Criminals find the key to vehicle ignition immobilizers.

AFTER a 16-year decline, car theft in Germany rose in 2009, according to figures released recently by the German Insurance Association. One "white hat" hacker, who probes security systems to flag up flaws that can then be patched, thinks he knows why. Karsten Nohl of Security Research Labs in Berlin, Germany, has identified vulnerabilities in the engine immobilizers used to protect modern cars from theft.

A device fitted within the key fob of a modern car broadcasts an encrypted radio signal to the car as the driver starts the vehicle. If the signal is recognized by the car's receiver, it responds by sending an encrypted signal to the engine control unit (ECU), which allows the car to start. If the driver tries using the incorrect car key fob, the ECU locks down the engine.

For over a decade, immobilizers have played a crucial role in reducing car theft, says Nohl. But the proprietary encryption keys used to transmit data between the key fob, receiver and engine are so poorly implemented on some cars that they are readily cracked, Nohl told the Embedded Security in Cars conference, in Bremen, Germany, last month.

Last year he took just 6 hours to uncover the algorithm used to create the encryption key in a widely used immobilizer - the Hitag 2 made by Dutch firm NXP Semiconductors - making it easy to "de-immobilize" any car using that algorithm. And in 2005 Ari Juels of RSA Labs in Cambridge, Massachusetts, and researchers at Johns Hopkins University in Baltimore, Maryland, took under an hour to crack an encryption system sold by US technology firm Texas Instruments.


Link:
http://www.newscientist.com/article/mg20827894.500-criminals-find-the-key-to-car-immobilisers.html