you absolutely have to use something, I’d think ‘Furthermore’ would be the primary choice.

  • Kimmo

    I’ve always regarded old-timers’ criticisms of EFI with scorn; just cause my car depends on electronics doesn’t make it any less reliable… EFI > carbies by miles.

    But here I think we’ve reached the point where I feel inclined to knock back new tech. I’m thinking if I ever own such a car, I’ll be disabling the radio receiver element of the circuit…

  • jadeonly

    Which manufactures? The encryption key isn’t something I’ve seen advertised, any recommendations on finding out what my car has and the cars I might be interested in buying?

  • Anonymous

    Must… crush… my… cynisism. The only thing that kept running
    through my mind towards the end of the article was,

    News Headline, ‘Assange dies in car crash’

    sigh.