Will an immobilizer save your car from being stolen?

[harlan4096]

Researchers presented a study on the reliability of modern vehicle immobilization systems at the Chaos Communication Congress.

Automobiles are getting ever smarter, and cracking them with a crowbar and a screwdriver is getting ever more difficult. Statistics back up that assumption: According to research from Jan C. van Ours and Ben Vollaard highlighting car theft and recovery data, vehicle theft decreased by 70% between 1995 and 2008 in the Netherlands and by as much as 80% in Great Britain.

One of the causes of the decrease is the ubiquitous introduction of so-called “immobilizers.” Immobilizers, however, are just as susceptible to cracking as any other relatively complex technology. Cybersecurity researcher Wouter Bokslag chose this as the subject of his Master’s thesis and presented the results of his research at the 36th Chaos Communication Congress (36С3).

What an immobilizer is

In a nutshell, an immobilizer tries to ascertain if the person behind the wheel is a rightful owner. If it cannot be sure, it simply will not let the car start. The recognition process is imperceptible to the lawful owner; it happens within a fraction of a second, with no user participation.

The world’s first-ever immobilizer was patented as early as 1919. At the time, the driver needed to connect contacts in a certain order, and if the order was wrong when the car was started, an alarm went off.

Today’s immobilizer consists of two key parts: a transponder in the ignition key and a receiver in the car itself. When someone attempts to start the engine, the vehicle sends a request to the key. If the key returns the correct predefined signal, the immobilizer sends a command to the engine control unit to start. Without the right signal, you can’t start the car.

Hitag2, DST40, and Megamos Crypto were some of the first transponders. Having been scrutinized over the years, they are now considered insecure. You can read about the shortcomings of Hitag2 here, and those of Megamos Crypto here.

In the final decade of the 20th century, immobilizers proliferated. They became mandatory in the EU states in the late nineties, and other countries gradually followed suit. If we can believe those countries’ reports, immobilizers contributed to a significant decrease in auto theft.

Carjackers strike back

Car theft certainly did not stop there, though. Following a familiar pattern, once immobilizers went mainstream, an arms race between criminals and car brands ensued. As cars got smarter, offenders kept up, and immobilizers proved fairly easy to trick. Successful cracking attempts became frequent, and car theft’s long-standing, steady downward trend reversed around 2010. Great Britain’s car theft rate reached an eight-year high in 2018, and many other countries saw a similar trend: a plunge until 2010 followed by a slight rebound or a plateau.

Expensive luxury brands persisted as the most frequently hijacked cars. Cybersecurity researchers focused on those brands as well, but despite huge budgets, their studies were disappointing.

If an expensive luxury car can be stealthily cracked within ten seconds, what does that say about higher-volume models that most people drive, you might reasonably ask.
...

Continue Reading