As I am sure is the case with most Internet users, I periodically get emails from friends and family warning me of new and creative dangers that I should look out for. Most of these alerts are common sense like, “don’t open a link from this website” or “don’t smell strangers’ perfume in random parking lots.” Others might summon mild, temporary interest like, “this food will kill you” or “what to do if you are trapped in a tornado.” These FYIs turn out to be false 99% of the time, but nonetheless, our inquisitive nature leads us to read them and maybe even consider them if they do not sound especially ludicrous–i.e., how many people still believe that tapping the side of a soda can will prevent it from fizzing over the top?

I received such an email the other day and something magical happened. In my ordinary course of consulting our learned friends at Snopes [] in the hope that I could quickly rebut some gullible relative of mine who cannot fathom the Internet being used for trickery, I discovered that Snopes could not fully refute the rumor. Instead, it gave the report the hybrid red/green indicator signifying “multiple truth values.” The variation of the email message I received is excerpted below:

[T]here is evidence that a new form of automobile burglary has begun to occur around the country. Thieves may be using a device that allows them to copy the signal sent out when automobile owners use their remote key button [sic] to lock their vehicles. The thief records the signal and then watches as the intended victim walks away. Then they simply unlock the vehicle….The only way to avoid this type of crime is to use the car door lock button located inside your vehicle, rather than using your remote locking device.

It seems that while this type of attack has very little chance of actually occurring, it is theoretically possible. Whenever you activate your remote keyless entry system (RKE) by pressing the lock or unlock button on your key fob, as opposed to the button on the inside of the door, you transmit a unique code through the air. When this technology was introduced in the 1980s, the transmitter in your key produced a fixed code that pertained to your automobile. Thus, theft could occur quite easily if the perpetrator had an interceptor that could grab the code from the air and unscramble it.

When the technology became standard on cars in the mid-1990s, however, automakers switched to a rolling random code system where a different code is transmitted each time the RKE is activated. According to computer science professor Eli Biham of the Techicon-Israel Institute of Technology, this produces 18 billion combinations for a car thief to hack. The writers at Snopes reassure us that in order to unscramble the code, the car thief would need “specialized knowledge and equipment and would have to spend hours (if not days) crunching data and replicating a device to produce the correct entry code….” The odds are low that your car would be at the same location by the end of this process.

Snopes concession that such an attack is theoretically possible leads me to believe other sources that indicate Snopes may not be presenting the full picture. One article suggests that Biham and his fellow researchers made the concern much more plausible by their creation of a master key, which they were able to produce by eavesdropping on an electronic key for about one hour. By intercepting several transmissions from the key, the researchers could assemble and unscramble the data and create the master key in about a day’s time. Someone with this device and a code-grabber could then sit in a parking lot and eavesdrop, and it would just take a moment to analyze and pair the information with that of a known master key. Voila?

With all the pranks and rumors circulating on the Internet, maybe this study is a hoax too. But something that Snopes reports could technically happen deserves at least some attention. If the risk identified by Biham does exist, perhaps it will take a couple more years before it becomes a genuine concern. I hope to have a new car by then with all the latest technology. In the meantime, I will continue to use the key lock on my ’99 Pontiac Grand Am. You want it? Come get it.

— Andrew Cunningham

Image Source

Comments are closed.