Keyless or clueless, part 2

22 May 2006

A belated follow-up to the recent post about keyless ignition systems comes courtesy of automotive consultancy SBD. It’s good to see that this team of boffins, which has studied electronic security systems in depth, endorses the Auto IT view.

David Bell, managing director of SBD, said: “The level of encryption in a transponder is so high, that even a thief equipped with the appropriate software would need much longer than [a few minutes to crack BMW's keyless entry code]. The computing power required to break down the protection is way beyond the capacity of a laptop, unless the thieves have previously managed to source confidential security data about the car.”

As Auto IT noted, there is a risk built into any security technology that rests on keeping certain information secret. The privileged few in the know will invariably include at least one corrupt or corruptible individual. Criminal gangs have, for example, been known to infiltrate banks via the front door – getting jobs as cleaners, temporary staff or even front-office staff, often using stolen identities. It’s not exactly ludicrous to suppose that a criminal element might infiltrate a car dealership chain or car factory. Indeed, BMW satnav systems have been stolen from the assembly line and sold online in the past.

Anyway, SBC chief David Bell goes on: “We have undertaken extensive research in this field for our recent report on Key Component Management, which illustrates both the strengths and weaknesses inherent in the systems deployed by manufacturers for storing the sensitive data for the programming of keys. Of greater concern than computer code cracking is the security provided by motor manufacturers and dealers to prevent bogus or criminal access to replacement keys and immobilisers. Obtaining a legitimate vehicle key through relatively simple fraud poses a much greater threat than the concept of thieves applying complex computer technology to do the job.”

So there you have it. It’s not the dodgy computerised keyless entry system you have to worry about – it’s the dodgy moustachioed guy in the dealership that should make you nervous.

Given that you have to hand over your key to get your car serviced, Auto IT wonders if it’s only a matter of time before “skimming” comes to the automotive world. For those not in the know, skimming is the illegal practice of making a duplicate copy of a magnetic-stripe bank card while the owner isn’t looking – typically while a card is being used to pay for a restaurant bill.

Presumably, unscrupulous dealership workers would be well placed to make copies of keyless entry cards. Or, if local copies are not possible due to the technical design, they might make bogus applications for replacement keys on behalf of their legitimate customers. Given that dealers tend to know owners’ address details and thus where cars are kept, those cars could then go missing in the dead of night, weeks or months later...

Next » « Previous Home