Want to open any car or garage door? Seems the algorithm used in the Keeloq security system, used for keyless entry into several makes of cars and garage doors is fundamentally flawed. I love reading stuff like this:
- Closed source security algorithm has a weakness in it, by accident or intent.
- Someone finds the weakness.
- Someone notifies the vendor, and the weakness is patched.
- Someone publicizes an exploit to the world.
Often, 2. happens inside the vendor, and 4. never happens. Sometimes, like the google mail hijack bug, 2., 3. and 4. are the same person, who is just trying to warn you your security shoe is untied. Sometimes, 2. and 3-4. are different people, the weakness gets maliciously exploited for a while before 3. happens. Some times, like in the present case, the algorithm goes unpatched for 20 years, and is hard coded millions of devices, so a fix becomes completely infeasible. The exploit may be only a proof-of-concept right now, but perhaps master-keys for luxury cars are only a few weeks away on eBay….. Oh, the “intent” part came from the time back in ’97 when the NSA was accused of intentionally designing a weakness into the cell phone cryptography CMEA. Bless those grey-hats.
Oh, this algorithm was exposed to be flawed before, but this one is a bit worse, because “That [previous] method took closer to a day to crack the device key and required close proximity to the remote for about an hour. ” This one “..can be done from a distance of 100 meters or more and requires the capture of just two messages.”