Monday, March 31, 2008

The Case of the Flacid Fob

Researchers from Ruhr University Bochum, Germany, presented a complete break of remote keyless entry systems based on the KeeLoq RFID technology. The shown vulnerability applies to all known car and building access control systems that rely on the KeeLoq cipher. "The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters" says Prof. Christof Paar. "Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key..."

A KeeLoq system consists of an active Radio Frequency Identification (RFID) transponders (e.g., embedded in a car key) and a receiver (e.g., embedded in the car door). Both the receiver and transponder use KeeLoq as encryption method for securing the over-the-air communication.

KeeLoq has been used for access control since the mid-1990s. By some estimates, it is the most popular of such systems in Europe and the US. Besides the frequent use of KeeLoq for garage door openers and other building access applications, it is also known that several automotive manufacturers like Toyota/Lexus (Chrysler, Daewoo, Fiat, GM, Honda, Volvo, VW, Clifford, Shurlok, Jaguar, etc.) base their anti-theft protection on assumed secure devices featuring KeeLoq.
(more)
(Hacker video explaining KeeLoq. Minutes: 36:18 - 41:35)
(How to Steal Cars - A Practical Attack on KeeLoq)