Are car RFID remote control chip keys safe?

frozenviolet

Are car RFID remote control chip keys safe? [Copy link]

CNET Technology Information Network May 16 International Report Imagine the following scenario: You just bought a Mercedes- Benz S550 (Mercedes-Benz S550) - this is the crystallization of cutting-edge technology and art, equipped with a remote ignition system. When you go to Starbucks to buy a latte , a man in a T-shirt and jeans with a laptop asks you in a friendly way: "Is this the S550? How does it drive?" You excitedly share your experience with him, and then the man thanks you and disappears. A few minutes later, you look out the window and find that your Mercedes is gone. In today's situation, if you can decrypt a 40-digit password, you can not only turn off the anti-theft device and open the door, but you can even start the car - so this makes many thieves want to crack the password. Because with this set of passwords, it is equivalent to owning the car. This kind of theft may gradually spread around the world. However, sadly, so far, car dealers do not seem to care much. Wireless or contactless devices in cars are not the latest. Remote controls -- that black box that hangs on your keychain -- have been around for years. Users can use the remote to disarm the immobilizer and unlock the doors, or even activate the car alarm in an emergency, from just a few feet away. This type of remote lock unlocking device has been used since the 1980s. Generally speaking, it has a circuit board, a radio frequency identification ( RFID ) chip with a lock code, a battery and a small antenna. The battery and small antenna are used to allow the black box to transmit the signal . The RF chip on the remote control has a set of passwords that work with specific cars. These passwords are 40-bit variable sequences: each time they are used, the passwords will change slightly, and the total number of combinations is about 100 billion. When you press the unlock button, the remote control will send a 40-bit password and the unlock command. If the receiver receives the correct password, the car will act according to the command. If it is an incorrect password, there will be no response. Unfortunately, manufacturers of automotive RFID systems don't think there is any problem. The second anti-theft device that uses RFID is the electronic lock. This small chip, embedded in the key grip, is used in more than 150 million cars. Without this chip, the car's gas pump will not work properly. Unless the driver uses a key with the correct lock code chip, the car will run out of gas a few blocks away. (This is why spare keys do not have a lock code chip embedded in them, as they only provide short-range driving.) One study shows that electronic locks have reduced car thefts in the United States by 90 percent since the late 1990s. But is it possible to crack this code? Yes. Now the new keyless ignition system provides convenience, so you don't need to search in your pocket or bag to start the car, just press the remote control button to start. The wireless remote control is the same as the electronic lock mentioned above, and only the correct chip can be used to start the car. However, unlike traditional wireless remote controls, which require batteries and have a short range, the keyless start system is passive and does not require batteries. It relies on signals sent by the car itself to operate. Because the car is constantly sending signals to nearby areas and receiving responses, it is theoretically possible for a thief to try different codes to see what the car responds with. Last fall, a study from Johns Hopkins University and security company RSA successfully used a laptop and a receiver to collect and crack the serial number of a Ford 2005 Escap SUV , disabling the car's anti-theft device and unlocking the car without a key. They even posted the process of cracking the entire car on their website. If you think that such a crack requires special equipment and only exists in theoretical academic experiments, then you are wrong. Real-world examples Radko Soucek is a 32-year-old car thief from the Czech Republic. According to the investigation, he used a transceiver and a laptop to steal several expensive cars in Prague and its suburbs. Soucek is not a novice, he has been stealing cars since he was eleven years old. But it was not until recently that he discovered how easy it is to steal cars using high technology. Ironically, it was his laptop that landed him in jail, because it contained evidence of all his past attempts to decrypt. There was also a database of successfully decrypted strings on his hard drive , which allowed him to unlock cars he had never seen in a very short time. Soucek is not an outlier. Recently, well-known football star David Beckham had two specially designed anti-theft BMW X5 SUVs stolen by thieves. That happened in the Spanish capital of Madrid. Police believe that the thieves used software to decode the car instead of using tools to pry it open. The technique for cracking a keyless car isn't exactly a secret -- it basically requires some knowledge of basic encryption. The Johns Hopkins and RSA research paper says that by intercepting just two sets of responses between the car and the remote control, the code can be cracked. In the paper's example, they wanted to test whether they could successfully steal the password for a keyless entry device. To achieve this goal, the authors installed an RFID receiver on a laptop. As long as the car owner approaches the car, it can scan several signals within a second without the owner knowing. As long as there is a signal between the car and the remote control, you can use the "brute force method" to decode it. The so-called "brute force method" is to keep trying different passwords until the correct password is found. As long as the correct password is found, there is a way to predict the new password to be used next, and the car can be successfully started. In Beckham's case, police believe the thieves used brute force to decrypt the key after he left the car, disabling the car alarm before driving away. More secure passwords Therefore, the author of the paper recommends that RFID companies phase out the current simple 40-bit encryption technology and use more advanced and secure encryption technology, such as the 128-bit Advanced Encryption Standard (AES). The longer the number of bits, the harder it is to crack the password. However, the authors of the paper did not mention that such a device would consume more power, be more difficult to implement, and would be incompatible with current 40-bit keyless entry devices. The author also recommends that car owners wrap wireless remote controls in tin foil when not in use to prevent password scanning, and also recommends that car dealers install a protective cover on the car's signal transmitter. This can limit the RFID signal range and make it difficult for others outside the car to receive the password sequence. Unfortunately, automotive RFID system vendors don't see security as an issue. CNET took the opportunity to talk to several different RFID vendors about this topic at the 17th annual Automotive Security Conference in San Diego. However, they are unwilling to make any public comments and have no plans to release 128-bit AES encryption technology in the short term. Only a few manufacturers said they were aware of the research done by Johns Hopkins University and RSA, and even fewer have heard of keyless entry cars being stolen in Europe. However, the poll also shows that most people are not worried about the security of future keyless start devices, and RFID companies are also very determined to launch this technology. However, unless the technology of wireless devices is completely innovated, the keyless start devices currently on the market for cars are likely to be cracked by laptops.