False Sense Of Security, Or How To Steal A Car With Your Computer

False Sense Of Security, Or How To Steal A Car With Your Computer

For most of us, that familiar beep-beep as we walk away through a parking lot or garage is enough assurance that our car is both locked and safe. Often a tiny flashing light on the dashboard also alerts would be criminals that the car is protected by the latest form of antitheft security. And for the most part, that is true; a sophisticated set of encryption and electronics is at work inside.

However, don’t be surprised to find your state-of-the-art, antitheft-protected vehicle stolen. Complex technology doesn’t necessarily raise the barrier for entry for cyber criminals; sometimes it does the exact opposite.

Just ask Czech-born Radko Soucek, a streetwise career car thief and unlikely example of a high-tech criminal. Soucek, now in his 30s, has been stealing cars since age 11 in a country that holds the unenviable reputation of having ten times more car thefts per year than any other European nation, according to the International Association of Auto Theft Investigators. Czech officials attribute most of the 51,000 thefts per year in that country to thieves who work in teams stealing cars, forging registrations, and stripping parts – organized crime, by any other name. Soucek works by himself. “You leave your car, lock it and walk around it toward your house: That’s how long I would need to take it,” he told the Prague Post.

In the 1990s, as more and more European automotive manufacturers started incorporating computer technology into expensive Mercedes, BMWs, Ferraris and Porsches, Soucek realised he could defeat the manufacturer’s antitheft software with his own. Lacking any formal computer training, he uses internet-provided software, which is rapidly becoming available in Prague and elsewhere. From within Prague-Ruzyne˘ Prison, Soucek said that 20 years ago all he needed was a pair of scissors to steal any Italian sports car. “Now you need a lot more technology.” He said he no longer uses dime-store implements; today he uses a laptop.

Gangs, like those operating on the streets of other European countries, often search for and steal particular high-end makes and models of cars. By specialising, it’s possible for these gangs to guess, through sheer trial and error, the electronic antitheft codes found in keyless entry fobs. Another possibility, one that’s more likely, is that they already know the vendor’s proprietary code algorithm (it was either stolen, purchased, or provided by an insider or someone within a dealership).

Codes used by these antitheft systems do not make us more secure; they make us complacent. We trust in them so much that we forget commonsense lessons, such as parking in a well-lighted spot, hiding valuables, or using an auxiliary locking mechanism on the wheel or the brake. We assume the high-tech solution is somehow better than past experience. We have become careless with our cars and our sense of what’s secure.

Security works best in layers. As we will see, antitheft technology in cars is actually going backward; instead of adding security, manufacturers are decreasing it by providing greater convenience to the driver.

And we’re also to blame. We’re so confident in our belief that high technology is better than common sense that we’ll ignore the condition of the neighborhoods we park in and do without the benefit of The Club or other steering wheel–locking gadget.

Yet, the auto insurance industry disagrees. Clearly something has resulted in a decrease in auto thefts in the United States in the last few years. Preliminary U.S. Department of Justice figures for 2009 show a remarkable decrease of 17.9 per cent in auto thefts. This follows a 12.7 per cent decrease in 2008, 8.1 per cent in 2007, 3.5 per cent in 2006, 0.2 per cent in 2005, and 1.9 per cent in 2004. The National Insurance Crime Bureau (NICB), a nonprofit organisation that follows car theft, finds a similar six-year decline. NICB data show that 83 percent of the 366 metropolitan statistical areas within the United States reported lower thefts in 2009 than in 2008. Much of this decrease, I think, is the result of education and legislation and not, as the insurance industry claims, the increased use of antitheft gadgets.

Although it is impossible to say exactly how many auto thefts are the direct result of laptops emulating the digital codes issued by a standard key fob, it is more than a few. When he was arrested in 2006, Soucek had the data for 150 stolen cars on his laptop. “You could delete all the data from your laptop, but that’s not good for you because the more data you have, the bigger your possibilities,” he said.

So, how hard is it to use a laptop to steal a new car?

First, we need to understand what’s happening when we unlock the door, insert the metal key into the ignition, and start a car today. Most cars use a keyless remote entry fob: You push a button, and the resulting radio signal either locks or unlocks the car’s doors; in some models, it opens the hatch or trunk. Using a tiny battery, the fob can broadcast a coded signal up to one hundred feet in order to make contact with the car, generating the beep-beep and the flash of headlights that audibly and visually identify your car in a crowded parking lot. The fob and car wirelessly exchange a series of nanosecond challenges and responses. If the car receives the expected code, it performs the function.

For added security, these codes are rolling, or what the industry calls hopping, codes. Both the keyless fob and the car use the same pseudorandom-number generator following a proprietary algorithm. When you lock or open your car door, both the car and fob store into memory the next code. If you hit your key fob while away from your car, the car and fob will fall out of sync. The car receiver solves this by accepting any of the next 256 possible codes. If you press the fob 257 times while far away from the car, however, you may not be able to resynch the fob with your car. It’s important to note that the key fob in this case only controls entry to the vehicle.

Once you are inside, a second antitheft technology, a static vehicle immobiliser chip embedded within the plastic base of the key, becomes important. Immobilisers in the United States have been cited for the sharp decrease in auto thefts in recent years. Unlike with keyless entry, the immobiliser’s radio frequency identification (RFID) chip must be queried, or “energised”, externally by the car. After you insert the immobilizer key into to the ignition block, a transponder within the car (usually near the steering column) energises and queries the chip inside the metal key. In exchange, the energised immobiliser chip broadcasts a low frequency code. The broadcast distance between the key and the immobiliser is only a few inches, so the key must be in the ignition slot.

Once the chip inside the physical key is validated, the immobiliser system unlocks the rest of the electronic systems in the car. Older cars use what are called fixed keys (one code per vehicle), while cars made today randomly generate and store new immobiliser codes after each use. Today immobiliser systems are no longer separate components of the car but bundled within the electronic subsystems.

Even without validation of the immobiliser chip, a car can be driven a short distance before locking up. A valet key, often provided by the dealer as a third key, lacks an immobiliser chip. The valet key exists to allow the valet to park the car a short distance away, not drive off on the freeway.

These two technologies – keyless entry and vehicle immobiliser chips – form the basis of most high-tech antitheft technologies in cars sold today. Both rely on RFID codes exchanged over the air. The flaw, if any, is that most cars use only forty-bit encryption for this; upon introduction in the 1990s, this was sufficient, but it is no longer adequate.

The more bits of encryption, the harder it is for someone to guess or break the code. The more bits, the more processing time and resources you’ll need to do so. Forty bits used to take days to crack; now it takes much less time. Today 256 bits is considered strong encryption, but it is doubtful you’ll find a car on the street with that level of crypto.

That’s because chips today are much faster. Back in 1965, Intel’s Gordon Moore famously wrote in Electronics Magazine that the number of transistors on a given chip would double every two years. This exponential growth in computer processing power has lead to the more powerful, yet less expensive, computers we have today. And because of trivial flaws inherent in the basic underlying design of some digital signature transponder (DST) devices or key fobs – be they manufacturer or third party provided – some cars today are more susceptible to laptop car thefts than others. And as Soucek demonstrates, it doesn’t take a genius to realise that.

In Radko Soucek’s favourite film, Gone in Sixty Seconds, Nicolas Cage’s character has a holy grail – one car that he has longed for but never stolen. For Soucek that car is the Mercedes Maybach. At prices close to $US500,000 each, only a few exist within the Czech Republic. Soucek knows where those cars can be found.

He has no doubt he could defeat the antitheft system in the Maybach if he got the chance. But Soucek has a much more immediate concern. In 2006, he was convicted of stealing at least 150 cars in Prague over a six-month period. He is currently serving a prison sentence.

That Soucek was so prolific and so successful is no surprise, given that he kept all his previous antitheft code keys on the hard drive of his laptop. He had to. As he successfully crunched the numbers of one car, he used the previous successful sequence to calculate the code of the next car from the same manufacturer. This is smart for a career criminal since Soucek, working independently of a gang, could build his own database, then learn to anticipate each new car’s individual code sequence through trial and error. But it’s also very risky. When authorities finally nabbed Soucek, they found more than enough evidence on his laptop’s hard drive to arrest him.

When Soucek gets out, he’s already got plans. He told the Prague Post he’s outgrown the Czech Republic; he might just take his act to France or Spain. Or to the United States. He said, “I would like to take my activities abroad to show them a little of how it’s done.”

Excerpted from When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies, by Robert Vamosi. Available from Basic Books, a member of The Perseus Books Group. Copyright © 2011.

Republished from io9