Sep 05 2007
Quite recently there have been a number of articles talking about how the KeeLoq cipher encryption has been cracked and this by using a new method to speed up the processing to crack a key 500 times. Basically what Eli Biham, Orr Dunkelman, Sebastiaan Indesteege, Nathan Keller and Bart Preneel has proven is that by sniffing the communication between the remote key and the car they can collect the needed data to crack the cipher. In their case all the need is access to the key token for one hour to send challenge/response question to it and with the collected data it took them around one day to crack the key.
KeeLoq is a cipher used in several cars manufactures anti-theft mechanisms distributed by Microchip Technology Inc. It may still protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or Jaguar. The cipher it self is included in the remote key control for the car and similar solutions can be found as well in garage ports and security gates, etc. It has been used quite widely due to that the needed hardware to produce this kind of key token is really cheap.
The biggest issue here is also that when finding one KeeLoq key it also leaks the master key and by that this cipher is now damaged severely due to that sooner or later there will be code in the public to perform this kind of trick yourself. Microchip Technology has so far not chosen to comment on this yet and the team behind the discovery will not release the full report before they’ve talked to Microchip.
I wonder what the car insurance companies has to say about this if the car gets stolen without any trace (I’m already smelling car fraud attempts).
Note: For more readings there are several sources to download papers from so here is a range of suggestions: www.cosic.esat.kuleuven.be/keeloq/ and cryptanalysis by Andrey Bogdanov and Nicolas Courtois.