snopes.com Post new topic  Post a reply
search | faq | forum home

  next oldest topic   next newest topic
» Hello snopes.com » Urban Legends » Automobiles » VINs and car keys

 - UBBFriend: Email this page to someone!    
Author Topic: VINs and car keys
snopes
Return! Return! Return!


Icon 216 posted      Profile for snopes   Author's Homepage   E-mail snopes       Edit/Delete post   Reply with quote 
I recently had the misfortune of losing a set of keys that included the keys to our two cars. Since most models of automobiles manufactured in the last decade or so use ignition keys with programmable chips matched to the cars' programming, I couldn't simply have duplicates cut from Barbara's sets -- I had to go down to both auto dealerships (our cars are different makes) to obtain replacements.

Now, I naively thought that by presenting a dealership with a vehicle's registration (to prove I owned it) and its VIN (so that they could look up the correct access code), they could program a new key for that car on the spot. Not so. In both cases I had to bring the car to the dealership so that they could re-program the car, the existing key, and a new key all at once.

I didn't understand why they had to wipe out the programming on both the car and the existing good key to create a new duplicate key (rather than simply programming the new key to match the car), so in both cases I questioned the techs about the process. Their answers were kind of vague (because I don't think they fully understood the process themselves), but I inferred from what they told me that the systems dealerships use for creating keys *force* them to do it that way -- they have to re-program a car and *two* keys all at once, ostensibly to prevent any lost keys from being used by their finders.

If this inference is correct, I assume it is technically possible to create a new key that matches the existing programming in a car (and any remaining good keys) without the need for the car to be present or re-programmed, but dealerships don't have equipment that allows them to do that (at least not without some rule-breaking manipulation). Is anyone here familiar enough with the process to know whether that assumption is valid? If not, it seems to me that the warning about car thieves using VINs to obtain duplicate keys is vastly overblown, because the best a thief could do would be to obtain a new unprogrammed key from a dealership, which wouldn't do him a bit of good if he couldn't program it on his own to match the target car.

- snopes

Posts: 36029 | From: Admin | Registered: Feb 2000  |  IP: Logged | Report this post to a moderator
GenYus
Away in a Manager's Special


Icon 1 posted      Profile for GenYus   E-mail GenYus   Send new private message       Edit/Delete post   Reply with quote 
It depends on the system involved. A private encryption key system where there the encryption key is only stored on the key and in the vehicle would require both the car and keys to be reprogrammed unless a method was found to strip the encryption key off the mechanical key or from the vehicle. But if you have the mechanical key/vehicle, then there is no need to strip the encryption key in order to steal it. So this is a much better scheme to protect the vehicle.

ETA: This method would result in the situation in your OP. Because the dealer's machine won't/can't read the key on Barbara's keys and there is no database (or the dealer can't read it) of what VIN has what encryption key, they can't program a new set of keys from her keys or from the VIN. So they have to program a brand new encryption key into your mechanical keys and into the car. They have to program both sets of keys because the new encryption key in the car would make her set of keys not work if they used the old encryption key.

If the VIN number links to the encryption key in a manufacturer database that the dealer can read, then a new key could be programmed without having to reprogram the vehicle too. This would allow the VIN-based stealing method linked in the snopes page and is a worse security choice. But this method would be more popular with some customers as it is much less bothersome to them.

ETA: Paragraph noted above plus some new words in the third paragraph.

--------------------
IIRC, it wasn't the shoe bomber's loud prayers that sparked the takedown by the other passengers; it was that he was trying to light his shoe on fire. Very, very different. Canuckistan

Posts: 3694 | From: Arizona | Registered: Aug 2005  |  IP: Logged | Report this post to a moderator
Rhiandmoi
Ding Dong! Merrily on High Definition TV


Icon 1 posted      Profile for Rhiandmoi   E-mail Rhiandmoi   Send new private message       Edit/Delete post   Reply with quote 
I think we discussed this article before, but it explains that once the thief gets the duplicate key they do some gyrations with the brake and the steering wheel based on the VIN and they don't need the transponder key to drive off with your car.
quote:
ďIf I want to take your Civic, Iíll do it in 10 seconds,Ē he said. Then he confirmed Hyserís story. The mythical Honda override exists: Itís a series of presses and pulls of the emergency brake. Each car, it seems, has a unique override code, which correlates to the VIN.
The article also talks about transponder clones and other ways to steal those kind of cars.

--------------------
I think that hyperbole is the single greatest factor contributing to the decline of society. - My friend Pat.

What is .02 worth?

Posts: 8745 | From: California | Registered: Jul 2003  |  IP: Logged | Report this post to a moderator
Finite Fourier Alchemy
Markdown, the Herald Angels Sing


Icon 1 posted      Profile for Finite Fourier Alchemy   E-mail Finite Fourier Alchemy   Send new private message       Edit/Delete post   Reply with quote 
quote:
Originally posted by GenYus:
It depends on the system involved.

The DST method is a RSA type public/private key as you mention.

Just to add to your stuff:

A random number generator is used to generate a key code (a private key) which is written on the RFID circuit on the ignition key. While the car's ignition is in some diagnostic mode, the car gets information from the key to generate a "lock" (a public key). When you start the car, the public key issues a number of challenge/response queries to the private key, and if these are correct, the key is authenticated.

The key is designed so that it can do the following:

- be written to (and possibly erased and rewritten)
- generate a public key
- answer challenges from the ignition's public key.

But it can't be read in its entirety, so you can't swipe a person's key and use a device to copy the RFID tag to another key.

This is the ideal way of doing it, anyway.
http://en.wikipedia.org/wiki/Digital_Signature_Transponder

EDIT: The weakness of any asymmetric key crytography is the fact that with enough challenge/response queries you can eventually construct the public key. By making the key larger and the encryption method smarter you can ensure it would take some ridiculous amount of time before someone could brute-force a key. But as time goes on, computer components get smaller and cheaper and cracking methods get smarter.

The major weakness with the RFID tags is that you're broadcasting into the air, answering challenge/response queries whether or not you're trying to start a car. Someone with an RFID analyzer on his person could simply sit beside you and hack your car keys while they're in your pocket.

http://rfidanalysis.org/

--------------------
Thinking about New England / missing old Japan

Posts: 2603 | From: Virginia | Registered: Mar 2001  |  IP: Logged | Report this post to a moderator
Squishy0405
Wii Wiish You A Merry Chriistmas


Icon 1 posted      Profile for Squishy0405   Author's Homepage   E-mail Squishy0405   Send new private message       Edit/Delete post   Reply with quote 
I am currently working for a locksmith company & in some areas we do ign jobs. What is the make model & year of the car? I can look it up and see if it is a transponder(chip), vatsystem or a GM 10 Cut. I am now in Customer Service-so happy!!

ETA: our guy in Miami can do ANYTHING, even dealer only keys/restricted transponders.

--------------------
"Fate is like a strange, unpopular resturant, filled with odd waiters who bring you things you never ask for and don't always like."-Lemony Snicket

Posts: 1119 | From: Bronx, NY | Registered: Dec 2005  |  IP: Logged | Report this post to a moderator
Delta-V
Xboxing Day


Icon 1 posted      Profile for Delta-V     Send new private message       Edit/Delete post   Reply with quote 
At least with Fords, as I understand it, each key has a unique identifier. The car's PCM knows the identifier of the keys it's supposed to work with. What the dealer will do is delete the lost key's identifier from memory and program the PCM to recognize the new key. That way the old key, if stolen, won't work. We lost a key in the last move, and had a new one programmed in, to the tune of $75. I found the lost one later and there are some simple steps to program a new key *if* you have a working key.

My Chevy, on the other hand (I only got 1 key when I bought the 'Vette used) used a simple resistor and they just look up the value to get the right key blank and cut the new key.

The more expensive imports have fancier systems that the folks above have already mentioned.

--------------------
"My neighbor asked why anyone would need a car that can go 190 mph. If the answer isn't obvious, and explaination won't help." - Csabe Csere

Posts: 1225 | From: Wichita, Kansas | Registered: Nov 2003  |  IP: Logged | Report this post to a moderator
Monza305
I'll Be Home for After Christmas Sales


Icon 1 posted      Profile for Monza305   E-mail Monza305   Send new private message       Edit/Delete post   Reply with quote 
Be sure to read your owners manual. My wife's new Jeep has one of those chip keys. As long as you have 2 programmed keys, you can program any additonal keys yourself. Which means, instead of taking the car to the dealership & paying them money, you can just buy the key & have it cut then program it yourself & save some dough.

--------------------
I've got a pen in my pocket does that make me a writer?
Standing on the mountain doesn't make me no higher.
Putting on gloves don't make you a fighter.
And all the study in the world doesn't make it science. -Paul Weller

Posts: 199 | From: Kalamazoo, MI | Registered: Oct 2005  |  IP: Logged | Report this post to a moderator
Tzarina
Xboxing Day


Icon 1 posted      Profile for Tzarina     Send new private message       Edit/Delete post   Reply with quote 
When I needed an extra key for my car, I took the car to the dealer, they cut the key and programmed only the new key to start the ignition. There are instructions in my owner's manual on how to do it. It's only a matter of putting the older key in, starting the car and running it for one minute, then shutting the car off and putting in the new key for one minute. The other keys to my car weren't affected at all.

Hell, I just had the ignition assembly replaced and they didn't do anything to my keys at all.

Posts: 1359 | From: Akron, Ohio | Registered: Aug 2005  |  IP: Logged | Report this post to a moderator
Not_Done_Living
I'm Dreaming of a White Sale


Icon 1 posted      Profile for Not_Done_Living     Send new private message       Edit/Delete post   Reply with quote 
My 2005 Pontiac has a process to program the key in the owners manual.

Insert blank key, turn on off 5 times, insert programmed key repeat, insert blank key repeat.

No having to deal with dealers.

Posts: 62 | From: Markham, Ontario, Canada | Registered: Sep 2006  |  IP: Logged | Report this post to a moderator
   

Quick Reply
Message:

HTML is enabled.
UBB Codeô is enabled.

Instant Graemlins
   


Post new topic  Post a reply Close topic   Feature Topic   Move Topic   Delete topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:


Urban Legends Reference Pages

Powered by Infopop Corporation
UBB.classic™ 6.7.2