Car Alarm Remote Code Sniffing?

There's email making the rounds saying that people should not use their fobs to lock their cars because crooks are lurking and capturing the scan codes
(which they presumably use to unlock and rob the cars later). Does this have any credibility? Is communication between the a remote and a car alarm system broadcast in the clear like open wifi?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Very very very very small chance - maybe one in a trillion of cracking it.
http://auto.howstuffworks.com/remote-entry2.htm
--
To reply via e-mail, remove The Obvious and .invalid from my e-mail address.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

--
>
>
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I'm no security expert, but it sounds like that was written by someone with no security comprehension at all. If that article is accurate (and I hope it is not), all you would need to do is get a duplicate remote, capture the code from someone with the car that it works for, set the stored code on the device, and press the unlock button twice. First time: ignored (old code); after that, it would be synchronized.
Ideally I think they would want to use some sort of public-key encryption: Each remote has a unique private key and corresponding public key. Some programming step (e.g. pressing a button under the dash) tells the car to accept a new public key, and some programming step on the fob (e.g. hold down the unlock button for 10 seconds) tells it to transmit the public key.
Then in normal operation, when you press the unlock button, the car sends a random challenge message; the remote responds with the challenge message encoded using its private key, along with its command. The vehicle can then verify using the public keys it previously stored that the message came from an authorized remote. At best a would-be thief could monitor the transmission of the public key, which would only enable them to verify a remote's identity.
Maybe it's just too hard/expensive to program in hardware?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 20 Jul 2011 09:52:55 -0700 (PDT), Matthew Fedder

I'm fairly certain that's not the case, otherwise we'd hear about cars being stolen via a FOB more often.

That may be somewhat how it's worked. You do have to do some programming steps to add a new fob.

That sounds somewhat like what happens...
--
To reply via e-mail, remove The Obvious and .invalid from my e-mail address.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Motorsforum.com is a website by car enthusiasts for car enthusiasts. It is not affiliated with any of the car or spare part manufacturers or car dealers discussed here. All logos and trade names are the property of their respective owners.