April 29th '11 20:45

meatspace authentication

Two interesting bits of real-world authentication - or lack thereof - came across my bow this morning.

First, the CA DMV. In California, you can get a DMV appointment, which means you only wait half an hour to get your essential government service, instead of an hour and a half. Awesome, right? Except the next appointment is usually a month away. I've always been a good citizen, making my appointments, waiting patiently, and getting my registration done a few weeks after the legal deadline (10 days for used vehicle purchases).

Here's the thing though - if you seem like you know what you're doing, you don't have to prove you have an appointment. So you can go to the DMV whenever you want, stand in the appointments only line, and say you have an appointment for whatever the upcoming even-10-minutes time is, and bob's your uncle. If you seem confused or don't speak english, they'll want to see a printout of your appointment confirmation email, which is also easily faked. I'm not sure why I didn't think of this before. Proceed at your own risk, of course.

My second errand today was to get some keys copied. There's a great key show down the street from my house, so I stopped off on my way home from the DMV and asked if he could copy the key for my truck. This is an early chipped key, so there's a bit of RFID happening and you have to 'program' the vehicle to recognize the key. Normally this is done by using two already-working keys, and talking to the ECU by doing things with the keyless entry keypad. If you don't have two working keys (as I didn't), you have to connect a programmer to the OBD-II port and instruct the ECU to look for a new key. And before the ECU will do anything, a 10 minute timer has to expire.

I thought this was really weird at first - two keys to program it? 10 minutes to read a value and store it in NVRAM? What the what? - but its actually a pretty decent design. If you could program new keys with just one key, valets could readily steal cars. If all you needed was to talk to the ECU for a few seconds to program a new key, anyone with a key impression and some minor electronics knowledge could make off with the car handily. The delay helps out as much as is probably reasonable. Of course, none of this addresses the (probably super trivial) walk-by cloning that's possible today, but hey, it was almost 20 years ago when this stuff was designed.