last posts

Immobilizer And Types Of Car Keys



In the 1990’s, the government put pressure on car manufacturers to improve the security of vehicles. Thieves could steal cars very easily by hotwiring, making a copy of the key, or by other means. The first use of cryptography in cars is the placement of immobilizer chips based on RFID technology in key fobs. The first immobilizer alarm system was invented and patented in 1919 by St. George Evans and Edward Birkenbeuel. Many car manufacturers started in producing cars with immobilizers chip in 1995. Immobilizers became mandatory in all new cars sold in German since January 1, 1998 and in Canada since January 2007. After the installation of immobilizers, there was a great decline in car theft. As car manufacturers install more technology and software into the car for security and convenience, thieves learn how to manipulate weakness in the technology, so vehicles can be stolen without the key.



I have written this paper to make the community aware of vehicle security risk. Technology has enable so many valuable conveniences and safety features in vehicles which have also provided many weaknesses to be exploited. Most people think their belongings and vehicle are safe when they hit the lock button on their key. Unfortunately, we make assumption about the technology we use, which often aren’t true. I have outlined some of the attacks that can be carried out to unlock or even start vehicles without the possession on the key. According to an article written in October in The Telegraph, “Three Quarters of Cars Stolen in France ‘electronically hacked’ This means that car thieves are learning how to exploit the car manufacturer weaknesses very quickly. There is very inexpensive equipment such as the HackRf and RollJam that are produced to aid attackers. As a consumer, you should be aware and know how to best protect yourself and your belongings by reviewing the counter measures in this paper. When buying a new car, look into the cars security features and check if the systems have been exploited by hackers. Some car manufacturers and models have more security risks than others.


RFID, Radio-Frequency IDentification is a general term for small, wireless devices that emit unique identifiers upon interrogation by RFID readers. RFID’s are mostly used in commercial supply chains and are known as EPC (Electronic Product Code) tag. Large companies use them to provide identification but not digital authentication. RFID’s don’t just denote EPC tags, but a wide spectrum if wireless devices or varying capabilities. Higher end RFID devices can offer cryptographic functionality and can support authentication protocol.

Vehicle immobilizers are a type of RFID that did not originally provide cryptographic security, but now exclusively have that functionality. “Immobilizers deter vehicle theft by interrogating an RFID transponder embedded in the ignition key as a condition of enabling the fuel-injection system of the vehicle”. Without the RFID signal, the engine will not start even if the thief has a copy of the key (without the immobilizer). This device

has been credited with significant reductions in car theft.



According to Popular Science article, the key was introduced to cars in 1949 by the Chrysler Corporation as an ignition-key to start vehicles . Previously, cars were started with 2 separate buttons, a starter and an ignition button, as seen in the picture. Aside from the convenience to the driver, the key was used to prevent children from starting a vehicle.

Although the key added some security, vehicles were easily hot-wired and stolen. Also, metallic keys were easily duplicated, providing an attacker access to the vehicle with previous contact with the key.


A key with an immobilizer has a metal key than an immobilizer (RFID transponder) imbedded into the plastic part of the key. The immobilizer communicates with the steering column to enable to fuel injection system. The immobilizer is a passive device that uses electromagnetic induction from interrogation signal transmitted by the reader. This system was created to prevent car thefts such as hot wiring, because the car won’t start unless it has the successful authentication by the RFID chip.

There are two types of immobilizers: Electronic and Cryptographic . Electronic immobilizers were the first generation which used static signature type transponders. Although they lacked cryptography, they decreased car theft dramatically, see Figure X. The next immobilizer uses cryptographic protocols to prevent attackers from copying the electronic immobilizer with ease.


The Remote Keyless Entry System, RKE, send radio waves to the vehicle to lock and unlock door, open the trunk, or disarm the car alarm system. Older models used infrared band, but newer ones use radio waves. RKE systems typically run at 315MHz for North America and 433.92 MHz for Europe and Asia and the transmission range is between 10 and 100 meters. The device has a power source and sends signals to the receiver in the vehicle which means this is an active system. The 1982 Renault Fuego was the first car to use a central locking system .

A typical RKE system (Figure 5) includes a microcontroller in the key or key fob. To unlock the car, you press a pushbutton in the key that wakes up the microcontroller, which then sends a stream of 64 or 128 bits to the key’s RF transmitter, where it modulates the carrier and us radiated through a simple printed-circuit loop antenna. A loop antenna is inefficient but is inexpensive to produce and is widely used .

In the vehicle, an RF receiver captures that data and directs it to another microcontroller, which decodes the data and sends an appropriate message to start the engine or open the door. The digital data stream, transmitted between 2.4kbps and 20kbps usually consists of a data preamble, a common code, some check bits and a “rolling code” which ensure changes with each use to ensure the vehicles security. This prevents an attacker from capturing the signal once and being able to repeatedly gain entry.


Remote Keyless Ignition Systems (RKI), also called Passive Keyless Entry and Start Systems (PKES) or Smart Key, are devices that have the capabilities of a RKE but also do not require a metal to start the car. Doors are usually unlocked without pressing any button on the key (many cars with RKI systems allow the car owner to have the key in their pocket and touch a sensor on the door handle). Some cars require that the key fob be placed in the ignition slot, while other just require it to be inside the car to start the ignition.

The “automatic” car unlocking or ignition can be a security risk because an attacker may be able to steal the car when the car owner is nearby (i.e. filling up fuel or loading the trunk). The normal mode for the key uses two channel. After getting in close proximity to the car, the car communicates via inductive coupling LF channel (120-135 kHz) to the key on one channel (in 1 – 2 meter vicinity) and the key will replay back on the second, UHF channel (315-433 MHz) even in the vicinity of 50 – 100 meters. A car first periodically sends LF signals until the key sends its acknowledgment proximity UHF signal; then the car sends its Id number along with the challenge via LF signal, and finally, the key sends its response via the UHF signal. Battery depleted mode uses the passive component on the key and works in both directions. The passive component must be near the RFID reader and a metallic key must be used in the key fob to start the car.


Font Size
lines height