was thinking while driving today
#1
was thinking while driving today
for some reason, i was thinking about how car theifs hot wire cars to be able to drive them. I guess i looked at the push start and thats what popped in my head. anyway, the IS works w/ the sensor in the key if not it just gives the "no key detected." so, what if it was hot wired..would it not start? i mean, would the system would be spazzing out.
i know its weird, but i kinda want answer so i stop thinking about whether it would happen seeing how i would never try it on my car(plus, i have no clue about wires)
i know its weird, but i kinda want answer so i stop thinking about whether it would happen seeing how i would never try it on my car(plus, i have no clue about wires)
#6
It will turn on the lights, but it will not start the engine (hence the engine immobilizer part). That's a computer program issue, not a "hot wire" issue...
#7
There is a certificate ECU in the car that handles all engine start requests by authenticating the key. If the key does not respond to the certificate ECU challenge correctly, the certificate ECU will not generate the necessary code for the engine ECM to start.
It may be possible to hot wire the starter and get it to spin the engine, but you will not get the engine to run until the ECM receives a proper code from the certificate ECU.
No key, no start. End of story.
FWIW, I am a CISSP, so I was very keen on understanding the security mechanisms built into the smartkey system when I bought the car.
It may be possible to hot wire the starter and get it to spin the engine, but you will not get the engine to run until the ECM receives a proper code from the certificate ECU.
No key, no start. End of story.
FWIW, I am a CISSP, so I was very keen on understanding the security mechanisms built into the smartkey system when I bought the car.
Last edited by lobuxracer; 06-21-07 at 12:14 PM.
Trending Topics
#8
I'm not sure what version of RFID the IS [Lexus] uses, but there are lengthy articles how to "capture" the signal that is being emitted by the transmitter [constantly] - break the encryption and gain access to the vehicle including driving off.
There was an article/video that I watch several months ago - someone hacked into a subject's BMW in literally 10 minutes time. The test subject was unaware how or when the RFID signal coming out of his fob was hi-jacked.
More advanced RFID automotive applications have moved to 128Bit and 256Bit encryptions, but I'm not sure what Mfg is doing this, and at what speed.
There was an article/video that I watch several months ago - someone hacked into a subject's BMW in literally 10 minutes time. The test subject was unaware how or when the RFID signal coming out of his fob was hi-jacked.
More advanced RFID automotive applications have moved to 128Bit and 256Bit encryptions, but I'm not sure what Mfg is doing this, and at what speed.
Last edited by MLevinson; 06-21-07 at 12:38 PM.
#9
Encryption doesn't solve the problem. Any encryption can be broken, it's just a matter of time. The ideal system uses encryption and a challenge/response from the RFID. The certificate ECU sends an secret to the RFID, the RFID decrypts the secret, modifies it using an agreed upon protocol, and encrypts the response before returning it to the certification ECU. The certification ECU decrypts the response and compares it to its own calculation of the correct response, then generates a certificate which it sends to the engine ECM to allow it to start.
This is the way I've been led to believe the system works. If anyone knows better, please jump in and correct me.
This is the way I've been led to believe the system works. If anyone knows better, please jump in and correct me.
#11
Make sense...?
Last edited by MLevinson; 06-21-07 at 12:40 PM.
#12
#13
#14
No one even looked twice.
#15
This is the crux - yes encryption(s) can be broken, but how long does it take and has the PSK changed at the other end..? As I understand it, the keys are "roaming" - so in essence, you have only one shot at doing this. As soon as that fob is sent a request [in this case from the ECU] for authentication, a new key is then generated thereafter. So even if someone did grab and hack the RFID encryption, it will be useless unless this can be transmitted back before the fob is returned.
Make sense...?
Make sense...?
If someone knows the algorithms and encryption used, they can play either man-in-the-middle or they can impersonate you. The average "rolling code" is fairly simple to manipulate because they (especially the older ones) use a single fixed algorithm that the attacker knows. More modern systems use multiple algorithms and select one of them randomly that the receiver also has and can identify using a flag send with the original request. This helps prevent predicting the new code by introducing additional uncertaintly.
Whether Toyota has adopted this methodology is a good question. One of the things in their favor is they are the only remaining major manufacturer whose ECM code has not been cracked. They do take IP security very seriously at Toyota, so I would not at all be surprised if the authentication technology they use is cutting edge. Besides, all of us who specialise in IT security know that any authentication system can be spoofed, it's just a matter of cost.