I'm no security expert, but it sounds like that was written by
someone with no security comprehension at all. If that article is
accurate (and I hope it is not), all you would need to do is get a
duplicate remote, capture the code from someone with the car that it
works for, set the stored code on the device, and press the unlock
button twice. First time: ignored (old code); after that, it would be
Ideally I think they would want to use some sort of public-key
encryption: Each remote has a unique private key and corresponding
public key. Some programming step (e.g. pressing a button under the
dash) tells the car to accept a new public key, and some programming
step on the fob (e.g. hold down the unlock button for 10 seconds)
tells it to transmit the public key.
Then in normal operation, when you press the unlock button, the car
sends a random challenge message; the remote responds with the
challenge message encoded using its private key, along with its
command. The vehicle can then verify using the public keys it
previously stored that the message came from an authorized remote. At
best a would-be thief could monitor the transmission of the public
key, which would only enable them to verify a remote's identity.
Maybe it's just too hard/expensive to program in hardware?
Motorsforum.com is a website by car enthusiasts for car enthusiasts. It is not affiliated with any of the car or spare part manufacturers or car dealers discussed here.
All logos and trade names are the property of their respective owners.