Millions at Risk as Boffins Break Doorlock Code. Or Not.

Robert Farago
by Robert Farago
We’re committed to finding, researching, and recommending the best products. We earn commissions from purchases you make using links in our articles. Learn more here
millions at risk as boffins break doorlock code or not

Microchip Technologies (MT) is in full damage/spin control mode, as Israeli and Belgian boffins say they've cracked the "Keeloq" anti-theft key code. The code is the foundation of the company's remote control system. MT's plippers lock and unlock the doors and immobilize and de-immobilize models built by Fiat, General Motors, Toyota, Volvo, Honda, Volkswagen, Jaguar, Daewoo and Chrysler. Microchip's website calls the code "a highly secure algorithm." The hackers call it lunchmeat. The Jerusalem Post says all the geeks have to do is wirelessly access your key for about an hour, run their computer program and hey presto! They can identify your code from a billion billion possibilities, unlock your car and motor away. Or can they? "Our attack was checked in depth in program simulations," claimed researchers Sebastian Indestig, Eli Beham, Or Dunkelman, Barrett Fernil and Natan Keller. These guys would do well to remember the Ancient Art of War admonition: the algorithm is not the territory.

Robert Farago
Robert Farago

More by Robert Farago

Join the conversation
4 of 9 comments
  • CSJohnston CSJohnston on Aug 23, 2007

    Um, if it takes someone an hour of wireless access to break a key or keyfob code, doesn't that mean my key code or keyfob has to be broadcasting to let the hacker determine its coding for the entire hour. Do our keys and fobs continuously broadcast?

  • VLAD VLAD on Aug 23, 2007
    My Thinkpad laptop has a security feature which, if enabled, lets me lock the machine at a fairly low (BIOS) level. There are warnings that if I forget the password, I’ll be looking at an expensive motherboard replacement. LOL. How long does it take to remove a cover. Google it, there is nothing to bypassing/resetting this.
  • Nopanegain Nopanegain on Aug 23, 2007

    CSJohnston: The keyfobs mentioned in this story only broadcast when you press the button (the keys do not broadcast). In the early days of car alarms, there were "Code Grabbers" that could potentially steal the frequency of your remote control. But the conditions had to be just right to have it work. So someone would have to steal your keyfob for AN HOUR to learn the algorithm of your keyfob to potentially code up a new set of keys. Fugeddeboudit- the cost and time involved for the average thief would be prohibitive. Some geeks out there are brilliant to crack a code, but to no avail with no practical application.

  • Nonce Nonce on Aug 24, 2007
    Even though they amount to no more than security-through-obscurity, the insurance companies consider them unbreakable and effectively won’t cover the cost of a stolen car. Fun. That sounds backwards. First, wouldn't the insurance lower my rates for a security system they consider unbreakable? Second, why does it matter how my car is stolen? If someone puts it on a flatbed, or mugs me and takes my keys, the insurance company is supposed to cover that. What circumstances would have the car company determining that they must've broken the unbreakable system and declining to pay? If the key coding really made that much of a difference we would have seen a HUGE drop in car thefts over the last 10 years, and that is not the case. False security. Kristof cites a source that claims that auto theft is indeed lower now. I'm not sure if it's "dramatically" lower. Anyone have the actual numbers?