1. Attachments are working again! Check out this thread for more details and to report any other bugs.

SE/SS: Supplimental Security?

Discussion in 'Gen 2 Prius Audio and Electronics' started by TonyPSchaefer, May 12, 2004.

  1. TonyPSchaefer

    TonyPSchaefer Your Friendly Moderator
    Staff Member

    Joined:
    May 11, 2004
    14,816
    2,498
    66
    Location:
    Far-North Chicagoland
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Advanced
    I've recently found/joined this forum and have read many, many excellent posts. But have not yet found an answer to my concern.

    (if this point is discussed elsewhere, please provide the link)

    This past weekend, I was entertaining my father-in-law visiting from another state. We, ah, sort of missed the train and therefore didn't make it downtown as our agenda intended. Since I was on the Prius list, my Toyota dealer let me take my F-i-L out in their single showroom car. Since he'd never seen one in person, he was thrilled.

    Debriefing the experience over a couple Starbucks, he began asking about the Smart Entry. Being a network security admin, he was curious about how fail-proof it is. As he put it, a computer LAN requires software protocol, a username, and a password; a debit card requires the user to enter a PIN that matches the card number.

    Now, since I don't yet own a Prius, I couldn't answer his questions. However, I speculated that the Prius uses RFID technology and is extremely encrypted. He retorted with the story of people carrying PocketPCs running scrambling software and disabling car security alarms.

    So, just how fail-safe is the Smart Entry / Smart Start on the Prius? This is the point where the techies' views will be greatly appreciated. How's it work? What's the encryption level? What are the vulnerabilities and the chances that someone with a scrambling device would be able to send a series of random (or sequential) signals at the car and gain access. Of course, once they are cleared to enter the car, they would be able to drive away unhindered.

    Also, insisting that the security level is adequate given the technological level of today's common car thief does not take into consideration that Moore's Law applies to criminals as well.

    Thanks all!
     
  2. KMO

    KMO Senior Member

    Joined:
    Apr 15, 2004
    1,671
    494
    0
    Location:
    Finland
    Vehicle:
    2023 Prius Prime
    Model:
    N/A
    I don't see much reason to suppose it should be any more or less secure than the usual remote locking and immobiliser systems. The principals are exactly the same, the only difference being that you don't have to press the button or physically insert the key.

    The only difference that springs to mind is that an attacker could cause your keyfob to transmit without your knowledge by sending the same query pulse the car does, which might aid snooping - they would only have to be (very) near you rather than near the car as you open it.
     
  3. Danny

    Danny Admin/Founder
    Staff Member

    Joined:
    Nov 24, 2003
    7,094
    2,116
    1,174
    Location:
    Charlotte, NC
    Vehicle:
    2013 Prius Plug-in
    Model:
    Plug-in Base
    I would agree. The difference, I believe, is that the "pulse" from the fob is only recognized in a much shorter distance and it's always active, looking for the "pulse" from the fob. So, they'd have to be right up on your car with any sort of descrambling technology to know if it works or not. Also, what are they going to do once they get in? The engine immobilizer will keep them from going anywhere - that's virtually hacker-proof.

    Basically the same if someone were to bash your windows and get in.
     
  4. bookrats

    bookrats New Member

    Joined:
    Mar 12, 2004
    2,843
    2
    0
    Location:
    Seattle, WA
    Drat... about 2 months ago, I was curious about the same thing, and had compiled a lot of data about it.... Can't remember where I put it all, though.

    The two main points that made me feel secure about the SS/SE (or even the standard fob) were:
    • The fobs use a "rolling" encryption algorithm. Boiled down, it means that a different keycode is transmitted to the Prius' ECU each time you use it. A malefactor "capturing" a transmitted keycode and then re-transmitting it, to break into/start the car, won't work -- the ECU is now expecting a different keycode.
    • The Prius' ECU is an engine immobilizer. You've gotta convince the ECU to start the car; hot-wiring won't do the trick.

      • I don't know precisely how good, relatively, the encryption algorithm used by Prii is; but given how tightly bound the fobs and the ECU are, I'm pretty confident that it's safe.

        I ran through Simon Singh's The Code Book, which discusses the history and theory of codes and encryption, last year -- great read; I feel pretty good about being safe from someone "hacking into" my Prius (when it finally arrives), whether they have a PocketPC or not.
     
  5. jasond

    jasond New Member

    Joined:
    Mar 5, 2004
    165
    0
    0
    Location:
    Boston
    The simple answer is that if you're going to attack that sort of technology, you could attack the current remote entry systems at least as easily. Just about every modern car comes with that (including the Prius), and it transmits its code much further, and you can tell if it works because the doors unlock from a distance (that is, you could stand 50 feet away and transmit codes until you heard it unlock). SE/SS only unlocks the door if you're AT the door, so just on that basis it's less likely to be attacked.

    In other words, why on earth would anyone worry about SE/SS encryption before they'd already suffered a nervous breakdown from worrying about remote entry systems in general?
     
  6. tmorrowus

    tmorrowus Member

    Joined:
    Dec 30, 2003
    514
    15
    2
    One reason to worry more about SE/SS is that remote entry systems don't unlock steering wheel or start the engine.