When you buy a new car that comes with a remote for keyless entry, the embedded code is supposed to be one of 18 billion billion values. This technology — most car manufacturers are still using Keelog encryption from the 1980s — is supposed to be pretty darn secure, and it’d take computers ages to figure out exactly which code goes with which car.
A group of researchers has found a way to circumvent keyless entry fobs by grabbing the signal sent from the fob to the car, duplicating it in less than an hour. In fact, they say that within about 50 minutes, they’d be able to send out a signal that will unlock your car, perfectly mimicking what your so-called secure key fob would do. What this means is that when they “break” into your car, no alarm is set off and they can take their merry time robbing your blind. This is much less attention-grabbing than a smashed window.
The scenario that they imagine is to have a “van full of snooping equipment” in the middle of a packed shopping mall parking lot. The equipment listens in on “hundreds of keyfobs wirelessly locking car doors. Then, with little more than a few keystrokes and an hour or so later, the crooks sing ‘Jingle Bells’ to the tune of hundreds of car doors opening in harmony.”
Yeah, it’s time for carmakers to update their 20-year-old tech.