The now ubiquitous passive vehicle immobilizers have played a major role in improving car security. With their sophisticated technology, they have helped to reduce car theft significantly. This article provides interesting insights into design and security aspects of passive immobilizers.
For years, consumers have come to rely on the convenience and added security that a passive vehicle immobilizer system offers. These systems consist of a key fob and a base station, mounted in the vehicle. They work together to determine if the driver is authorized to start the vehicle. Of equal or greater importance is the system's ability to prevent unauthorized sources from using the vehicle. While top level functionality of a vehicle immobilizer is simple to describe, the underlying technology enabling it is intriguing and sophisticated.
This feature explores both the hardware and software aspects of vehicle immobilizer systems as well as offer noteworthy comments on design and security considerations. Specifics covered include communication technology, system interfaces, field generation and modulation, authentication, and countermeasures. Read the full article here, courtesy of Automotive Designline Europe.
As these systems get more complex the chance that a bug allows unauthorized entry into the system increases. Just think what would happen if the keyfob was running under windows!
The design needs to be very robust so the use of open source code as a basis for the design seems like a good approach. Hopefully it won't help a hacker identify possible attack vectors...
I had not realized how complex the key fob system was. But I can offer one way to make it much more resistant to an attack, which is that after 2 or 3 incorrect responses, it would be required to remove the key from the lock and then re-insert the key. This would add many seconds to an attack and make an attack quite a bit more manual, which would be just what thieves are not wanting. Of course, the next question is how often does the correct key require a re-try? If a proper key works the first time 99% of the time, then simply adding a 1 second delay, along with an error message, would slow an attack quite a bit. Clearly, a lot depends on how well the system works with the correct key.