Hackers can crack car-key codes

VULNERABLE? Millions of ignition keys contain a tiny radio, shown, that sends a code to start the car. But the code may be too easy to crack.

Thieves with a little electronic know-how can crack the security codes in some car keys or wireless gas-payment tags in 15 minutes using a specialized but inexpensive homemade decoder. Researchers at the Johns Hopkins University did that in 2005 to demonstrate that the security codes then used weren't adequate.

The security systems rely on radio-frequency ID (RFID) tags, essentially miniature radio transmitters. In a car, the RFID tag is activated when you put your key in the ignition or, in the latest "keyless entry" systems, when you simply walk up to the car. The car communicates with the RFID tag in the key, which must return the correct signal or it won't be able to start the car. ExxonMobil's Speedpass system interacts the same way with gas pumps.

The Johns Hopkins researchers hacked into one of the most widely used RFID systems. Made by Texas Instruments, it’s in 15 million late-model U.S. cars and all Speedpass tags.

code-hacking 101

A well-equipped thief could hijack your Speedpass code without going near a service station: You sit next to someone with a laptop at Starbucks. But you don’t know that he has a small antenna in his pocket that picks up your Speedpass information in less than a second. It will take only about 15 minutes for the computer to figure out the exact code of your Speedpass. After that, he can use the laptop and antenna to mimic your Speedpass, tanking up with gas that gets charged to your ExxonMobil account.

A thief could use the same process to crack an ignition-key code. As the Johns Hopkins researchers say in their report, “We spoofed the immobilizer authentication system and started the vehicle with a bare ignition key.”


how safe is the system?

Companies using or making the RFID gear say there’s no evidence of a problem with code-cracking. Prem Nair, a spokeswoman for ExxonMobil, says that there have never been fraudulent purchases made with a Speedpass and that the company guarantees that customers will not be liable for any fraudulent charges. “We believe the system is safer than credit cards with magnetic stripes, because there is no personal information stored on a Speedpass,” she says.

Texas Instruments says that its system has reduced car thefts by 90 percent and that there have been no examples of thieves hacking into the system. “The amount of time and money someone would need to break the system makes it economically unviable,” says Tony Sabetti, who manages one of the RFID products for the company. “The system is still very secure.”

Even the Johns Hopkins researchers say that their attacks don’t guarantee easy theft of automobiles. But Dr. Avi Rubin, the computer science professor who led the research project, said, “The industry as a whole needs to re-evaluate how they design RFID security systems, because I think to date they have been underestimating the lengths an attacker might go to.” He added, “There’s no reason to believe that well-financed criminals haven’t figured out how to do this