Where Atmel announced a new transponder chip & microcontroller, which do, indeed, use 128-bit AES. This is from 2012 though, so I'm not sure how widely adopted this particular chip is, or if other, older chips are in widespread use that are 128-bit AES.
But even if everybody is using 128-bit AES, all that means is that the actual encryption itself is probably essentially unbreakable. But, as well all know, cryptographic systems are more than just the raw crypto algorithm. All sorts of systems which use crypto are eventually found to be insecure, so this whole thing should still come as little surprise (well, to people like us anyway. To the average cop, maybe this all sounds like black magic).
To me this looks like a Honda/Acura specific exploit to unlock the passenger side door. It doesn't look like a replay attack, nor do these guys have the ability to start and steal the car, which uses separate encryption keys from the locks.
I agree with you that this crypto system failure, not an algorithm exploit.
Or they are just really smart thieves. Better to get caught with petty theft than grand theft auto. Also, maybe keeping the crime as just theft is keeping it under the radar - the cops aren't going to throw up any road blocks for that level of crime.
"How would you describe a challenge based authentication system that uses 128-bit AES?"
How do you know at the RF level that its challenge based, and how do you know that the exploit is not operating in some .gov override mode like "I am NSA, open right now" mode.
I used to operate a computer that had a rack mount lock where its extremely well known (to some, anyway) that the mfgr shipped every unit with a tumbler that could be opened by a key cut to "XX2247"
I could encrypt the key cutting code XX2247 for you with 128 bit AES, or maybe 2048 DSA, but its not going to help very much.
It might be buggy enough that a random out of limits response might open it.
At least you have to be a hacker to boost a car these days. I remember when I was a kid my parents' car keys would open every Ford or Chevy on the block. I had a lot of fun running around the parking lot at my brother's soccer games.
That reminds me of the time my cousin lost his car keys. Luckily his parents had an extra set, so he got new copies made, and went on his merry way. A year later, I found the old set under the backseat of my car. Presumably they fell out of his pocket while he was riding with me, and got lodged up under the seat somehow.
Soooo... what to do with an extra set of keys to your buddy's car? Muwahahahaha... gaslight[1] him, of course! So me and a couple of other buddies would randomly drive to where he worked, and take his truck and do little things... change the direction it was facing, or move it about 3 spots over in the parking lot, or fiddle with the presets on his radio.
For like a month, he was spazzing out over this, while we all did our level best to keep a straight face when we were with him. He was convinced it was his brother messing with him for quite a while. Needless to say, he was a bit pissed when we finally broke down and told him and gave him his keys back. But man, what a laugh riot for a time...
In the case of challenge/response with a single 128-bit block, I think ECB would be just fine. I can't imagine a car key needing to send multiple blocks (thus necessitating CBC, etc.).
The larger point here is that most keys probably aren't using AES to start with, and there's probably some other vulnerability in the overall system.
It would be just fine, if you knew what you were doing when choosing ECB. I can think of plenty of brain dead ways you could accidentally use it if you thought that AES automatically protected you no matter how you used it.
I'm sure there are vulnerabilities all over the place, but it would make even more sense if it happened to an AES system, because people would let their guard down because super-duper industrial strength encryption will take care of everything.
If the use of ECB is appropriate (which it may well be for this application) then the fact that is was used is not an indication of "brain dead" decision making. I would be much more worried if they made the system unnecessarily complicated (and thus more vulnerable) just because they thought the presence of ECB would be bad for marketing.
> then the fact that is was used is not an indication of "brain dead" decision making.
I didn't mean using it was brain dead, i mean using it without knowing the implications might lead to (accidentally) using it in in a brain dead way. For example, I could see them implementing the protocol and testing it without crypto and then simply adding crypto on top of it without thinking about the crypto portion.
You have no proof that Honda/Acura use 128-bit AES. In fact, being familiar with some research in the security of electronic car locks, I would wager they do not use AES.
It doesn't really matter. Consider the dumbest possible encryption scheme: Car sends random 32-bit number to key. The key XORs the random number with some 32-bit number. ECU checks that the response is valid.
This is the worst possible design, and not far from what late 90's cars use. Even though it is the dumbest possible solution it still works reasonably well, because you have to have access to the key to start the car. You can clone the key in a second, but you still must get within inches of the key.
Look, your initial claim that the reporter is reasonable when saying that the protocol should be "impossible" to attack is completely unfounded. The details do matter.
For example your hypothetical protocol is grossly insecure. Keys transmit signals over dozens of feet, not inches. All an attacker would have to do to attack your hypothetical protocol would be to capture one exchange. Then he can XOR the challenge with the response to obtain the 32-bit secret, allowing him to clone the key!
Are you talking about press to unlock fobs, or proximity keys?
I was under the assumption that we are talking about proximity keys. Old ignition keys use RFID, but a broken encryption system. They are still secure because the range is a few inches. Newer cars with unlock from the pocket / push to start, use challenge based auth and strong encryption.
Click to unlock fobs use secure PRNGs. That is a separate discussion, and they are generally secure. Maybe this is what the reporter was talking about, but I assumed these cars had proximity keys. Even if this is what the reporter was talking about, they were not way off base, as this still falls in the "should be impossible" category.
I too agree that this "That code is encrypted and constantly changing" is a reasonable description of an authentication system.
However, this, "and should be hackproof", is faulty. Nothing is ever inherently secure, though it might be relatively secure at a given moment and circumstance.
It's easy to characterize this as the ignorance of American media. However, this kind of "should be X" is common for anyone, be they journalists, ordinary folk, or technologists. We all have expectations about reality and feel shocked or bitterly disappointed when the expectation falls apart.
