HOUSTON CHRONICLE
January 31, 2005
Researchers Crack Car Key Code
The Associated Press - 9:21 a.m. ET Jan.
31, 2005 - Researchers said they have found a way to crack the code used in
millions of car keys, a development they said could allow thieves to bypass the
security systems on newer car models. The research team at Johns Hopkins
University said Saturday it discovered that the "immobilizer" security system
developed by Texas Instruments could be cracked using a "relatively inexpensive
electronic device" that acquires information hidden in the microchips that make
the system work.
The radio-frequency security system being used in more than 150 million new
Chevrolet, Fords, Chrysler, Toyotas and Nissans involves a transponder chip
embedded in the key and a reader inside the car. If the reader does not
recognize the transponder, the car will not start, even if the key inserted in
the ignition is the correct one. It's similar to the new gasoline purchase
system in which a reader inside the gas pump is able to recognize a small
key-chain tag when the tag is waved in front of it. The transaction is then
charged to the tag owner's credit card. Researchers said they were able to crack
that code, too.
"We stole our own car, and we bought gas stealing from our own credit card,"
said Avi Rubin, a professor of computer science at Johns Hopkins who led the
research team. Texas Instruments was recently given demonstrations of the team's
code cracking capabilities, but the company maintains its system is secure. Tony
Sabetti, a business manager with Texas Instruments, said the hardware used to
crack the codes is cumbersome, expensive and not practical for common thieves.
"I think the way in which it's presented as being inexpensive to do and quick
and all the rest of that is an exaggeration," Sabetti said. "And because of
that, we believe the technology still is extremely secure for the applications
that it's used in." But Rubin said the code-breaking demonstrations illustrate
that developers did not pay enough attention to security. "I think the
implications are that it sets us back about 10 years ago where we were with car
security," Rubin said.
In the seven years the technology has been in use, Texas Instruments has never
had a reported incident where a car has been stolen or a gasoline-purchasing tag
has been duplicated, company spokesman Bill Allen said.