Keyless or clueless? Mechanical locks still a good idea

4 May 2006

First, apologies for the extended break in coverage. That's blogging: sometimes work projects get right in the way. Still, now that the new Audi TT has been unveiled you'll know what Auto IT has been up to (I wish).

Anyway, to business. According to a report in Auto Express, thieves were able to make off with a BMW X5 owned by football star David Beckham, owing to that car's reliance on keyless entry and ignition. The system made the vehicle vulnerable to hackers armed with a laptop and some wireless kit.

The story underscores what's wrong with a lot of the auto makers' adoption of technology: too much blind faith.

The story suggests that the makers thought a 20 minute delay would be sufficient to prevent a brute-force attack, in which every possible electronic combination is exhaustively explored until the lights flash and the doors pop open. But they were clearly wrong.

The story also states that keyless security often relies on "information that only the manufacturer is supposed to know". In the IT industry this tactic is called security through obscurity, and these days it's a tactic employed only by software professionals who are stupid, deluded or con-artists. Secrets tend to leak, and there are better ways to ensure that a system remains closed to all but the most determined prodder.

No security system is foolproof, however, particularly when makers need to provide access to vehicles where owners may have genuinely lost all their keys. The master keys - software or hardware - will be the last line of attack if criminals have no other option. Always assuming, of course, that they don't simply beat up the owner to steal a regular set of keys.

Next » « Previous Home