Back in the day when the original Palm Pilot was a hot new piece of technology, I remember BMW and a number of other car companies started selling cars with a keyless entry system based on an infrared transmitter in a key fob, just like a television remote control. Unfortunately, whatever sort of protocol the system used for authentication was quickly undermined and the Palm Pilot’s infrared transmitter suddenly became a key to all manner of expensive new automobiles.
Something similar has happened again. The KeeLoq system, used in the keyless entry systems of most car manufacturers, has been cracked by computer security researchers. A PDF of their research paper is online. The attack requires about one hour of radio communication with the key, which could be done surreptitiously while the owner is in an office or restaurant. The cryptographic analysis involved takes about a day and produces a ‘master key’ that can actually open a number of different cars. Having collected a large number of such master keys, it would be possible to intercept a single transmission between a key and a car (say, when someone is parking), identify the correct master key, and open the door in seconds. While this will not start the car – and there are certainly other methods available for breaking into one – it does create a risk for theft of objects inside cars in a way that shows no signs of forced entry. In many such cases, claiming insurance compensation is difficult.
Of course, mechanical locks also have their failings. One important difference has to do with relative costs. Making a physical, key-based access control system more secure probably increases the cost for every single unit appreciably. By contrast, improving the cryptography for a system based on an infrared or radio frequency transmission probably involves a one-off software development cost, with negligible additional costs per unit. As such, it is especially surprising that the KeeLoq system is so weak.