Blogs » Nerds » Rebuttal: How you lock your car...


This is from Snopes:

Automobile remote keyless entry systems (RKE) were introduced in the 1980s. They've proved to be a big hit, making it easier for the grocery-laden to unlock their cars and sparing many of the terminally forgetful from finding they've left their keys in the ignitions of their now-locked cars or their purses on the seats of same.

The earliest RKE systems were quite vulnerable to the sort of attack described in the warning e-mails quoted above. Their RF transmitters (usually built into key fobs) sent unique identifying codes that could be picked off by 'code grabbers,' devices that recorded the codes sent out when drivers pushed buttons on their remote key fobs to lock or unlock their cars.

However, times change and technology advances. In response to the fixed code security weakness, automakers shifted from RKEs with fixed codes to systems employing rolling random codes. These codes change every time a given RKE system is used to lock or unlock car doors and thus renders 'code grabbers' ineffective. That form of more robust code system became the industry standard for remote keyless entry systems in the mid-1990s, so automobiles newer than that are not vulnerable to being quickly and easily opened by criminals armed with code grabbers.

It is theoretically possible for a very determined thief armed with the right technology and the ability to manipulate it correctly to snatch a keycode from the air and use it to enter a vehicle. However, the complexity and length of time involved in that process means your typical crook can't simply grab an RKE code in a parking lot and open up the corresponding car within a minute or two: the would-be thief would need specialized knowledge and equipment and would have to spend hours (if not days) crunching data and replicating a device to produce the correct entry code, then hope he could locate the same vehicle again once all the other steps had been completed. (In most parking lot scenarios, the target car would be long gone before the putative thief was able to open it.) As Microchip Technology, the manufacturer of KEELOQ brand RKE systems, noted of this possibility: The theoretical attack requires detailed knowledge of the system implementation and a combination of data, specialized skills, equipment and access to various components of a system which is seldom feasible. These theoretical attacks are not unique to the Keeloq system and could be applied to virtually any security system. Many different law enforcement agencies have observed that the overwhelming majority of automobile break-in thefts (i.e., the stealing of property from car trunks or passenger compartments) are crimes of opportunity perpetrated by people in search of items they can quickly and easily re-sell for cash. Such criminals are not wont to delay their gratification for hours or days while their code grabbers crunch numbers and work out how to keylessly open particular cars: They instead resort to quick, tried-and-true methods such as jimmying locks and smashing windows, and if they can't get into a given car easily, they'll simply move on to the next one. None of the police agencies we spoke with had ever heard of an instance of an automobile break-in theft being accomplished through the method described above.

One of the circulated versions of this warning contains the contact information for Const. Wally Henry, an RCMP officer from Sherwood Park, Alberta. Henry disclaims the story being spread in his name, saying in his voice mail message to those who telephone, "If your call is concerning an e-mail with my name attached to it, please be advised that the information in that e-mail is false, and please do not disseminate it any further."