Car Theft
#1
Advanced
Thread Starter
Car Theft
Don't know if this is real, but I recieved this email and it sounds possible:
"Interesting, what will they think of next? (Surely the dealership asks for ID)
Seems that car thieves have found yet another way to steal your car or truck
without any effort at all. The car thieves peer through the windshield of your
car or truck, write down the VIN # from the label on the dash, go to the
local car dealership and request a duplicate key based on the VIN #.
I didn't believe this e-mail, so I called a friend at Chrysler Dodge and
pretended I had lost my keys. They told me to just bring in the VIN #, and they
would cut me one on the spot, and I could order the keyless device if I wanted.
The Car Dealer's Parts Department will make a duplicate key from the VIN #,
and collect payment from the thief who will return to your car. He doesn't have
to break in, do any damage to the vehicle, or draw attention to himself. All
he has to do is walk up to your car, insert the key and off he goes to a local
Chop Shop with your vehicle.
You don't believe it? It IS that easy.
To avoid this from happening to you, simply put some tape (electrical tape,
duct tape or medical tape) across the VIN Metal Label located on the dash
board. By law, you cannot remove the VIN, but you can cover it so it can't be
viewed through the windshield by a car thief.
I urge you to forward this to your friends before some other car thief steals
another car or truck.
I slipped a 3 x 5 card over the VIN #. "
"Interesting, what will they think of next? (Surely the dealership asks for ID)
Seems that car thieves have found yet another way to steal your car or truck
without any effort at all. The car thieves peer through the windshield of your
car or truck, write down the VIN # from the label on the dash, go to the
local car dealership and request a duplicate key based on the VIN #.
I didn't believe this e-mail, so I called a friend at Chrysler Dodge and
pretended I had lost my keys. They told me to just bring in the VIN #, and they
would cut me one on the spot, and I could order the keyless device if I wanted.
The Car Dealer's Parts Department will make a duplicate key from the VIN #,
and collect payment from the thief who will return to your car. He doesn't have
to break in, do any damage to the vehicle, or draw attention to himself. All
he has to do is walk up to your car, insert the key and off he goes to a local
Chop Shop with your vehicle.
You don't believe it? It IS that easy.
To avoid this from happening to you, simply put some tape (electrical tape,
duct tape or medical tape) across the VIN Metal Label located on the dash
board. By law, you cannot remove the VIN, but you can cover it so it can't be
viewed through the windshield by a car thief.
I urge you to forward this to your friends before some other car thief steals
another car or truck.
I slipped a 3 x 5 card over the VIN #. "
#3
Unfortunately this is very true. When I worked in auto repair, more than once we'd lock a customers keys in the car. It was no problem to call a local dealer and get a key made.
What's really funny is that, while you can hide the VIN on the dash pretty easily, you can't hide the ones etched into the windows. So something that's designed to deter theft actually might foster it instead.
What's really funny is that, while you can hide the VIN on the dash pretty easily, you can't hide the ones etched into the windows. So something that's designed to deter theft actually might foster it instead.
#5
this is an urban legend, but there is some truth to it... it is pretty easy to get keys made via VIN for older model cars. It is supposedly harder with new ones, but I doubt it.
#7
Originally Posted by Yoda117
this is an urban legend, but there is some truth to it... it is pretty easy to get keys made via VIN for older model cars. It is supposedly harder with new ones, but I doubt it.
Trending Topics
#8
Advanced
Thread Starter
Here is more info on the Article called "Vin Laden" - Which states that the scheme is true
http://www.snopes.com/crime/warnings/vin.asp
http://www.snopes.com/crime/warnings/vin.asp
#9
Team Anthracite Member
Join Date: Dec 2004
Location: Chatsworth, CA
Age: 51
Posts: 118
Likes: 0
Received 0 Likes
on
0 Posts
So they don't need that super secret code that they give you along with your keys? The VIN provides the same information to the dealer as the code does? Shoot.
#11
Originally Posted by 04RedParchTL
I do not see the vin number on my glass on any of the windows. Is it it etched into the glass on the TL and if so where?
#13
[]( O)( O)% []D[][]V[][]D
Join Date: Nov 2004
Location: Mahopac,NY
Posts: 190
Likes: 0
Received 0 Likes
on
0 Posts
Not true..i lost the key to my expedition once i went to the dealer n they wanted my drivers license n match my last name to the registration of the vehical..i doubt dealers are that stupid...ford wasnt
#14
Moderator Alumnus
Originally Posted by 04AcuraTL
Not true..i lost the key to my expedition once i went to the dealer n they wanted my drivers license n match my last name to the registration of the vehical..i doubt dealers are that stupid...ford wasnt
Even my local body shop owner told me this 10 years ago, he could make the key (94 Legend) for me if I lost them.
#15
Instructor
Join Date: Dec 2004
Location: Vancouver, BC
Age: 55
Posts: 142
Likes: 0
Received 0 Likes
on
0 Posts
The key would open the door but not start the engine as your original keys only have the microchip programmed to start your TL's engine. Basically, the key the dealer cuts for the thief will open the door but not start the car.
#16
TL User
Join Date: Jul 2004
Location: San Francisco, CA
Age: 45
Posts: 171
Likes: 0
Received 0 Likes
on
0 Posts
Read this too about this e-mail on snopes.com
http://www.snopes.com/crime/warnings/vin.asp
http://www.snopes.com/crime/warnings/vin.asp
#17
Moderator Alumnus
Originally Posted by golferboy1862
The key would open the door but not start the engine as your original keys only have the microchip programmed to start your TL's engine. Basically, the key the dealer cuts for the thief will open the door but not start the car.
The same rule could apply to this topic. Those busters in the dealership or having the connection to dealers still could get those immobilizor-chip keys. If the owners could get them from the dealers, I couldn't see why those pro cannot get them from "their dealers". IMO.
#18
.:KCCO:.
Originally Posted by golferboy1862
The key would open the door but not start the engine as your original keys only have the microchip programmed to start your TL's engine. Basically, the key the dealer cuts for the thief will open the door but not start the car.
you logic pretty funny... why would the dealer sell you a key that cant start a car. hahahahaha those keys have the microchips in them too hahahahaha
you're a funny guy
#19
Team Nighthawk MechE
Originally Posted by midas69
The Acura doesn't have it. There are a few cars that offer it from the factory. More often it's a dealer option and inlcudes more than just windows. They put the number on the engine and other parts too. The idea is that it's easy to trace the parts and determine they came from a stolen car and thus make it less desirable to a thief.
#20
Instructor
Join Date: Dec 2004
Location: Vancouver, BC
Age: 55
Posts: 142
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by ayethetiense
are you kidding me?!?!!?? hahahahha
you logic pretty funny... why would the dealer sell you a key that cant start a car. hahahahaha those keys have the microchips in them too hahahahaha
you're a funny guy
you logic pretty funny... why would the dealer sell you a key that cant start a car. hahahahaha those keys have the microchips in them too hahahahaha
you're a funny guy
#21
Originally Posted by ayethetiense
are you kidding me?!?!!?? hahahahha
you logic pretty funny... why would the dealer sell you a key that cant start a car. hahahahaha those keys have the microchips in them too hahahahaha
you're a funny guy
you logic pretty funny... why would the dealer sell you a key that cant start a car. hahahahaha those keys have the microchips in them too hahahahaha
you're a funny guy
So, if the thief gets the VIN number, and the dealer is stupid enough to sell a key to someone without proper identification, then all they will be able to do is to unlock the door and trunk and steal what they want, but they won't be able to start the car.
But, if a professional thief wants your car, he can get it, immobilizer or not. All the immobilizer does is make it harder for the amateur to steal your car.
#22
Team SSM Queen
Join Date: Dec 2003
Location: The Beautiful Hudson Valley
Posts: 982
Likes: 0
Received 146 Likes
on
75 Posts
Originally Posted by DarkWraith33
I was offered this from my dealership for $250! They only recomended it if I got a reduction in my insurance rates.... Which I did not, so I didn't get that.
#23
Instructor
Join Date: Dec 2004
Location: Vancouver, BC
Age: 55
Posts: 142
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Ron A
The microchip in the new key has to be coded to the car. If you have the original key and just want to make a duplicate for a spare, there will be a minimal charge to code the new key. But if you don't have the original key, then the car has to be there so the key can be coded, and I have read that they will charge you about $200 to perform this operation.
So, if the thief gets the VIN number, and the dealer is stupid enough to sell a key to someone without proper identification, then all they will be able to do is to unlock the door and trunk and steal what they want, but they won't be able to start the car.
But, if a professional thief wants your car, he can get it, immobilizer or not. All the immobilizer does is make it harder for the amateur to steal your car.
So, if the thief gets the VIN number, and the dealer is stupid enough to sell a key to someone without proper identification, then all they will be able to do is to unlock the door and trunk and steal what they want, but they won't be able to start the car.
But, if a professional thief wants your car, he can get it, immobilizer or not. All the immobilizer does is make it harder for the amateur to steal your car.
#24
Now with i-Vtec
Originally Posted by Ron A
The microchip in the new key has to be coded to the car. If you have the original key and just want to make a duplicate for a spare, there will be a minimal charge to code the new key. But if you don't have the original key, then the car has to be there so the key can be coded, and I have read that they will charge you about $200 to perform this operation.
So, if the thief gets the VIN number, and the dealer is stupid enough to sell a key to someone without proper identification, then all they will be able to do is to unlock the door and trunk and steal what they want, but they won't be able to start the car.
But, if a professional thief wants your car, he can get it, immobilizer or not. All the immobilizer does is make it harder for the amateur to steal your car.
So, if the thief gets the VIN number, and the dealer is stupid enough to sell a key to someone without proper identification, then all they will be able to do is to unlock the door and trunk and steal what they want, but they won't be able to start the car.
But, if a professional thief wants your car, he can get it, immobilizer or not. All the immobilizer does is make it harder for the amateur to steal your car.
Yep ^. The TL has a Transponder in the head of the key and the vehicle or a current operating key is required in order to make a key that will start the car.
I am a Professional Locksmith and can tell you from experience some dealerships don't give a shit if you can prove it's your car or not. Also, all it requires to get a key is possibly having a connection at a dealership.
Another thing is that dealerships do not keep records of key codes longer than 10 years. So if a car is more than 10 years old then they will not be able to look up the code and cut you a key.
I believe my '02 WRX was also stollen this way!
Oh and just because a car is equipped with a transponder doesn't mean it can't be stolen.
Take an ITR (Integra Type R) for example. It was the first acura I believe to come equipped with Transponder technology and it is also one of the most stolen and desired cars among theives. The type R unfortunately was/is easily stolen by swapping out the ECU for say a GSR . Some companies even sell OBD2 to OBD1 conversion harnesses to run a chipped P28 on the type R. This however does away the transponder. Which just makes things that much easier for the damned theives.
These are just theft "deterant" devices.
#26
got this email at work and we called an acura dealership!!
my coworkers got this email and we called the acura where i bought my 05 tl from and she pretended that she had lost her keys and they guy says, " Already?" hahah
the guy tells her to have the car towed there so that they could reprogram it and what not to the key and the car.
so I don't think its that easy to get a copy of the key, but who knows???
ANYTHING IS POSSIBLE!!
the guy tells her to have the car towed there so that they could reprogram it and what not to the key and the car.
so I don't think its that easy to get a copy of the key, but who knows???
ANYTHING IS POSSIBLE!!
#27
Advanced
Thread Starter
It really depends on the person you deal with, some will require identification and some may not or some may be in on the car theft ring. Anything is possible.
#28
It's true and checks out on snopes.com (Urban Legends) at http://www.snopes.com/crime/warnings/vin.asp
#29
[]( O)( O)% []D[][]V[][]D
Join Date: Nov 2004
Location: Mahopac,NY
Posts: 190
Likes: 0
Received 0 Likes
on
0 Posts
it's not true about the 01 type r to be the first acura with a tranponder key..i had a 98 2.3cl with it. plus the dealer can make u a copy of the key, but if ur car isnt phisically at the dealer it cant be programed..the only way to do this is to have the car phisically there whick costed me 140$ to do. there for u cant start the car till the dealer gets the vehical n then requires a ID n registration, unless like stated before someone working on the inside.
#30
Now with i-Vtec
Originally Posted by 04AcuraTL
it's not true about the 01 type r to be the first acura with a tranponder key..i had a 98 2.3cl with it. plus the dealer can make u a copy of the key, but if ur car isnt phisically at the dealer it cant be programed..the only way to do this is to have the car phisically there whick costed me 140$ to do. there for u cant start the car till the dealer gets the vehical n then requires a ID n registration, unless like stated before someone working on the inside.
#31
Drifting
Yeah, I think this is urban legend too. Either that or the Chrysler dealer is run by bafoons.
I never tried with Acura or Infiniti, but for my Pontiac, the dealer won't cut you a key unless you actually bring in either the car title, or a copy of the lien thingy the bank holds. (They won't take registration, which I thought was odd. Either that, or I wasn't listening carefully).
And further, I don't know if I can do this on my TL, but on my GTP, I configured the computer to disable the ability to disarm the alarm using the key. So if you had a copy of the key made, when you unlock and open the door,the alarm will still go off, and the car still won't start, even though you have the correct transponder.
I got pissed at my TL, because if you unlock the door with the key, the alarm disarms. I've been trying to find a way to disable this, but ran into a brick wall... Can anyone shed any light on this?
I never tried with Acura or Infiniti, but for my Pontiac, the dealer won't cut you a key unless you actually bring in either the car title, or a copy of the lien thingy the bank holds. (They won't take registration, which I thought was odd. Either that, or I wasn't listening carefully).
And further, I don't know if I can do this on my TL, but on my GTP, I configured the computer to disable the ability to disarm the alarm using the key. So if you had a copy of the key made, when you unlock and open the door,the alarm will still go off, and the car still won't start, even though you have the correct transponder.
I got pissed at my TL, because if you unlock the door with the key, the alarm disarms. I've been trying to find a way to disable this, but ran into a brick wall... Can anyone shed any light on this?
#32
Team SSM Queen
Join Date: Dec 2003
Location: The Beautiful Hudson Valley
Posts: 982
Likes: 0
Received 146 Likes
on
75 Posts
Did you see this article in the Times yesterday -
Graduate Cryptographers Unlock Code of "Thiefproof" Car Key
If you can't access and want me to post let me know - it's long!
Graduate Cryptographers Unlock Code of "Thiefproof" Car Key
If you can't access and want me to post let me know - it's long!
#33
Moderator Alumnus
Yes, very long... I saw it yesterday, too...
Originally Posted by narnia
Did you see this article in the Times yesterday -
Graduate Cryptographers Unlock Code of "Thiefproof" Car Key
If you can't access and want me to post let me know - it's long!
Graduate Cryptographers Unlock Code of "Thiefproof" Car Key
If you can't access and want me to post let me know - it's long!
I'd be happy to have such kind of breakthrough stuff to be my dissertation...
Originally Posted by NY Times
January 29, 2005
Graduate Cryptographers Unlock Code of 'Thiefproof' Car Key
By JOHN SCHWARTZ
BALTIMORE - Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at Lowe's. Nothing unusual about that, except that the automobile industry has spent millions of dollars to keep him from being able to do it.
Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind "immobilizer" systems from Texas Instruments Inc. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in millions of Fords, Toyotas and Nissans.
All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it.
An executive with the Texas Instruments division that makes the systems did not dispute that the Hopkins team had cracked its code, but said there was much more to stealing a car than that. The devices, said the executive, Tony Sabetti, "have been fraud-free and are likely to remain fraud-free."
The implications of the Hopkins finding go beyond stealing cars.
Variations on the technology used in the chips, known as RFID for radio frequency identification, are widely used. Similar systems deduct highway tolls from drivers' accounts and restrict access to workplaces.
Wal-Mart is using the technology to track inventory, the Food and Drug Administration is considering it to foil drug counterfeiting, and the medical school at the University of California, Los Angeles, plans to implant chips in cadavers to curtail unauthorized sale of body parts.
The Johns Hopkins researchers say that if other radio frequency ID systems are vulnerable, the new field could offer far less security than its proponents promise.
The computer scientists are not doing R.&D. for the Mafia. Aviel D. Rubin, a professor of computer science who led the team, said his three graduate students did what security experts often do: showed the lack of robust security in important devices that people use every day.
"What we find time and time again is the security is overlooked and not done right," said Dr. Rubin, who has exposed flaws in electronic voting systems and wireless computer networks.
David Wagner, an assistant professor of computer science at the University of California, Berkeley, who reviewed a draft of a paper by the Hopkins team, called it "great research," adding, "I see it as an early warning" for all radio frequency ID systems.
The "immobilizer" technology used in the keys has been an enormous success. Texas Instruments alone has its chips in an estimated 150 million keys. Replacing the key on newer cars can cost hundreds of dollars, but the technology is credited with greatly reducing auto theft. - Early versions of in-key chips were relatively easy to clone, but the Texas Instruments chips are considered to be among the best. Still, the amount of computing the chip can do is restricted by the fact that it has no power of its own; it builds a slight charge from an electromagnetic field from the car's transmitter.
Cracking the system took the graduate students three months, Dr. Rubin said. "There was a lot of trial and error work with, every once in a while, a little 'Aha!' "
The Hopkins researchers got unexpected help from Texas Instruments itself. They were able to buy a tag reader directly from the company, which sells kits for $280 on its Web site. They also found a general diagram on the Internet, from a technical presentation by the company's German division. The researchers wrote in the paper describing their work that the diagram provided "a useful foothold" into the system. (The Hopkins paper, which is online at www.rfidanalysis.org, does not provide information that might allow its work to be duplicated.
The researchers discovered a critically important fact: the encryption algorithm used by the chip to scramble the challenge uses a relatively short code, known as a key. The longer the code key, which is measured in bits, the harder it is to crack any encryption system.
"If you were to tell a cryptographer that this system uses 40-bit keys, you'd immediately conclude that the system is weak and that you'd be able to break it," said Ari Juels, a scientist with the research arm of RSA Security, which financed the team and collaborated with it.
The team wrote software that mimics the system, which works through a pattern of challenge and response. The researchers took each chip they were trying to clone and fed it challenges, and then tried to duplicate the response by testing all 1,099,511,627,776 possible encryption keys. Once they had the right key, they could answer future challenges correctly.
Mr. Sabetti of Texas Instruments argues that grabbing the code from a key would be very difficult, because the chips have a very short broadcast range. The greatest distance that his company's engineers have managed in the laboratory is 12 inches, and then only with large antennas that require a power source.
Dr. Rubin acknowledged that his team had been able to read the keys just a few inches from a reader, but said many situations could put an attacker and a target in close proximity, including crowded elevators.
The researchers used several thousand dollars of off-the-shelf computer equipment to crack the code, and had to fill a back seat of Mr. Green's S.U.V. with computers and other equipment to successfully imitate a key. But the cost of equipment could be brought down to several hundred dollars, Dr. Rubin said, and Adam Stubblefield, one of the Hopkins graduate students, said, "We think the entire attack could be done with a device the size of an iPod."
The Texas Instruments chips are also used in millions of the Speedpass tags that drivers use to buy gasoline at ExxonMobil stations without pulling out a credit card, and the researchers have shown that they can buy gas with a cracked code. A spokeswoman for ExxonMobil, Prem Nair, said the company used additional antifraud measures, including restrictions that only allow two gas purchases per day.
"We strongly believe that the Speedpass devices and the checks that we have in place are much more secure than those using credit cards with magnetic stripes," she said.
The team discussed its research with Texas Instruments before making the paper public. Matthew Buckley, a spokesman for RSA Security, said his company, which offers security consulting services and is developing radio frequency ID tags that resist unauthorized eavesdropping, had offered to work with Texas Instruments free of charge to address the security issues.
Dr. Wagner said that what graduate students could do, organized crime could also do. "The white hats don't have a monopoly on cryptographic expertise," he said.
Dr. Rubin said that if criminals did eventually duplicate his students' work, people could block eavesdroppers by keeping the key or Speedpass token in a tinfoil sheath when not in use. But Mr. Sabetti, the Texas Instruments executive, said such precautions were unnecessary. "It's a solution to a problem that doesn't exist," he said.
Dan Bedore, a spokesman for Ford, said the company had confidence in the technology. "No security device is foolproof," he said, but "it's a very, very effective deterrent" to drive-away theft. "Flatbed trucks are a bigger threat," he said, "and a lot lower tech."
Graduate Cryptographers Unlock Code of 'Thiefproof' Car Key
By JOHN SCHWARTZ
BALTIMORE - Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at Lowe's. Nothing unusual about that, except that the automobile industry has spent millions of dollars to keep him from being able to do it.
Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind "immobilizer" systems from Texas Instruments Inc. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in millions of Fords, Toyotas and Nissans.
All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it.
An executive with the Texas Instruments division that makes the systems did not dispute that the Hopkins team had cracked its code, but said there was much more to stealing a car than that. The devices, said the executive, Tony Sabetti, "have been fraud-free and are likely to remain fraud-free."
The implications of the Hopkins finding go beyond stealing cars.
Variations on the technology used in the chips, known as RFID for radio frequency identification, are widely used. Similar systems deduct highway tolls from drivers' accounts and restrict access to workplaces.
Wal-Mart is using the technology to track inventory, the Food and Drug Administration is considering it to foil drug counterfeiting, and the medical school at the University of California, Los Angeles, plans to implant chips in cadavers to curtail unauthorized sale of body parts.
The Johns Hopkins researchers say that if other radio frequency ID systems are vulnerable, the new field could offer far less security than its proponents promise.
The computer scientists are not doing R.&D. for the Mafia. Aviel D. Rubin, a professor of computer science who led the team, said his three graduate students did what security experts often do: showed the lack of robust security in important devices that people use every day.
"What we find time and time again is the security is overlooked and not done right," said Dr. Rubin, who has exposed flaws in electronic voting systems and wireless computer networks.
David Wagner, an assistant professor of computer science at the University of California, Berkeley, who reviewed a draft of a paper by the Hopkins team, called it "great research," adding, "I see it as an early warning" for all radio frequency ID systems.
The "immobilizer" technology used in the keys has been an enormous success. Texas Instruments alone has its chips in an estimated 150 million keys. Replacing the key on newer cars can cost hundreds of dollars, but the technology is credited with greatly reducing auto theft. - Early versions of in-key chips were relatively easy to clone, but the Texas Instruments chips are considered to be among the best. Still, the amount of computing the chip can do is restricted by the fact that it has no power of its own; it builds a slight charge from an electromagnetic field from the car's transmitter.
Cracking the system took the graduate students three months, Dr. Rubin said. "There was a lot of trial and error work with, every once in a while, a little 'Aha!' "
The Hopkins researchers got unexpected help from Texas Instruments itself. They were able to buy a tag reader directly from the company, which sells kits for $280 on its Web site. They also found a general diagram on the Internet, from a technical presentation by the company's German division. The researchers wrote in the paper describing their work that the diagram provided "a useful foothold" into the system. (The Hopkins paper, which is online at www.rfidanalysis.org, does not provide information that might allow its work to be duplicated.
The researchers discovered a critically important fact: the encryption algorithm used by the chip to scramble the challenge uses a relatively short code, known as a key. The longer the code key, which is measured in bits, the harder it is to crack any encryption system.
"If you were to tell a cryptographer that this system uses 40-bit keys, you'd immediately conclude that the system is weak and that you'd be able to break it," said Ari Juels, a scientist with the research arm of RSA Security, which financed the team and collaborated with it.
The team wrote software that mimics the system, which works through a pattern of challenge and response. The researchers took each chip they were trying to clone and fed it challenges, and then tried to duplicate the response by testing all 1,099,511,627,776 possible encryption keys. Once they had the right key, they could answer future challenges correctly.
Mr. Sabetti of Texas Instruments argues that grabbing the code from a key would be very difficult, because the chips have a very short broadcast range. The greatest distance that his company's engineers have managed in the laboratory is 12 inches, and then only with large antennas that require a power source.
Dr. Rubin acknowledged that his team had been able to read the keys just a few inches from a reader, but said many situations could put an attacker and a target in close proximity, including crowded elevators.
The researchers used several thousand dollars of off-the-shelf computer equipment to crack the code, and had to fill a back seat of Mr. Green's S.U.V. with computers and other equipment to successfully imitate a key. But the cost of equipment could be brought down to several hundred dollars, Dr. Rubin said, and Adam Stubblefield, one of the Hopkins graduate students, said, "We think the entire attack could be done with a device the size of an iPod."
The Texas Instruments chips are also used in millions of the Speedpass tags that drivers use to buy gasoline at ExxonMobil stations without pulling out a credit card, and the researchers have shown that they can buy gas with a cracked code. A spokeswoman for ExxonMobil, Prem Nair, said the company used additional antifraud measures, including restrictions that only allow two gas purchases per day.
"We strongly believe that the Speedpass devices and the checks that we have in place are much more secure than those using credit cards with magnetic stripes," she said.
The team discussed its research with Texas Instruments before making the paper public. Matthew Buckley, a spokesman for RSA Security, said his company, which offers security consulting services and is developing radio frequency ID tags that resist unauthorized eavesdropping, had offered to work with Texas Instruments free of charge to address the security issues.
Dr. Wagner said that what graduate students could do, organized crime could also do. "The white hats don't have a monopoly on cryptographic expertise," he said.
Dr. Rubin said that if criminals did eventually duplicate his students' work, people could block eavesdroppers by keeping the key or Speedpass token in a tinfoil sheath when not in use. But Mr. Sabetti, the Texas Instruments executive, said such precautions were unnecessary. "It's a solution to a problem that doesn't exist," he said.
Dan Bedore, a spokesman for Ford, said the company had confidence in the technology. "No security device is foolproof," he said, but "it's a very, very effective deterrent" to drive-away theft. "Flatbed trucks are a bigger threat," he said, "and a lot lower tech."
#34
TL-SHAWD 6MT Rocks!
Originally Posted by midas69
Unfortunately this is very true. When I worked in auto repair, more than once we'd lock a customers keys in the car. It was no problem to call a local dealer and get a key made.
What's really funny is that, while you can hide the VIN on the dash pretty easily, you can't hide the ones etched into the windows. So something that's designed to deter theft actually might foster it instead.
What's really funny is that, while you can hide the VIN on the dash pretty easily, you can't hide the ones etched into the windows. So something that's designed to deter theft actually might foster it instead.
#35
The original comment for this thread was posted in a lot of urban legend sites for a reason guys... that said it has been reported as true.
Another poster put up something that I was going to do as well, that a university group had cracked the 32-bit encryption on the key chips.
Best rule is to provide layers of security. If one method fails, the others kick in (such as lojack, high-voltage stun alarms, etc.)
Another poster put up something that I was going to do as well, that a university group had cracked the 32-bit encryption on the key chips.
Best rule is to provide layers of security. If one method fails, the others kick in (such as lojack, high-voltage stun alarms, etc.)
#36
Racer
Join Date: Dec 2003
Location: Long Island, NY
Age: 51
Posts: 374
Likes: 0
Received 0 Likes
on
0 Posts
In NYC, it's illegal to block your windshield VIN number. $65 fine.
Don't throw mail or newspapers between the windshield and your dash. It invites the hungry meter maids to flock to your car.
Don't throw mail or newspapers between the windshield and your dash. It invites the hungry meter maids to flock to your car.
#37
the key has to be CODED to the car. yes it is possible to get a key cut, yes it would open the door, but it would not start the car under ANY circumstances. also to get the key cut in the first place you have to show PROOF OF OWNERSHIP, and provide photo id, and proof of address, etc. they arent just going to hand you a key for a car, unless you can prove its yours.
#39
Originally Posted by heehaaw
the key has to be CODED to the car. yes it is possible to get a key cut, yes it would open the door, but it would not start the car under ANY circumstances. also to get the key cut in the first place you have to show PROOF OF OWNERSHIP, and provide photo id, and proof of address, etc. they arent just going to hand you a key for a car, unless you can prove its yours.
In a word... it's possible.
PS: there are ways to get the code other than this, but only recently did the encryption get broken from the key chip. Intelligent systems OTOH are notoriously simple.
#40
Originally Posted by Yoda117
Uhm... think about who you are dealing with. A car dealership isn't exactly synonomus with ethical behavior. And having spent some time in the retail world, I can attest that the rules are not always followed.
In a word... it's possible.
PS: there are ways to get the code other than this, but only recently did the encryption get broken from the key chip. Intelligent systems OTOH are notoriously simple.
In a word... it's possible.
PS: there are ways to get the code other than this, but only recently did the encryption get broken from the key chip. Intelligent systems OTOH are notoriously simple.