Researchers: We cracked car alarm system

[kostby]

Quote »BALTIMORE (AP) — Researchers said Saturday they have found a way to crack the code used in millions of car keys, a development they said could allow thieves to bypass the security systems on newer car models. The research team at Johns Hopkins University said it discovered that the "immobilizer" security system developed by Texas Instruments could be cracked using a "relatively inexpensive electronic device" that acquires information hidden in the microchips that make the system work. The radio-frequency security system being used in more than 150 million new Fords, Toyotas and Nissans involves a transponder chip embedded in the key and a reader inside the car. If the reader does not recognize the transponder, the car will not start, even if the key inserted in the ignition is the correct one. It's similar to the new gasoline purchase system in which a reader inside the gas pump is able to recognize a small key-chain tag when the tag is waved in front of it. The transaction is then charged to the tag owner's credit card. Researchers said they were able to crack that code, too. "We stole our own car, and we bought gas stealing from our own credit card," said Avi Rubin, a professor of computer science at Johns Hopkins who led the research team. Link to full article --> http://www.usatoday.com/tech/n...x.htmQuestion: What sort of 'University research team' tries to crack car alarms and fastpass devices?

[Z600]

Interesting.But you know what my first thought on this was?"They have special keychains so people don't have to carry credit cards to the pump? How utterly useless and lazy is that?!" Do they have a way to pop the locks on your run-of-the-mill keyless entry? Seems like they should... it can't be that hard. I've just never heard of it being a problem.~ Z600

[Baltovibe]

Quote, originally posted by Z600 »Do they have a way to pop the locks on your run-of-the-mill keyless entry? Seems like they should... it can't be that hard. I've just never heard of it being a problem.~ Z600Yea, I see devices in mags like Nuts & Volts that try every digital code to unlock a car or open a garage door ... similar to the TV-B-Gone remote that turns off TVs.

[ToolGuy]

Hey if they want it let em have it, that is what insurance is for. And I better not get it back it they take it! The Vibe goes to Detroit 2-3 days a week and I thought about an alarm but then as the Vibe gets older and I theif were to take it, oh well I will get another.

[Flip-Side]

Quote, originally posted by Baltovibe »Yea, I see devices in mags like Nuts & Volts that try every digital code to unlock a car or open a garage door ... similar to the TV-B-Gone remote that turns off TVs. It is not that simple. USAToday is sensationalizing again. You all should know the whole story, and not the one regurgitated by the ever so reliable media. I read this story 2 days ago from the source. It can be a bit technical, but a very informative read.Here...http://rfidanalysis.org/

[kostby]

I'm not surprised by the news that someone has hacked a security system... Unfortunately, that's what hackers DO, some with profit motives, some with anarchy in mind, some with revenge in their hearts, and probably most, for the pure entertainment and challenge of it.What I am surprised and outraged by is that major university has apparently condoned and encouraged such totally unethical behavior under the guise of 'RESEARCH'. Individual hackers, working alone, would take years to arrive at the same results.Johns Hopkins has aided and abbeted the enemy! Isn't there a review process before research projects are authorized at Johns Hopkins? What the heck happened?Being the conspiracy theorist that I am, it sure seems to me like an un-named 'someone' has a grudge against Texas Instruments.Perhaps 'they' lost money in a stock deal, or a venture capitalist shunned them in favor of TI, or they were not hired by TI, or let go by TI after a short time, or TI introduced a competing product (hmm, RFID/security system related maybe?) that caused them to lose employment at a competitor?This so-called RESEARCH has effectively obsoleted the Speedpass system and the vehicle security system of millions of Ford, Toyota and Nissan vehicles. Are these 'researchers' at Johns Hopkins prepared to compensate Texas Instruments and the millions of users of these devices for the damage they have caused?

[Flip-Side]

The stand taken by the researchers, is that the 40-bit encryption(designed in the early 90s) is unacceptable by todays standards. They then go on to prove how vulnerable it could be. There are already far better designs available, and they are promoting advancement for the security vulnerablility they found. That being said, they did not make this technology obsolete and vulnerable by doing what they did. They proved that someone with less than honest motives could capitalize on a system that is already obsolete, and you can be sure steps will be taken because of this research paper. Mobil has systems in place, just like what credit card companies have, to deal with this kind of theft and keep customers safe. If you think this is less secure than paying with your credit cards, you are mistaken. All you need to steal a credit card today, is take out your camera phone in line at walmart, and take a picture of a card in someones hand. This story is sensationalized by the media, and there is no cause for alarm.