Hi all
Here’s my basic technical explanation.
You may or may not be aware that BMW can remotely unlock the E89 (text message) and that the keys you are using are using RfID (somewhat like the chip device in your Credit Card)
I have played around with Tech security over the years (Ethically) and also recently developed an RfID solution for my business. I can confirm it is in fact relatively easy for the technically minded to crack car security if they know how to. However in this case I do not feel that is the explanation, as crackers using this tech are simply not interested in Vauxhalls, more £100K vehicles.
Easy as 1 2 3 4
Scan
Probe
Attack
Result
It’s relatively easy to scan the neighbourhood to intercept both text messages as well as wireless transmissions, whether for networking or for a range of other radio frequencies including mobile telephones, DECT and standard mobiles, or for radio frequencies covering the RfID technology currently used in various security equipment or for key systems that switch off alarms and open doors.
For example, when Beckams X5 was stolen, they hacked a Texas Instruments chip using only a laptop, with an antenna and scanner software to itemise the local RfID chip that controlled the Beemer. It really wasn’t that difficult. The result was that Texas Instruments finally introduced encryption (128 bit)
RfID can be passive or active, by using the tags in ignition systems (at 40 bit) all that was required was to be within vicinity of the transponder (RfID tag in the key or the ignition system) and crack the code, which used to take about 15 minutes using a program designed for the task at hand, but this is now approx 20 to 30 secs.
The industry knows this tech isn’t foolproof but it has still seriously reduced auto theft.
It is in fact easier with keyless entry systems as there is the alarm and door opening to deal with if it’s not keyless entry, however we are talking another minute at most for that.
Here’s how
You have the program on your laptop that replicates a car manufacturers ignition system ( lets say BMW) & you sit close to the owner (with the key in his / her pocket)
You scan the local area and pick up the transponder details (using software)
You decrypt the challenge / response pairs (using software) using at basic what is known as a brute force attack; the system will eventually find a pair that work and you can predict the sequence
You go to the vehicle and send out the correct response pair
Voila
You drive away fast (-;
2nd gen transponders are far better than the first, but it’s still possible.
For those of you with keyless entry, (especially 1st Gen) at the least consider keeping your key in a metal shroud as this minimises active scanning attacks, as wrapping your key in tin foil looks rather chav, don’t you agree?
