How thieves steal RFID-enabled cars

Brad Stone's feature on RFID-enabled car-keys for Wired is astounding. In the article, entitled "Pinch My Ride," Stone documents the many ways in which these security systems fail. Most profound among the failures is that insurance companies believe RFID-keys to be infallible and refuse to pay out when your car gets stolen. How do RFID cars get stolen? Well, thieves can disable the RFID reader by removing a fuse, find the spare RFID key in the manual in the glove-box, steal RFID-enabled blanks from a dealer, or, most astoundingly, use a semi-secret sequence of pulls on the emergency brake.

This is a textbook example of how security systems can fail: if you strengthen only the door of your safe, thieves will go in through the sides. Like the biometric fingerprint-reading car locks in Malaysia that thieves defeat by amputating your fingers, an RFID car lock merely pushes the security problem to a different place:

[…]Montes fed the guy a barely credible story about a cousin who had dropped his keys down a sewer. The dealership employee was at home but evidently could access the Honda database online. I gave Honky’s VIN to Montes, who passed it along to his friend. We soon had the prescribed sequence of pulls, which I scribbled down in my notebook.

I walked outside and approached Honky. The door lock would have been easy – a thief would have used a jiggle key, and a stranded motorist would have had a locksmith cut a fresh one. I just wrapped the grip of my key in tinfoil to jam the transponder. The key still fit, but it no longer started the car.

Then I grabbed the emergency brake handle between the front seats and performed the specific series of pumps, interspersed with rotations of the ignition between the On and Start positions. After my second attempt, Honky’s hybrid engine awoke with its customary whisper.

Link