Most people with clue know that electronical security that relies on the algorithm being secret is weak. The less elements you have that have to be kept secret, the more secure system you have. And in case of security algorithms peer-reviewing really works – and there’s already lots of working methods available, so there’s no need to invent your own. Apparently this manufacturer didn’t have enough clue and wanted to have a trade secret algorithm that’s secret. And the results are in:
so-called side-channel attack on car keys (or building keys), which can be cloned from a distance of several 100 meters.
Based on the research, an attacker can reveal the secret key for the remote control in under an hour, and the manufacturer key of the corresponding receivers in less than a day.
"Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key and to open your garage or unlock your car," says Paar. "With another malicious attack, a garage door or a car door can be remotely manipulated so that legitimate keys do not work any more. Thus, after the security of the building or car has been breached, the attacker can prevent you from future access."
Sunday Herald: Scientists Crack Security System Of Millions Of Cars.
Mikko
December 19th, 2008
The answer to the problem? Make the car companies liable for any damage caused in such a way, because they are guilty of criminal negligence.
zds
December 19th, 2008
Very good solution, but I’m not holding my breath. It’s almost like maker of sub-par electronic voting system would be liable for expenses of the re-elections. Good idea, but not going to happen.