: Gone in 60 seconds--the high-tech version

[David Farber <dave () farber net>]

Begin forwarded message:

From: Glenn Tenney CISSM CISM <gt_IP060107 () think org>
Date: May 6, 2006 7:14:23 PM EDT
To: Dave Farber <dave () farber net>
Subject: Gone in 60 seconds--the high-tech version

( for IP if you wish )

http://news.com.com/Gone+in+60+seconds-the+high-tech+version/ 
2100-7349_3-6069287.html

Gone in 60 seconds--the high-tech version

By Robert Vamosi
Story last modified Sat May 06 06:00:03 PDT 2006


Let's say you just bought a Mercedes S550--a state-of-the-art, high-tech
vehicle with an antitheft keyless ignition system.

After you pull into a Starbucks to celebrate with a grande latte and a
scone, a man in a T-shirt and jeans with a laptop sits next to you and
starts up a friendly conversation: "Is that the S550? How do you like it
so far?" Eager to share, you converse for a few minutes, then the man
thanks you and is gone. A moment later, you look up to discover your new
Mercedes is gone as well.

Now, decrypting one 40-bit code sequence can not only disengage the
security system and unlock the doors, it can also start the car--making
the hack tempting for thieves. The owner of the code is now the true
owner of the car. And while high-end, high-tech auto thefts like this
are more common in Europe today, they will soon start happening in
America. The sad thing is that manufacturers of keyless devices don't
seem to care.

Wireless or contactless devices in cars are not new. Remote keyless
entry systems--those black fobs we all have dangling next to our car
keys--have been around for years. While the owner is still a few feet
away from a car, the fobs can disengage the auto alarm and unlock the
doors; they can even activate the car's panic alarm in an emergency.

First introduced in the 1980s, modern remote keyless entry systems use a
circuit board, a coded radio-frequency identification (RFID) technology
chip, a battery and a small antenna. The last two are designed so that
the fob can broadcast to a car while it's still several feet away.

The RFID chip in the key fob contains a select set of codes designed to
work with a given car. These codes are rolling 40-bit strings: With each
use, the code changes slightly, creating about 1 trillion possible
combinations in total. When you push the unlock button, the keyfob sends
a 40-bit code, along with an instruction to unlock the car doors. If the
synced-up receiver gets the 40-bit code it is expecting, the vehicle
performs the instruction. If not, the car does not respond.
Unfortunately, the companies making RFID systems for cars don't think
there's a problem.

A second antitheft use of RFID is for remote vehicle immobilizers. These
tiny chips, embedded inside the plastic head of the ignition keys, are
used with more than 150 million vehicles today. Improper use prevents
the car's fuel pump from operating correctly. Unless the driver has the
correct key chip installed, the car will run out of fuel a few blocks
from the attempted theft. (That's why valet keys don't have the chips
installed; valets need to drive the car only short distances.)

One estimate suggests that since their introduction in the late 1990s,
vehicle immobilizers have resulted in a 90 percent decrease in auto
thefts nationwide.

But can this system be defeated? Yes.

Keyless ignition systems allow you the convenience of starting your car
with the touch of a button, without removing the chip from your pocket
or purse or backpack. Like vehicle immobilizers, keyless ignition
systems work only in the presence of the proper chip. Unlike remote
keyless entry systems, they are passive, don't require a battery and
have much shorter ranges (usually six feet or less). And instead of
sending a signal, they rely on a signal being emitted from the car  
itself.

Given that the car is more or less broadcasting its code and looking for
a response, it seems possible that a thief could try different codes and
see what the responses are. Last fall, the authors of a study from Johns
Hopkins University and the security company RSA carried out an
experiment using a laptop equipped with a microreader. They were able to
capture and decrypt the code sequence, then disengage the alarm and
unlock and start a 2005 Ford Escape SUV without the key. They even
provided an online video of their "car theft."

But if you think that such a hack might occur only in a pristine
academic environment, with the right equipment, you're wrong.

Real-world examples
Meet Radko Soucek, a 32-year-old car thief from the Czech Republic. He's
alleged to have stolen several expensive cars in and around Prague using
a laptop and a reader. Soucek is not new to auto theft--he has been
stealing cars since he was 11 years old. But he recently turned
high-tech when he realized how easily it could be done.

Ironically, what led to his downfall was his own laptop, which held
evidence of all his past encryption attempts. With a database of
successful encryption strings already stored on his hard drive, he had
the ability to crack cars he'd never seen before in a relatively short
amount of time.

And Soucek isn't an isolated example. Recently, soccer player David
Beckham had not one, but two, antitheft-engineered BMW S5 SUVs stolen.
The most recent theft occurred in Madrid, Spain. Police believe an auto
theft gang using software instead of hardware pinched both of Beckham's
BMWs.

How a keyless car gets stolen isn't exactly a state secret--much of the
required knowledge is Basic Encryption 101. The authors of the Johns
Hopkins/RSA study needed only to capture two challenge-and-response
pairs from their intended target before cracking the encryption.

In an example from the paper, they wanted to see if they could swipe the
passive code off the keyless ignition device itself. To do so, the
authors simulated a car's ignition system (the RFID reader) on a laptop.
By sitting close to someone with a keyless ignition device in his
pocket, the authors were able to perform several scans in less than one
second without the victim knowing. They then began decrypting the
sampled challenge-response pairs. Using brute-force attack techniques,
the researchers had the laptop try different combinations of symbols
until they found combinations that matched. Once they had the matching
codes, they could then predict the sequence and were soon able to gain
entrance to the target car and start it.

In the case of Beckham, police think the criminals waited until he left
his car, then proceeded to use a brute-force attack until the car was
disarmed, unlocked and stolen.

Hear no evil, speak no evil
The authors of the Johns Hopkins/RSA study suggest that the RFID
industry move away from the relatively simple 40-bit encryption
technology now in use and adopt a more established encryption standard,
such as the 128-bit Advanced Encryption Standard (AES). The longer the
encryption code, the harder it is to crack.

The authors concede that this change would require a higher power
consumption and therefore might be harder to implement; and it wouldn't
be backward-compatible with all the 40-bit ignition systems already
available.

The authors also suggest that car owners wrap their keyless ignition
fobs in tin foil when not in use to prevent active scanning attacks, and
that automobile manufacturers place a protective cylinder around the
ignition slot. This latter step would limit the RFID broadcast range and
make it harder for someone outside the car to eavesdrop on the code
sequence.

Unfortunately, the companies making RFID systems for cars don't think
there's a problem. The 17th annual CardTechSecureTech conference took
place this past week in San Francisco, and CNET News.com had an
opportunity to talk with a handful of RFID vendors. None wanted to be
quoted, nor would any talk about 128-bit AES encryption replacing the
current 40-bit code anytime soon. Few were familiar with the Johns
Hopkins/RSA study we cited, and even fewer knew about keyless ignition
cars being stolen in Europe.

Even Consumer Reports acknowledges that keyless ignition systems might
not be secure enough for prime time, yet the RFID industry adamantly
continues to whistle its happy little tune. Until changes are made in
the keyless systems, any car we buy will definitely have an ignition key
that can't be copied by a laptop.


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/