The key fob scam

It used to be you could get a new car key made at any hardware store for $5. Then came the new electronic car key “smart” transmitter fobs, and suddenly it costs upwards of $500 for a new key. What’s worse, the electronic circuit boards in these key fobs “wear out” over time, forcing you to replace them. (Precisely why these electronic components without moving parts “wear out” is a question to which I have yet to find an answer.) I have been trying to understand how the price of car keys could go up by 10,000% without people complaining. The answer to that seems to be: sheeple. I have also been trying to understand why the price of car keys went up by 10,000%. I have found three purported explanations:

  1. The new keys are little computers.
  2. Programming the new keys requires expensive equipment.
  3. Programming the new keys takes a lot of time.

In the following, I consider each of these purported explanations in turn and dismiss them. Then I will briefly cover the real reasons that the new keys are so expensive: power and avarice.

The new keys are little computers

It is undeniable that the new smart key transmitter fobs are electronic devices. They need to transmit a radio frequency signal that matches the one built into the car. So, they are radios. And different cars operate on different frequencies, for security, so they must be adjustable radios. But adjustable radios are cheap. I just bought my son an adjustable bedside AM/FM clock radio alarm for about $12.

Of course, my son’s radio is a receiver, not a transmitter. It’s also about the size of a large paperback book, not the size of a key fob. Transmitters can be harder to build than receivers, and miniaturizing electronics often increases costs. However, you can buy a USB Wi-Fi adapter on Amazon for $12.99. The USB Wi-Fi adapter both transmits and receives Wi-Fi signals and can do so at numerous frequencies (not just at 2.6 GHz and 5 GHz but also on a variety of narrower “channels” within those bands). So there are no grounds to argue that a miniature adjustable radio frequency transmitter need cost more than $13.

There are some newer transmitter fobs for higher-end, mainly European cars that are more complex than simple radios broadcasting on a single (albeit adjustable) frequency. These keys use a “rolling” code whereby the frequencies on both the key fob and the vehicle change over time. Thus, unlocking the car is not simply a matter of transmitting a single frequency every time but of transmitting a different, matching frequency every time. This is fundamentally the same encryption technology that is built into RSA SecureID tokens, which cost about $50. I am dubious that this is truly a competitive price. RSA has a near-monopoly on these kinds of tokens, and rigorous competition would undoubtedly drive down the price. The function can also be emulated in software, for example, on your smartphone. Many “two-factor authentication” schemes for websites depend on this mechanism at no greater cost than installing an app. In any case, assuming that both the radio transmission function and the rolling authentication code function need to be provided in a high-end smart key fob, we can estimate that such a device could be sold profitably at a cost of no more than $63 ($50 for the rolling code generation and $13 for the radio transmitter). A OEM key fob blank for my 10-year-old car costs $167.

In short, the argument that the new keys are expensive because they are complex, miniature electronic devices does not hold water. There are lots of complex, miniature electronic devices on the market for much less than key fobs.

Programming the new keys requires expensive equipment

When you see the argument that programming the keys requires expensive equipment, you often see a photograph of a fancy machine, sometimes as big as a refrigerator, usually with a miniature computer monitor built-in. That kind of equipment is undoubtedly expensive. The question, though, is why that kind of equipment is necessary in the first place. Why aren’t key fobs built with micro-USB ports so that they can be plugged into and programmed from any old computer?

I have yet to see an explanation of why this couldn’t work. What seems to be roiling under the surface of these arguments (aside from the patently false claim that the programming device must be “more than” a computer) is the thought that the keys are deliberately designed to be hard to program. After all, you don’t want an arch-criminal stealing your car key and programming it on his laptop, do you? Well, why not? After all, once this imaginary arch-criminal has your car key, he already has everything he needs to steal your car. By hypothesis, he has the key. So he doesn’t need to also copy it first. The fundamental security mechanism of a car key—even a fancy new wireless smart car key fob transmitter—is possession. If you have the key, you can get into and operate the car. If you don’t, you can’t. So there hardly seems to be any point in making it difficult—nay near impossible and prohibitively expensive to boot—to copy a key for security purposes. The key is, well, the key to the kingdom. Once the bad guy has the key, the game is lost.

This is also a good place to point out that, although the key is a sufficient means to steal your car, it is not a necessary means. The bad guys can’t hotwire cars anymore due to these fancy new electronic lock systems. They can still carjack you, though. What’s more, they can still tow cars pretty much wherever they want. And that’s mostly what they do. How many times have you seen someone else’s car getting towed and stopped to verify that the tow operator is conducting the operation with the permission of the owner? Towing a car is just, well, towing a car. Totally ubiquitous and above suspicion. It is less shady-looking than hunching down under the steering wheel with a screwdriver. And once the car has been towed to a private location, the bad guy has all the time in the world to carefully replace all the “transmitter key” electronics and other components and replace them with his own.

Programming the new keys takes a lot of time

This argument is supposed to explain the other half of the exorbitant cost of car key fob replacement—the labor costs of programming the key, which are often as much as the cost for the electronics. But here again, we have to ask why it takes so long to program a key fob. Indeed, we need to ask why it is necessary to have professional labor perform the task at all. Because if the key fob had a micro USB port and could be attached to any old computer as I suggested above, then surely it would also be possible to build idiot-proof software to do the job. The procedure might be a little complex. (For example, you would presumably first have to attach a working key fob to demonstrate that you have possession of the key for that vehicle, then switch over to the blank key for programming.) It is doubtful that it would be any more complex than assembling a new vacuum cleaner or setting up a wireless router, though. And, if you can program your key yourself, not don’t have to pay for labor. Heck, you are not even subject to 15-minute “rounding” in labor costs.

So, why do they cost so much?

At the most basic level, car companies charge you so much for key fobs because they can. They design the key fobs and the matching ignition systems, they design the reprogramming equipment, and they patent everything to ensure that you can’t copy your key cheaply. If you want to buy a blank key, you either have to go to the dealer to get an OEM blank (which will cost you a pretty penny) or take your chances online and hope that whatever Chinese company is making the non-OEM blank has stolen enough intellectual property from the carmaker to do it properly. Similarly, if you want to get a blank key programmed, you either have to have the dealer do it with the carmaker’s own equipment and training (which will cost you a pretty penny) or you have to take your chances with a local locksmith, hardware store, or auto shop, which may or may not have the proper equipment and training to do the job correctly. There is a third alternative: you can take the blank and do a “chicken dance”—which typically involves making a senseless, bizarre-looking, and complicated series of maneuvers with the key fob, the key slot, the door handles, and other components of the car to transfer the programming from a working key fob to a new one. There is no rhyme or reason to the “chicken dance.” It varies from model to model. Its complexity is allegedly a security feature. However, as I pointed out above, if your arch-enemy the bad guy already has a working key (which the chicken dance requires), then the game is lost, and there is no point in requiring a song-and-dance routine to make a copy. With touch screens on the dashboards of cars these days, car manufacturers could make copying keys a step-by-step do-it-yourself operation that would require nothing more than a working key, a cheap blank, and a few button presses. Why don’t they? Because they don’t have to. Why not? Because we are sheeple.

Leave a Reply