How secure are keyless entry systems for automobiles? What is there to keep me from recording the signal sent from someone’s keychain transmitter, and then retransmitting that same signal at a later time (presumably when no one is around…) to unlock the vehicle?
The only truly secure way to implement a RF keyless entry system, as far as I can figure, is to have a challenge-response protocol, but this REQUIRES the keychain transmitter to actually be a transceiver. The protocol could look something like this:
Car transmits a randomly generated token to the keychain device.
Keychain device combines the token with a private and unique internal identifier. A one-way hash function is performed on this composition, and that hash is then transmitted to the car.
The car determines if the hash of the token with the private ID is correct, and if so, it opens the locks.
No, you don’t have to have a challenge response system:
You can have a code hopping system that relies on a pseudo-random number generator. Hash this with a shared key. (AKA private key)
Once a particular code is used, it will never work again.
The reciever checks for the expected code, and if that is wrong, then perhaps the next dozen or so, If one of those matches, then it skips to that one.
If they get too far out of sync, you need some procedure to reset the sequence, but this need not be wireless, and could even be done manually.
But, is this really how they are implemented, though? I imagine many people let their little kids play with their keychains and surely the buttons get pressed A LOT then. We would then have a lot of keyless entry system failures, but I’ve never heard of this problem.
If someone wants in my car that bad it’s much more easy for them to just break a window. Why go through all the trouble of an expensive signal recorder.
A signal recorder could be used many times, and would be very inconspicuous. Someone breaking into your car would look just like the owner of the car. I don’t think it’s unreasonable.