KEELOQ Maker Says Remote Car Entry Devices Not Hacked, Rebutting Researchers

Last week, researchers announced they had devised a way to steal cars by breaking the encryption used to encode the signals sent by keyless remote car entry devices using KEELOQ technology.

On Friday, the company declared in press release that despite this, the system is secure, saying, “Microchip recognizes that the highly talented researchers have been successful at a theoretical attack of a block cipher. However, the KEELOQ security system implementation involves much more than just the cryptographic algorithm.”

The company did not deign to specify the inaccuracies, as it, “does not believe a public debate on how to steal vehicles benefits consumer security.”

Obviously, the researchers now have been double-dog dared to steal a KEELOQed car.

Microchip Technology’s KEELOQ

Security System is Resistant to Recent Theoretical Code Cracking [BusinessWire]
PREVIOUSLY: Researchers Hack Remote Keyless Car Entry Devices
(Photo: jessicafm)


Edit Your Comment

  1. bnet41 says:

    I tend to agree this is something that should not be debated in public through PR releases. I hate it when security companies do that in the IT world. Both sides need to sit down and discuss the issue. Public discussion of security issues is fine, but in an area like this, it might not be a good idea. It’s not like all the car systems can be patched like a operating system can.

  2. Ickypoopy says:

    Public discussion of security issues is a must (after a reasonable amount of time is given for the company to workaround or patch the issue). Security through obscurity is no way to make your car secure.

  3. NeoteriX says:

    @Ickypoopy: Exactly.

  4. FLConsumer says:

    But security through obscurity works so well! Look at DirecTV cards, CSS (DVD encryption), DRM, etc.
    /sarcasm off

  5. Chicago7 says:

    They should be shot just for the name KEELOQ – geez.

  6. Jay Levitt says:

    “[Keeloq] does not believe a public debate on how to steal vehicles benefits consumer security.” Thus proving they don’t actually get security.

  7. cde says:

    Just as a point of reference, the best cryptology algorithms are open-source, like RSA and Blowfish. If everyone can look at how it encrypts and decrypts, the flaws get shown real quick, but knowing how the encryption works still doesn’t let you decrypt something without the base numbers used.

  8. Crazytree says:

    simple challenge:

    get out of your lab and go steal a KEELOQ car, or stfu.

    personally, I’d love to see the video on youtube.

    unfortunately, I’m a skeptic with respect to most of these “proof of concept” press releases. Sort of reminds me of the nerd who says I COULD TAKE ANYONE OUT WITH THIS KARATE MOVE… and then shows us a “proof of concept”.

  9. Crazytree says:

    @cde: Don’t the NSA/DOJ have backdoors to these anyways?

  10. fishiftstick says:

    A backdoor to keeloq? Why yes–it’s called a tow truck.

  11. DH405 says:

    @bnet41: As a member of one of those security research groups, let me tell you something. If security research groups did NOT release their findings, the companies would NEVER patch their software. The holes would still be found, but it would be by the people you do NOT want to know about your security holes.

  12. Chris I says:

    “It’s not like all the car systems can be patched like a operating system can.” by BNET41

    Just like any other faulty automobile component, this can be resolved via a product recall.