Security chips used in car keys may be easier to bypass than believed, US researchers say after cracking the code in under two hours.
The Johns Hopkins University research team says it has cracked the code in the wireless chips aimed at immobilising cars if the proper key is not used.
About 150 million of these chips made by Texas Instruments (TI) are in use today, the researchers say.
The research team headed by computer scientist Professor Avi Rubin says it used the type of techniques hackers use to break the code in the radio frequency identification (RFID) chips.
The system the researchers worked on has two parts. There is a transponder chip embedded in the car key and a reader inside the car that's connected to the fuel injection system.
If the car's reader does not recognise the key's chip, the car won't start, even if the key inserted into the ignition is the correct one.
The reader recognises the key via what computer scientists call a challenge-response protocol.
When the car key is nearby, the reader transmits a random string of ones and zeros, which the key's chip processes. The chip then sends back a numerical message to the reader for authentification.
The researchers found a way of unscrambling the mathematical process used in this verification.
This allowed them to disarm a car's anti-theft system without the key's security chip being present.
"We haven't altered the security of the TI system. We have merely brought a weakness to light," the team says.
"Our belief is that if scientists did not draw attention to the weaknesses in the system, lawbreakers might come to discover and exploit it themselves.
"Our role in examining the TI system is similar to that of bringing a potential consumer product defect to the attention of the public, like a fire risk in a coffee maker.
"By informing consumers and industry of problems, we hope to help elevate the standards and practices of the industry."
Still, they note that immobiliser systems have reduced "hot wiring" and have been credited with as much as a 90% reduction in car theft.
Keyless remote control systems that lock and unclock car doors do not use RFID chips, the researchers say.