RFID Car Keys

RFID car keys (subscription required) are becoming more popular. Since these devices broadcast a unique serial number, it’s only a matter of time before a significant percentage of the population can be tracked with them.

Lexus has made what it calls the “SmartAccess” keyless-entry system standard on its new IS sedans, designed to compete with German cars like the BMW 3 series or the Audi A4, as well as rivals such as the Infiniti G35 or the U.S.-made Cadillac CTS. BMW offers what it calls “keyless go” as an option on the new 3 series, and on its higher-priced 5, 6 and 7 series sedans.

Volkswagen AG’s Audi brand offers keyless-start systems on its A6 and A8 sedans, but not yet on U.S.-bound A4s. Cadillac’s new STS sedan, big brother to the CTS, also offers a pushbutton start.

Starter buttons have a racy flair—European sports cars and race cars used them in the past. The proliferation of starter buttons in luxury sedans has its roots in theft protection. An increasing number of cars now come with theft-deterrent systems that rely on a chip in the key fob that broadcasts a code to a receiver in the car. If the codes don’t match, the car won’t start.

Cryptography can be used to make these devices anonymous, but there’s no business reason for automobile manufacturers to field such a system. Once again, the economic barriers to security are far greater than the technical ones.

Tags: , , , , , , , , , ,

Posted on October 5, 2005 at 8:13 AM78 Comments

Comments

Lee October 5, 2005 8:47 AM

My knowledge of these things is poor at best, but wouldnt it be possible for someone to eavesdrop on what this key was transmitting? If this was the case wouldnt encryption be useless as all someone would need to do is recreate the encrypted message, not needing to know what it contained, to “activate” the car. I don’t know if thats feasible at all, it’s something thats bugged me about these systems for a while now though.

Mike Sherwood October 5, 2005 8:49 AM

I know asking for crypto is too much, but I’d be satisfied with some type of switch or button that opens the circuit so I can choose when I want to have the RFID device respond to queries. It seems like an always on switch being available would cover the needs of those who don’t know or care, and turning it off would cover many of our concerns.

This is the same problem I have with all of the RFID based payment systems. With a credit card, anyone could potentially see the number while I’m using it in a transaction. RFID with a static identifier has this same potential problem. However, it’s not just limited to the time in which I’m engaged in a transaction. Someone could probe the RFID chip at any time by being close enough to trigger and read it.

Car companies have no incentive to improve their security until after there’s widespread auto thefts based on their implementation of RFID technology. Most consumers aren’t going to understand the risks. Static RFID is a great solution for people who tattoo their passwords on their forehead. The benefit of advocating an off switch is that the average person can relate to that concept.

Joseph October 5, 2005 8:51 AM

The crypto analyst and privacy advocate part of my brain is saying:

What idiots! Almost no true security, and terrible privacy problems!

The tech nerd and avid consumer part of my brain is saying:

Cool! I wish my car had that!

Mike Sherwood October 5, 2005 8:53 AM

@Lee

That is known as a replay attack. Adding a sequence and timestamp to the data being sent avoids that problem.

Joseph October 5, 2005 8:55 AM

@Lee

This is called a “replay” attack, and there are a lot of cool crypto protocols that make it impossible, but may be difficult to fit onto a small RFID circuit. For example, the car could transmit a random number, the rfid could encrypt the number with a known key, and return the result. If the car calculated the same result, it would start. That would make replay useless.

Car user October 5, 2005 8:56 AM

RFID Car Keys can only be efficient if they used high grade cryptography with a triggering signal from the on-car crypto processor. The RFID’s are quite popular among car security systems that use an extra RFID “remote” as an immobilizer disabler or for anti-jacking. But such a broadcasting RFID device cannot be tamper-proof as a potential thief can intercept and save the RFID signal and then play it back to get disable the car security.

Chris Walsh October 5, 2005 9:05 AM

Me: Hello? Is this the NSA?

NSA: Yes, sir, this is the NSA public information office.

Me: Can you please tell me where I left my car key?

Zach October 5, 2005 9:15 AM

I think in fact that the anonymization of the rfid would be a strong selling point in a certain segment of the luxury car market. Those who make their money from nefarious means probably wouldn’t like the idea that they are easily trackable.

John Pritchard October 5, 2005 9:19 AM

I don’t get the criticism of this system. Assuming the system is secure in- band, what is the economic issue? the price of these cars?

I think it’s great, assuming it’s a reasonable hash system that is unbreakable subject to the integrity of the hash function.

Joe Patterson October 5, 2005 9:45 AM

The one hope I have is that, since these are becoming more popular, there must be an interface to the RFID system. What I really hope is that this breeds a market for after-market replacements that do have strong encryption and strong bi-directional authentication. I doubt it would be a popular enough option among the general population to become a standard option from the manufacturer, but neither are 3 foot spoilers on a Honda Civic.

Of course what I would really like is single-sign-on. Build the encryption and authentication right, once, and have an RF “key” that opens and starts my car, opens my front door, lets me into my office, logs me into my computer, etc. OK, maybe for some of those things the key would only be one factor of a dual-factor system. Unfortunately, the math is all there, but that’s the easy part. The hard parts are getting a good standard accepted, and creating the market forces which make it a viable thing for someone to do.

Anonymous October 5, 2005 9:45 AM

Simple encryption does nothing for anonymity. You can track me with a random number assigned to me; you can also track me with the hash of that number. A rotating hash system might work, though–use an impedance switch (like touch lamps) and a small motor to change which salt is added to the original message before hashing. If there are only a few values for the salt (100 or so), you can easily have a processor on the car that computes the hash of each, or even store all the hashes, and compare them.

There’s still the economic issue, and the feasibility of putting a reasonably secure hash algorithm on a small chip (probably quite cheap, actually), the power consumption, and the means of transmitting the hash.

A. Reader October 5, 2005 9:51 AM

I think the real problem here is that the policy choices for technology are becoming too complex for the average consumer (citizen) to intelligently assess. That, if you like, is pushing US society toward an oligarchy and to mis-quote Juvenal, “Who shall guard the technocrats?”

Paulie October 5, 2005 9:54 AM

On the Toyota Prius, there is a disable button, under the steering wheel, for the SmartKey/Entry system.

The manual recommends you disable the SKE system when leaving the car parked for a long time, since the broadcast can drain the enable battery (the tiny 12volt car battery that opens the safety relays for the hybrid system batteries).

Disabling the SKE system means you use the open/close buttons on the fob, and would need to insert the fob into the slot to put the car in Ready mode.

It’s really a cool system, walk up to the car in the dark and it turns on the lights. It know when a key is outside the different sides of the car (driver, passenger, rear hatch, inside), and what doors unlock depend on the location of the fob (open the drivers door doesn’t unlock the rest of the doors, but opening the hatch or the passenger door does unlock everything). Can’t lock the doors with a fob in the car (spouse can’t leave her purse in the hatch with a fob).

There is only one keyhole, on the drivers handle, for the whole car (with a manual key inside the job).

Nicholas Weaver October 5, 2005 10:04 AM

Bruce: you went off the deep end a bit on this one:

Just about ALL car keys have short-range RFID tags: this is a key component of the anti-theft system: the physical key is only part of the authentication mechanism, the key must also respond properly. So you can RFID track just about everyone already, on the existing keys.

They also USE challange/response based cryptography. Not necessarily very strong cryptography (see the recent break on Fastpass/Ford ignition keys), but cryptography.

The concern I have is that with the crypto weak, it still works with physical keys: it’s a two factor authentication, something the key is (the pattern of cuts, which talks to the ignition cylander) and something the key knows (the crypto key, which talks to the computer. So you can’t hotwire the car without the crypto).

But what happens when they screw up the crypto and it is ONLY the crypto keeping the car from being stolen? THEN items like the sidewalk-surfing attack on FastPass/Ford keys becomes hugely significant.

Matthew Skala October 5, 2005 10:22 AM

“Can’t lock the doors with a fob in the car (spouse can’t leave her purse in the hatch with a fob).”

I don’t like that idea; it sounds like a recipe for carjackings and other violent crime. Being able to lock oneself inside the car is an important safety feature.

“Just about ALL car keys have short-range RFID tags”

I suppose that may possibly be true of cars being manufactured today, especially luxury cars, but it’s certainly not true of the population of cars actually on the road today.

rjh October 5, 2005 11:14 AM

Could you explain the anonymity concern? Already (without RFID) every car has a license plate that is both unique and readily visible from a distance. Already every car has a VIN number that is on an ID plate that is readily visible through the windshield. What is the extra concern added by RFID? The license plate readability range exceeds that of RFID, especially if the reader uses binoculars or other assistance. With the ease of deploying hidden cameras, cell phone cameras, etc. you have little anonymity already.

True, you can swap license plates (illegal) but a person walking past with a cellphone can capture the VIN tag in an instant. Swapping VIN tags is extremely difficult and makes it likely that the police get called the next time you service the car. It certainly voids all warrantees.

The manufacturers already have a financial motive to ensure that there is no predictable relationship between VIN and RFID. It is easiest to have a bin of RFID locks and take the next one in the bin as each car comes down the line. Then you record the relationship in a database. This gives maximum flexibility for manufacturing, which does save money. Assigning pseudo-random IDs to the parts when they are put into the bin makes the relationship of VIN to RFID sufficiently random as to be unusable.

dvla October 5, 2005 11:40 AM

Could you explain the anonymity concern?

Basically because RFID provides a definite, machine readable data stream, so you could track/steal accurate information with a device that doesn’t have to be in a line of sight of the vehicle (or otherwise visible) Also RFID data is much smaller than image data so stealing & tracking is much cheaper and comparing/analysing it is made much easier because the captured data is consistent between swipes

Ed T. October 5, 2005 12:01 PM

@Chris:

(C&C alert)

NSA: We don’t exist. If we did, we wouldn’t have that information. If we did, we wouldn’t be allowed to tell you. If we did, someone would have to kill you — but not us, as we don’t exist. Try calling the CIA.

CIA: Sorry, but we don’t conduct ops inside the USA. Try the FBI.

LWM (Left Wing Media): Who in the Bush Administration gave out the CIA’s number? We need a joint investigation by both houses of Congress, the GSA, and the ASPCA!

FBI: We’re not allowed to communicate with the CIA, DoD, or your local dog catcher. Try DHS.

DHS: Thanks for calling DHS. Please listen closely to every one of the following 57,891 menu items, as they may have changed since our last reorg. If you try to bypass these options, you will be returned to the beginning of this recording. For terrorism, press Option 1. For terrorism, press Option 2. For immediate assistance related to natural disasters, wait until the last option is announced…

-EdTr.

Thom October 5, 2005 12:22 PM

Ten years hence, and this is the norm. Car companies want to make additional money, so they sell access to this database. The database allows someone to know what token/tag belongs to whom by its broadcast, and not the authorization to start the car.

You’re walking through the mall, and an advert from Neiman Marcus addresses you by name.

As a “unique” tag, your employer requires you register your token with them. This way they know when your on property.

Its akin to what marketers had hoped blue-tooth would offer them when embedded in phones.

Lets not even begin to consider the uses this could be put to if stores started recording (and they will), who has been in or passed by their store.

Make a sales transaction? The store grabs your broadcast, stores it in relation to the purchase (especially if a credit card was used), and sells your purchase interests to the Direct Marketing Association and others.

Okay. I’m depressed.

jayh October 5, 2005 12:24 PM

Also RFID data is much smaller than image data so stealing & tracking is much cheaper and comparing/analysing it is made much easier because the captured data is consistent between swipes<<

Not to mention that devices can quietly automatically log ALL cars coming through an area and store that in a database for later pattern matching. The big risk here is that pattern matching will probably snare a lot of innocent people through false positives.

Geoff October 5, 2005 1:08 PM

@Nicholas

The concern I have is that with the crypto weak, it still works with physical keys: it’s a two factor authentication, something the key is (the pattern of cuts, which talks to the ignition cylander) and something the key knows (the crypto key, which talks to the computer. So you can’t hotwire the car without the crypto).<<

Your two-factor authentication analysis is invalid in this context. This is only single-factor authentication from the user’s point of view. The key is something the user has…period. Just because the key has cuts and crypto (weak) does not mean that it is two-factor authentication. Now if the user had to interract with the key to issue a response in the authentication protocol, then it would be two-factor authentication. Something the user has and something the user knows.

Davi Ottenheimer October 5, 2005 1:09 PM

@ Ed T

“LWM (Left Wing Media)”

Funny, but I find it curious that you didn’t couch the state agencies with the same bias you placed on the media.

Or were trying to alternate public agencies with fantasies? Would “unicorns” be next on your list of places/things to call for help?

Chris October 5, 2005 1:19 PM

@rjh:
The concern is that I don’t walk around all day, go shopping, etc. with my license plate around my neck. My car keys, however, are almost always in my pocket….

Davi Ottenheimer October 5, 2005 1:19 PM

“the economic barriers to security are far greater than the technical ones”

True, and maybe I’m just confused, but when are technical barriers greater than, or exclusive from, economic? I mean tough technical problems are “costly” to solve, no?

This part of the article reminded me of a recent debate about locking terminals and incactivity timers:

“In the parking lot, this approach means some cars now unlock as soon as you walk up to the door, with no need to push a button. Walk away after parking, and the car locks back up.”

Forget all the USB tokens, fingerprint readers, etc. that PC manufacturers are recommending. I find that most users want something that unlocks their PC automatically when they sit down at the keyboard and locks it when they leave (if they’re forced to lock it at all).

Tie that into their car-key and they’ll be really happy, albeit sacrificing quite a bit in return that they might not yet appreciate…

alex October 5, 2005 1:22 PM

Every Ford Focus (emphatically not a luxury car) has been built with an RFID system incorporated in the ignition key. All Hondas have this as well–I do not know when it was introduced. The security issues do not affect a small number of people.

The largest issue for me personally is the cost of the keys, typically over US$100. Also, the Ford system is limited in the additional keys that can be added (3) before the entire RFID system (incorporated into the engine management computer) needs to be replaced. So one doesn’t want to lose their keys….

The introduction of anti-theft systems in luxury cars fifteen years ago is one of the reasons ordinary car theft went into decline and car-jacking became more popular. I don’t know what the long-term implications of RFID keys are, but I suspect they will be orthagonal to our collective paranoia.

Davi Ottenheimer October 5, 2005 1:22 PM

“car keys, however, are almost always in my pocket”

In a radio shielded slieve, no? Or even if you didn’t want to use that approach, you could easily carry one of the RFID spamming devices that spews data to confuse or overwhelm sniffers.

David October 5, 2005 1:42 PM

My car keys are NEVER in my pocket, I carry a bag and I do so chiefly because I hate the feel of keys in my pocket.

So my computer would never lock — or never unlock — depending on where I stash my bag in the office.

Davi Ottenheimer October 5, 2005 2:21 PM

@ David

That’s probably right for the clunky physical metal keys with serrated edges, but what if your whole keyring were like a credit-card? Or maybe I should ask how you store your cell-phone (when you keep it with you)? Take the BMW/Audi/VW keys for example, which are basically a small flush rectangle…and then there’s the toyota car key, integrated into a watch.

Nicholas Weaver October 5, 2005 2:32 PM

Geoff: From the point of view of an attacker who doesn’t manage to steal the key itself, it IS a two-factor system: The attacker needs to replicate the effect of both the RFID (tell the computer its OK) and the physical key (hotwiring).

Its this style of key that has REALLY reduced the auto theft rates.

Removing the physical lock makes me much more nervous, as now we are reliant SOLELY on the car-maker’s crypto.

Real names aren't required, but please give us something to call you October 5, 2005 2:51 PM

Horses don’t:

  • require gasoline and oil
  • need RFID

Eventually the world will understand that we’re just fucking up the Earth too much with our coffins on wheels and will return to using what nature provided us for food, clothing, and transportation rather than trying to reinvent the wheel while causing our home the Earth suffering in the process.

The hurricane was the Earth reacting to the oil drills actions like a human hand would to a mosquito sucking away our blood.

As far as I’m concerned, anyone who drives a car instead of walking, riding a bike, or taking public transportation, deserves their fat body, the smoggy shit air they breathe, the road rage bullshit, etc. what fools who complicate their lives while thinking they’re saving so much time in the process.

Really
Foolish
Idiots
Decision

Davi Ottenheimer October 5, 2005 3:10 PM

@ Real

I know, I know, you’re just trolling but I have to ask how do you get around the same security issues with your solution. I mean a horse still has to know you to trust you, not to mention where/how to lock up something that’s constantly leaving piles of dung to deal with, and bicycles are so easy to steal without some kind of key…seems like you’re avoiding the issues to me.

Andre LePlume October 5, 2005 4:00 PM

@Davi:

I’ll rise to Ed T’s defense :^)

RWM: These so-called car keys are the mark of the beast! They are a Commu^H^H^H^H^Hliberal plot to create a central database so our guns can be taken away.

Chris October 5, 2005 4:02 PM

@Davi:

“In a radio shielded slieve, no? Or even if you didn’t want to use that approach, you could easily carry one of the RFID spamming devices that spews data to confuse or overwhelm sniffers.”

Is that an RFID spammer in your pocket, or are you happy to see me?

Paul O October 5, 2005 4:16 PM

RFID in cars may extend trackability, but is it that much more insecure than what we already permit if we carry a cellphone (powered on) with us at all times?

Anonymous October 5, 2005 4:17 PM

Abacuses don’t:

  • require electricity, which in the US is largely generated by natural gas, oil, and coal.
  • need RFID

Eventually the world will understand that we’re just fucking up the Earth too much with our quest to improve our knowledge, develop trade across distances too vast for walking, and killing defenseless animals to wear their skins.

And have you actually been around horses? They shit everywhere. You would replace what little air pollution is emitted by modern automobiles with mountains of horse crap, which would emit an amazing quantity of greenhouse gasses if they were used on a scale neccessary to support 6+ billion people?

As far as I’m concerned, people who drive an SUV 60 miles round trip each day to haul themselves and a small briefcase are seriously trying to compensate for something. We all know it, and that’s punishment enough. But I wish your skinny vegan gaia-worshiping ass gets run over by one.

Erik Carlseen October 5, 2005 4:23 PM

@EdTr. -> Immensely amusing.

@Davi -> If you don’t find his descriptions of the CIA, FBI, and DHS depreciating, you must really love big government in a scary way. But if it salves your sensitive liberal soul, please note that if EdTr’s satirical musings ever did perchance come to pass, Bill O’Reilly would run 18 segments on why it’s OK for the Bush Administration to give out the CIA’s number because it’s, you know, listed in the phone book and all.

Davi Ottenheimer October 5, 2005 4:29 PM

@ Erik

“you must really love big government in a scary way. But if it salves your sensitive liberal soul”

Wait, I thought it was conservatives in the US who love big government no? I must be both, and therefore neither. Oh well, the labels leave so much to be desired.

Anyway, my point was that he didn’t say whether the state agencies were liberal or conservative, so the list was incomplete, perhaps for the obvious reason that he really just loves unicorns and wants to mention them as often as possible. It’s nothing to be ashamed of, I guess, if it has become en vogue to believe in them.

Jim A. October 5, 2005 6:42 PM

@Chris

Me: Hello? Is this the NSA?

NSA: Yes, sir, this is the NSA public information office.

Me: Can you please tell me where I left my car key?

NSA: We’re showing 38.897362,-77.037742, Karl.

Paulie October 5, 2005 10:00 PM

@Matthew Skala

“Can’t lock the doors with a fob in the car (spouse can’t leave her purse in the hatch with a fob).”

I don’t like that idea; it sounds like a recipe for carjackings and other violent crime. Being able to lock oneself inside the car is an important safety feature.

If you’re IN the car, you can lock the doors. Just not from the outside via the lock buttons on the handles with the smary key system if there is a fob in the car. This is to prevent you from locking a fob in the car accidently.

If you disable the smart key system, you can leave a fob in the car. Not a good idea, but you can.

HS October 6, 2005 4:44 AM

A simple replay attack may not work, but what happens if someone extends the radio range of the key (in both directions)? Is there any protection against using the key in my pocket to open my car when I am not near the car? A thief could use my key remotely (using an antenna near the key), even if it’s not physically present. Does anybody here know enough about these systems to comment on this?

Chris Wright October 6, 2005 7:05 AM

@HS

It seems that you’d only need a pair of two-way radios, but one would have to be within a few feet of the RFID key fob. (The other, of course, would have to be in close proximity to the car in question.) Basically, it’s the same as making a mold of a key, sans any identifying marks, and using that to steal a car–you might go through thousands to find one on which it works, depending on where the owner parked. But there’s a difference, if you use this rather than a replay attack: you have to have your equipment in close proximity to the victim. That’s not always easy. Plus, having multiple people with RFID keys within range of that radio would probably mess with the signal rather effectively.

Robert October 6, 2005 7:12 AM

I recently emailed Bruce a link about a group of researchers who successfully hacked RFID keys for cars, and also the EZpay system for gas pumps. I can’t find the link anymore though.

Jurgen October 6, 2005 8:13 AM

Yawn How come all these so-(self-)called State-of-the-Art auto manufacturers have only lately started to offer RFID access ..? I use it for some five years now already on my midsize (i.e. subsubcompact in US terms) Renault Laguna, to much please and, hey here’s the real reason cars have it: to much silent awe of friends (?). If privacy is an issue, license plates are a good first thing to get rid of…

Paul October 6, 2005 10:15 AM

Just think of the fun when someone decides to set up a jammer in a mall parking lot on the day after Thanksgiving…

David October 6, 2005 10:35 AM

@Davi

Yes, a credit card could be nicer to carry, and I do usually keep my phone clipped to my belt.

The larger point is, there is nothing I carry 100% of the time. I guess the only 100% solution would be found at http://www.adsx.com/

Kevin Davidson October 6, 2005 2:23 PM

My Toyota Prius has that same entry system as the Lexus. When I just get near the car, the dome light comes on. It took me a few days to find out that the car even has a key–it’s hidden inside the transmitter case.

I must say the convenience of never having to pull out a key is nice.

Ari Heikkinen October 6, 2005 7:31 PM

My friend’s car has that RF key and I have to say it’s actually pretty cool. It’ll open the door locks before we’re even close too the car and lock the whole car up when we’re already walking far away. Each and every time we’re using his car I’m joking how someone had just cloned his key so that some thief can steal the car later.. 🙂

I actually liked Bond’s car much more. It would explode to bits in case someone tried to steal it.. 🙂

Davi Ottenheimer October 7, 2005 9:36 AM

@ David

Thanks for the link. Just for fun I’ve been designing a system very similar to this for pet doors. Many animals from the pound already have an implanted ID chip so the trick is just to make a door reader cheap and convenient enough to get pet owners to want one.

Delores Quade October 8, 2005 1:02 PM

@ David

“Just for fun I’ve been designing a system very similar to this for pet doors. Many animals from the pound already have an implanted ID chip so the trick is just to make a door reader cheap and convenient enough to get pet owners to want one.”

Keep in mind the reader/card combos don’t work well when slightly wet, like from drizzling rain. 🙁

Davi Ottenheimer October 9, 2005 7:02 AM

@ Delores

Yes, water always seems to throw a curveball at simple solutions. A bigger problem, actually, is the curious path of the US govt as it changes the chip standards from a 20 year old standard (125 kHz) to a new 134.2 kHz chip. I’m all in favor of meeting ISO 11784 and 11785, but the debate related to House Bill 2744 seems to indicate that it will be a while before chips/readers are standardized.

Mike McEwen October 10, 2005 10:15 AM

The car I hired for my last holiday had an RFID key. Just stand near the car and the doors would unlock when you tried to open them and you could just keep the card in your pocket and press the start button.

The sheer electronic gimmickry of the car made the geek in me long to test it, so we did all the tests we could think of, including things like pressing the stop button whilst driving to see what it would do (turns out it doesn’t do anything, the engine keeps on running), opening doors whilst driving, pressing the hand-brake button etc.

However, after doing all the weird tests we could think of we discovered we’d ‘broken’ the car. For some reason it thought that the boot (trunk) was open when it was actually closed. This had some rather unfortunate consequences.
1. Because the car believed the boot was already open it wouldn’t activate the electronic door lock for the boot, so we couldn’t actually open the boot. We had to fold down the back seats of the car to access the boot for the rest of the holiday.
2. Whenever we started the car it would let out a warning beep that the boot was open. This would happen whenever the car was stationary and then started moving, so we’d get the beep after we’d stopped in traffic and at traffic signals etc.
3. The worst aspect of this was that because the boot was open the car saw no reason that the rest of the car should be locked. So despite all our efforts we found that we just couldn’t lock the car any more.

We found no manual way (and we looked long and hard) to open the boot and no way to persuade the car that no, the boot wasn’t really open, it’s just that one of it’s sensors was broken, or maybe we broke the door logic with all our experiments.

Sheldon October 15, 2005 7:50 PM

Part of the issue is the gee-whiz factor of using a remote control device for security purposes.

My car didn’t come with an immobilizer or other security device. I went out and got one of the very few types approved by the Insurance Bureau of Canada for aftermarket installation.

It is a tiny device that goes on my key ring. To start the car, I push the contacts on the device into matching contacts on the dashboard. No key fob, no car start. It is possible to start the car without the key using a code number that is input into the immobolizer system using turning off and on the ignition using the code number.

No RFID chip as far as I know and a hardware solution that cannot be defeated by a clever thief with dealer software.

This is a less sexy solution than having a RFID chip built into the car key that is activated by proximity to a receiver in the car. But no one can tap this chip.

Xile October 17, 2005 9:31 AM

The passive access and the immobilizer are 2 different things. They can be combined however.

The RFID is actually the immobilizer. This thing has a very short range (1-2 inches) and supplies from the readers field. this means that someone who wants to read it would really have to almost touch it to be able to read it.
this highly limits you getting identified with your car fob.

the passive access uses two-factor authentication and there is no plain ID broadcasted so you could be identified.

there could be ways but they’re mostly not worth the effort.

@Mike McEwen
you could have unplugged the car battery to cause a system reset. Maybe then the car computer would have forgotten that the trunk was open (unless it was stored in EEPROM).
Might I know what car was it?

Xile October 17, 2005 9:38 AM

for passive access:

There are also (usually) protective measures against relay attack (pair of two-way radios)

The hash crypto is also sufficient to make brute force attack unfeasible (timming helps too)

Whitefox October 18, 2005 10:13 AM

Something I’d like to point out about this kind of RFID. First, it’s short range, I mean really short. Passive RFID chips like the one in my car key can only be accuritly read from under 4 feet away, and the equipment to do it is kind of bulky. I was at an RFID trade show last week, the smallest scanner there was about 1’x10″x8″ and looked like something out of Starwars (it also had a functional range of 9 inches). I’m much more worried about camera’s that can track my car by license plate as I drive around than I am about my RFID key being read by anybody else.

Anonymous November 10, 2005 5:42 PM

@ Davi

“Yes, water always seems to throw a curveball at simple solutions. A bigger problem, actually, is the curious path of the US govt as it changes the chip standards from a 20 year old standard (125 kHz) to a new 134.2 kHz chip. I’m all in favor of meeting ISO 11784 and 11785, but the debate related to House Bill 2744 seems to indicate that it will be a while before chips/readers are standardized.”

Hm.. I tried my best however to the best of my ability there is no bill by such number. It is possible that it was proposed during a different session of Congress but no record in the 109 th Congress.

Get back to me when you can.

Delores Quade November 10, 2005 5:43 PM

Crud. That previous post wasn’t annonymous. It was me:

@ Davi

“Yes, water always seems to throw a curveball at simple solutions. A bigger problem, actually, is the curious path of the US govt as it changes the chip standards from a 20 year old standard (125 kHz) to a new 134.2 kHz chip. I’m all in favor of meeting ISO 11784 and 11785, but the debate related to House Bill 2744 seems to indicate that it will be a while before chips/readers are standardized.”

Hm.. I tried my best however to the best of my ability there is no bill by such number. It is possible that it was proposed during a different session of Congress but no record in the 109 th Congress.

Get back to me when you can.

Celephicus November 13, 2005 8:28 PM

The so-called relay attack with a tranceiver link, one located near the car and one near the unsuspecting victim with the keys in their pocket is foiled by the simple trick of requiring the reply to the poll from the car to be received within a very tightly defined time slot. Tranceivers all introduce delays that would make the reply miss the slot.
Plus all this would allow if you did manage to get it working would be to start the car. The car would presumably continue to poll when the driver was inside the car and would take some action if the key did not reply.

Anonymous November 19, 2005 1:10 PM

I recently emailed Bruce a link about a group of researchers who successfully hacked RFID keys for cars, and also the EZpay system for gas pumps. I can’t find the link anymore though.

I was at Hopkins a few months ago, and I saw their test lab. It was very interesting.

mouse April 13, 2006 2:36 PM

is it possible to steal a keyless card system vehicle like a reanault laguna? as mine was but i cant understand how!

Another one on the boat July 4, 2006 7:45 PM

It’s definitely possible to steal a dual mode (car key + RFID) car … my neighbor’s Lexus just disappeared.

SilvaD January 5, 2007 5:54 PM

there are 3 types of immobilizers. the clever car theif has a reader that goes in the obd2 port and reads the immo. code which can then be used by the reader to turn off the immo. some vehicles let you enter it via the dash like a mercedez radio

technology is so great!

like bruce says, security through obscurity. these systems are easy to defeat, its just getting the knowledge and the tools

chicopanther August 14, 2007 11:59 PM

I, for one, refuse to buy any car with so-called “security” keys. Give me a plain old flat metal key! For one thing, I always like to carry a spare key in my wallet in case I’m out somewhere and manage to lock my keys in the vehicle. With modern “security” keys, the keys are way to fat to fit in a regular wallet, and being a straight make I’m not about to start carrying a purse just to carry my spare key in!

Another thing that bothers me about “security” keys are the fact that they introduce another failure point for legitimate users of vehicles. Now, when you turn the key and your car won’t start, you have to wonder… is it the starter? the relay? the damned key/pickup?

I hate those keys! Besides, if crooks want to steal your car, they’ll either tow it or carjack it. Theft deterrent, my arse!

mike April 10, 2008 6:53 PM

most big local lock smiths will copy RFID keys. my local one $35 .
i would surgest this if buying a used car.
on the honda’s they have to reprogram all the keys to be used. as the computer generates a new code.

Bayes April 15, 2008 11:26 AM

Why not put difficult to access RFIDs into automobiles at the time of manufacture? Then law enforcement could use readers placed along or in highways to automatically detect and report vehicles that they are searching for, such as stolen vehicles.

tOBY pATOBI January 4, 2010 4:48 PM

It is a challenge response protocol. With the exception of the GM systems that had resistors in the key blade.

The ECM sends a generated key and the passive rfid keygens it. Simply sniffing it is useless. You have to build a calculated keybase and have a FPGA or something respond.

This also isn’t just on high-end cars, the Honda Prelude started getting them in 1995 for example, and many more had it way back in the late 80s.

The system has held it’s own in the industry, thieves don’t steal using any vulnerabilities, they key clone with stolen keys or dealer access, or steal a key, also valet keys are left in glove boxes.

TI, Maximo(?), and I think Hitachi are just a few of the chip makers.

namrata August 2, 2012 3:16 PM

hi, i am an engineering student. my project topic is to design an anti vehicle theft system. so,can you please explain me, how this RFId car key exactly works?

robertt August 2, 2012 6:38 PM

@namrata
the problem with designing a good rfid security system has nothing to do with real life information security. unfortuately or maybe fortunately, there are product definition problems that practically ensure it is impossible to achieve real life security, especially if you consider jammer and mitm attacks. intentionally jamming specific bits and patterns will always be veryeffective attack vectors. auto resynch attacks are also very effective. the only people that believe these systems are secure are those too dumb to see fundamental system protocol errors, since these guys are the customer it is usually not helpfull, to sales, to point out their problems

K.I.S.S. December 18, 2012 12:28 PM

Looking into vehicle security in 2008, I went with Ravelco and the KISS approach. Seems thieves are still baffled by the lack of technology and some nice covert wiring footwork. All a thief needs is a computer that matches the year, make, model and drivetrain with a corresponding key. Theft is usually a team affair to disable alarm, watch for interested parties and start the vehicle. This makes two of them very busy causing #3 to get REALLY nervous about the 5-10 minute clock.

Mathew April 9, 2013 5:02 AM

We have installed UHF RFID technology to open close boom barriers at a site when authorized cars enter/exit facility. The tags we are using for vehicle tracking
EPC Global Class-1 Gen-2 compliant
Read distance: 45 ft.
Tag size: 90mm x 65mm x 0.8mm
Mounted inside car windshield

Issue: Some high end cars/SUVs like Honda, Skoda, the above cards don”t work (the reader doesn’t get a signal bounce back from reader to activate boom barrier access controls). Kindly suggest any solution for this, highly appreciate the same.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.