Here in the hacker community there’s nothing we love more than a clueless politician making a fool of themselves sounding off about a technology they know nothing about. A few days ago we wer…
When chipped keys launched, wasn’t there a lot of talk about how the system would negotiate a new set of keys for the next interaction making the simple act of recording radio exchanges impossible? All hot air by the manufacturers?
One of the first manufacturers to include asymmetric encryption as a standard component of their engine immobiliser across all their cars, at least in the UK, was Fiat in the 1990s. But they faced a quandary: once they keys were encoded with the appropriate codes, what should Fiat do with the codes? If they kept a copy it would be an expensive project and charging customers to access them every time they wanted a new key cutting would be terrible PR. They could gimp the security so you could just clone a key, but then it would be very easy to sidestep the encryption.
The solution they came with was pretty clever: in addition to the standard pair of blue keys the car came with, there was also The Big Red Key. The Big Red Key contained a code that could be used to program other keys or to change any of the parts of the engine that were part of the ECU without having to involve Fiat at all if that’s what you wanted. The customer was given an advanced security system without being beholden to the manufacturer. The Big Red Key was comically oversized, and it came with a sticker, fob and in a bag all with clear warnings to the effect: “Do not use this key. If you lose it your car is ten kinds of fucked. Do not use this key. Keep it secret, keep it safe.”
So what happened? People happened. A small mibority of people saw The Big Red Key and insisted on using it as their day-to-day key, but it wasn’t as hard wearing as the blue keys (hard plastic instead of silicone) so it would crush or crack and, of course, people would lose them. Then when they needed a new key or needed work doing on some easily-stealable components that the ECU would validate they didn’t have their The Big Red Key, so they’d need the ECU security module wiping or replacing - which was expensive, over £1000 if I remember right.
Naturally the shitty tabloids got hold of it and every week The Daily Mail and The Sun were full of stories of Innocent British Motorist™ Conned™ By Foreigners™. “If Mandy Pleb had known how evil Fiat were she’d have bought a Rover,” they’d moan, and Fiat had a real PR disaster on their hands, despite bringing a quality security technology to market, including it as standard and resisting the temptation to profiteer off it.
So they gimped the security. Future Fiats didn’t have a The Big Red Key. You got your blue keys which were dumbed down and, at least for a time, went back to inferior symmetric encryption to the detriment of the overwhelming majority, but at least a handful a prats were saved from themselves and the power of tabloids to change the world for the worse went unchallenged.
When chipped keys launched, wasn’t there a lot of talk about how the system would negotiate a new set of keys for the next interaction making the simple act of recording radio exchanges impossible? All hot air by the manufacturers?
Oh, boy, story time!
One of the first manufacturers to include asymmetric encryption as a standard component of their engine immobiliser across all their cars, at least in the UK, was Fiat in the 1990s. But they faced a quandary: once they keys were encoded with the appropriate codes, what should Fiat do with the codes? If they kept a copy it would be an expensive project and charging customers to access them every time they wanted a new key cutting would be terrible PR. They could gimp the security so you could just clone a key, but then it would be very easy to sidestep the encryption.
The solution they came with was pretty clever: in addition to the standard pair of blue keys the car came with, there was also The Big Red Key. The Big Red Key contained a code that could be used to program other keys or to change any of the parts of the engine that were part of the ECU without having to involve Fiat at all if that’s what you wanted. The customer was given an advanced security system without being beholden to the manufacturer. The Big Red Key was comically oversized, and it came with a sticker, fob and in a bag all with clear warnings to the effect: “Do not use this key. If you lose it your car is ten kinds of fucked. Do not use this key. Keep it secret, keep it safe.”
So what happened? People happened. A small mibority of people saw The Big Red Key and insisted on using it as their day-to-day key, but it wasn’t as hard wearing as the blue keys (hard plastic instead of silicone) so it would crush or crack and, of course, people would lose them. Then when they needed a new key or needed work doing on some easily-stealable components that the ECU would validate they didn’t have their The Big Red Key, so they’d need the ECU security module wiping or replacing - which was expensive, over £1000 if I remember right.
Naturally the shitty tabloids got hold of it and every week The Daily Mail and The Sun were full of stories of Innocent British Motorist™ Conned™ By Foreigners™. “If Mandy Pleb had known how evil Fiat were she’d have bought a Rover,” they’d moan, and Fiat had a real PR disaster on their hands, despite bringing a quality security technology to market, including it as standard and resisting the temptation to profiteer off it.
So they gimped the security. Future Fiats didn’t have a The Big Red Key. You got your blue keys which were dumbed down and, at least for a time, went back to inferior symmetric encryption to the detriment of the overwhelming majority, but at least a handful a prats were saved from themselves and the power of tabloids to change the world for the worse went unchallenged.
In short, fuck tabloids.