Blog

Imagine you arrive for work, spend the morning at your desk, and when you head outside to drive yourself to lunch, your new Mercedes is gone. Stolen! Now, imagine you’re a guy who would like to drive a Mercedes and you don’t want to use the traditional baseball bat to smash the window in while attempting to snatch it from its rightful owner. What’s a poor thief to do?
Eli Biham, a professor of computer science at the Technion-Israel Institute of Technology, says his team has come up with a new method of hacking those electronic keys appearing in nearly every car these days. And, he blames it on outdated technology being sold “as new” today.

Biham and a group of researchers from Israel and Belgium have discovered a way to create an electronic “slim jim” – pop that door, start that car. According to Bihim, there are approximately 18 billion possible key combinations used with the popular KeeLoq encryption system. Busting the code is easier than you might imagine…
First a bit of background: Most vehicles with remote keyless entry utilize an encryption system called KeeLoq. Developed more than twenty years ago in the 1980s, it was purchased by Microchip Technology, Inc. about a decade ago. KeeLoq works by scrambling messages between devices, in this case, your key and the lock on the door of your vehicle. The key holds the unique code that will decipher the code to unlock the door.
The research group headed by Biham discovered a method to shortcut those 18 billion possible key combinations in less than an hour. Using a laptop equipped with some software and able to intercept several transmissions from the key itself, a majority of the combinations are eliminated and a “master key” can be created within a day or so. It will then open nearly any KeeLoq protected vehicle.
Perhaps most interesting is how the data is acquired: Just sitting at your desk with your key in your pocket permits access to that key and its transmissions. Access for about 45 minutes to an hour is required. You don’t hear anything. You don’t feel anything. And a day or two later, your vehicle goes home with somebody else.
Biham presented his team’s findings last week at the Crypto 2007 Conference held at the University of California, Santa Barbara. Titled, “How to Steal Cars,” (Download PDF file), the research document does not detail each step in the process, although details will be forthcoming in the near future. Microchip Technology was informed of the research document a number of weeks ago.
Naturally, a slim jim is a larger threat when talking about stealing cars. At the same time, the research paper’s goal is not to expand auto-related theft, but to point out that technology must be reinvented continually, or the owner will discover they are behind the curve of technology. “KeeLog is badly broken,” the research paper asserts. “Soon, cryptographers will all drive expensive cars.”