Immobilizer RFID encryption cracked...

[raz-0]

http://rfidanalysis.org/

 

Anyone know if the SOA chipped keys use the TI chips from this story? Because that there is the beginning of the end for them. For a car you'd have on a "shopping" list, the cost and performance is already likely usable. fortunately subarus are more of a comodity type vehicle, so even if we use the TI chips, we likely have some time.

[mwiener2]

i think we're all safe

[KGreb]

We probably do have the same immobilizer, but I wouldn't worry about it. If a determined thief wants to take the car, they will, and a wrecker is a lot more available than a one-off high tech system like this.

[raz-0]

well let me put it this way. Lets assume the wrecker is what is used to drag the car away in the first place. To make the car functional, I need to get a key and an ecu to match it in order to turn the car around. The cost of a one off doodad is in the neighborhood of about $4k. Start mass producing it, and you are probably looking at $2500-3000. About the cost of the scanners that dealt with capturing car alarm codes and synching with cycling car codes on car alarms in the early 90s. Those were indeed used by car thieves often. Not the smash in your window and joy ride kind, but the professional types. And not even for real exotics.

 

Kind of like the several thousand dollar rigs for duping transponder keys have a market now, and this device would be substantially more useful, especially if you already ahve a duping machine.

 

Put it this way. This plus a duping machine means that instead of having to get your hands on keys and dupe them, or replace the electronics you don't have the keys to with ones you do, you just need a duping machine and one of these and a wrecker to harvest immobilizer cars CHEAPLY in whatever quantities you want.

 

You now have a whole car that runs and is usable for about $80 per plus the amortized cost of the equipment.

 

Granted, statisticly odds are on your side thatyou won't have your car stolen, but it could well mean that in 3-4 years, you no longer get a car insurance break for the immobilizer technology.

 

Myself, I'm mostly just curious if our cars use this chip or a competitors. Since the market hasn't demanded it, I doubt the competitors did their job of makign the system secure much better.

[Mui01]

well, at least I have a wagon. Who would steal a wagon to go joy ride? If I stole cars, I would steal a STi before I steal a family's car.

[KGreb]

Since the market hasn't demanded it, I doubt the competitors did their job of makign the system secure much better.

Covered in the link you provided, near the end. Philips has an older solution that has similar encryption strength to the TI product. TI and Philips both have newer solutions with better encryption. The technology was developed in the early 90s and the OEMs haven't updated to newer, better solutions. I'm guessing they are unwilling to pay for the cost of better security.

[KGreb]

One more note - professional car thieves typically do not want intact cars. They want parts. We had a real bad time with folks stealing 3rd gen RX-7s in Houston a while back. Electronic alarms and immbilizers were worthless - they just loaded up the car onto a wrecker and off to the chop-shop it went

[KGreb]

Sorry for the repeated posts, but I found TI's response to the original press release back in Feb - http://www.ti.com/rfid/docs/news/news_releases/2005/rel02-10-05.shtml

[raz-0]

yeah, the high volume thefts are usually chopped up, and nothing's going to stop that. But around here, we have had waves of "shopping list" type thefts. Granted, the legacy is probably under the radar there, but some of the cars on the list were a tad odd compared to the usual suspects.

 

The TI press release sounds to me like putting spin on the fact that their chips are capable of being compromised and they are thus making new ones. It also looks like they are switching to vetted, non-proprietary algorithms (although not the strongest out there), and to larger keys. Both the key elements of these folks' attack, which says to me they were right on the money.

[jm02130]

well, at least I have a wagon. Who would steal a wagon to go joy ride? If I stole cars, I would steal a STi before I steal a family's car.

 

Nah, the pros prefer high volume cars, not something like the STI. Much harder to trace, and much easier to fence the parts. The perfect target is a late model Accord or Camry.

[raz-0]

The parts cars are their bread and butter. Around here, the integra, corola, accord, camry, and civic are the worst ones.

 

Accord is probably the worst.

 

The whole immobilizer cracker thing is still attractive for parts. It means the ECU is now a usable resellable part if done right. Fortunately ours are relatively cheap, so still under the radar. If you make a doohicky that is genericly applicable, you drag it off with a wrecker, and each car becomes worth $250+ more in parts. You make up the investment pretty quick.

 

Like I said, for us the biggest threat is that the insurance companies stop discounting it because it stops helping reduce theft of something like the above cars. Second biggest is if the LGT becomes a status symbol for russian gangsters or soemthing.

[Jaxx]

the rfid encryption is very weak ..at least with the LGT/subaru line you have to have a key to drie the car away .. some of the cars .. like say the aston martin once it sense the rfid tag the car will just go ..

[RobY]

If I need to park my car for an extended period of time its getting Accessported. Crack that BIATCH!!!!

 

He can have all the RFID software he wants. If theres an extra layer of protection that hes not familiar with (ie. invalid ECU map) he will NEVER get the car started.

[Th3Franz]

Is our key even RFID? I know it has a chip, but has someone confirmed if it's wireless or if it is an electrical connection?