Remember those schoolboy days when you’d try to unlock your bicycle with a key from your friend’s bicycle, Bizarrely a Tiago owner was able to relive those moments thanks to a critical flaw in the Keyless Entry system of his car.
In such a mass-produced car that’s topping the sales charts, how could such an embarrassing flaw creep in? Keyless entry system also called as remote locking system have been around for decades now and while they are much safer than the traditional keys, they still aren’t entirely foolproof. From the video its evident that the owner was able to lock and unlock his car by using the keys of another Tiago. Mayur Nath Reddy, the owner of the car took it to Facebook and the news started going viral raising an alarm over car security systems. Should this be a concern for the rest of us? Let’s start by looking at the mechanism of keyless entry systems
A car’s keyless entry system works on the same principle as your TV remote, The tiny ‘car remote’ for your car consists of a short-range radio transmitter. When the remote is within a specific range (typically, 5-25 meters) of your car and you press one of its buttons, a coded signal, embedded in a radio signal, is sent to a receiver unit installed inside your car. The receiver unit then decodes and translates that signal, which consequently locks/unlocks the doors of the car. Keyless entry systems started out as a gimmick and in the very early days of keyless entry systems, around the 1960s, the transmitters were extremely simple. They sent out a single signal, and the vehicle responded by locking or unlocking. As keyless remote systems became common, the simplicity of this system created a big problem as anyone could drive down the street with a transmitter and unlock any car! They all used the same frequency and there was minimal to no security.
By the 1980s, keyless entry systems had become slightly more advanced and foolproof. You can see this level of sophistication in the above images. The first shows a controller chip (black) and a DIP switch (blue). A DIP switch has eight tiny switches arranged in a small package and soldered to the circuit board. By setting the DIP switches inside the transmitter, you controlled the code that the transmitter sent. The car would unlock only if the receiver’s DIP switch were set to the same pattern. This provided some level of security, but not much. Eight DIP switches provide only 256 possible combinations. That’s enough to keep several neighbours from unlocking each other’s cars, but not enough to provide any real security.
After reading all this don’t panic and chain your car to a tree, modern keyless entry systems have something called a rolling code to provide security. A 40-bit rolling code provides 240
which is about 1 trillion possible codes. Here’s how it works:
- Firstly, your car’s transmitter controller chip has a memory that holds the 40-bit code set by the manufacturer. When you push a button on your key fob, it sends that 40-bit code along with a function code that tells the car what you want to do (lock, unlock, Follow-Me-Home headlamps etc.).
- The receiver’s controller chip also has a memory that holds the current 40-bit code. If the receiver gets the 40-bit code it expects, then it performs the requested function. If not, it does nothing.
There is a one-in-a-billion chance of your car’s keyless remote unlocking another car’s doors. When you consider the fact that all car manufacturers use different systems and that the newest systems use many more bits, you can see that it is nearly impossible for any given keyless system to open any other car.
In this particular incident, the Tiago owner had to face that minuscule possibility. It shouldn’t pose that big of a worry as car’s today have an Immobiliser System(anti-theft system) which lets you start the car only if the code being transmitted from the keys match the code in the ECU. We hope that Tata Motors addresses this issue at the earliest and if necessary initiate a recall for all the affected vehicles.