The first automotive transponder system was legislated into existence in 1993 in the European Union (EU). 1993 also was the first year that a wireless keyless entry system, or remote, was introduced by Renault on the 1993 Fuego.
In 1996, Ford introduced the first transponder-based anti-theft system in the United States. Other manufacturers began to bring out their own transponder-based anti-theft systems in 1997. Then, Ford in 1999 announced that transponder-based anti-theft systems would be standard equipment on all their U.S. passenger vehicles.
Actually, there were two exceptions in 1999: the Ford Escort and Mercury Tracer. The Tracer had been discontinued after the 1998 model-year, but some leftover vehicles were sold as 1999 models. In 1999, the Escort was scheduled to be discontinued but continued in limited production through the 2003 model-year.
As far as I’m concerned, the Transponder Era began in the United States in 1999. So automotive locksmiths have dealt with transponder systems for roughly a quarter of a century. The early technology was crude by today’s standards. Many vehicles could be programmed only by using onboard techniques, and on some vehicles — notably Lexus and Toyota — no provision was made for an “all keys lost” situation other than replacing the vehicle computer. Things settled out a bit, and by the mid-2000s, most vehicles used some type of diagnostic computer for transponder key duplication and replacement, although many retained an optional onboard procedure for duplicate keys.
The effectiveness of transponder-based anti-theft systems isn’t in doubt. Before the introduction of transponder systems, the EU was plagued with auto thefts that were much higher than anything the United States ever saw. This was caused in part by the fall of the Berlin Wall and the social upheavals in Western Europe at the time. Gang activities soared, and thousands of vehicles were stolen simply for the sake of “joyriding.” Most of those stolen vehicles were set on fire or driven into canals when the gangs were done with them. This unprecedented wave of vehicle theft spurred the EU to legislate better anti-theft systems in all vehicles sold in the EU.
Transformational Change
Our industry has been changed forever as a result. When I began my career in 1973, my most important tools were a pair of vise grips and a file. Now, I carry a minimum of four diagnostic programmers in my truck and have seven more at the shop that I drag out for special vehicles. My daily work revolves around transponders and transponder systems, and generating the actual key is almost secondary. In addition, many of the newer transponder anti-theft systems have merged with the vehicle remote in the form of proximity, or prox, fobs.
This emphasis on electronic systems convinced many old-school locksmiths that working on modern vehicles just wasn’t worth the effort. The investment in equipment and supplies requires a major financial commitment. But even more important, the cost in time and effort in keeping up with the technology, which changes constantly, is more than many are willing to invest.
As a result, automotive locksmithing has become a specialty, much the way that electronic safe locks created specialists in the safe and vault fields. And just as with those other specialties, automotive locksmithing rapidly has become a lucrative opportunity for those who are willing to tackle the challenges.
I live in Pensacola, Florida, which is an odd mix of tourist destination, military and industrial centers. In that mix, there are plenty of opportunities for locksmiths who don’t want to work on vehicles. I seem to be the only one in town who specializes in automotive locksmithing. Two or three other locksmiths still do automotive work in addition to residential and commercial locksmithing, but most of the others have given up on the automotive field, other than the occasional lockout.
Several locksmiths refer all their automotive calls to me. Others will refer anything of an advanced automotive or antique-car nature to me. In addition, I find myself doing more dealer work, because so few people are interested in that type of work, which has its own challenges.
Revenue Streams
When transponder anti-theft systems began to appear, many automotive dealers looked at them as a nuisance that got in the way of their normal service work. But the manufacturers saw things differently.
From the perspective of the manufacturers, transponder systems quickly went from “just another gadget” to a way to bring car owners back to the dealers for additional services, with the potential to create huge new revenue streams. Within a few years, transponder anti-theft systems were designed with more emphasis on bringing revenue into the dealerships than on actual theft prevention.
Most auto manufacturers never liked the idea of automotive repairs being performed outside of the dealerships, but there wasn’t much they could do about it until computerization, which includes transponder and remote systems, came into being. Now that manufacturers control the specifications of the systems and can change those specs at will in the name of “increased security,” they work diligently to make the lives of locksmiths as difficult as possible. Changing the specs on transponder and remote systems on a regular basis makes it difficult for anyone outside of the dealership to stock parts and keep their software updated for the newest vehicles.
Encryption systems have been a gold mine for the manufacturers. By increasing encryption levels to ridiculous levels, they force locksmiths to buy more-expensive tools and equipment just to keep pace. And, as a bonus from their point of view, these insane encryption levels make cloning keys even more difficult.
You might believe that I exaggerate when I use terms such as “insane” or “ridiculous” to describe the encryption level of modern transponder anti-theft systems, so let me put that into perspective for you. The National Security Agency (NSA) requires 80-bit encryption for “Top Secret” data transfers. This level of encryption would take a supercomputer more than 1 million years to defeat. Many automotive systems, including those by Ford, Lexus and Toyota went to 80-bit encryption around 2010. In 2017, the new Ford F-series pickup went to 128-bit encryption, and some vehicles now use 256-bit encryption! That level of security is absurd for protecting vehicles, yet the manufacturers continue to roll out systems that have higher levels of encryption.
This has little to do with vehicle security and is mostly to prevent people outside a dealership from being able to service these systems. The higher encryption levels themselves are misleading, because the claimed encryption levels never would pass muster in the world of true cybersecurity. This point was driven home for me in 2011 when I was shown how to change the so-called encryption level of a chip in older Ford keys from 40 bits to 80 bits by using a simple tool that cost less than $100 at the time.
During the Reagan years, we often heard the phrase, “A rising tide lifts all boats.” That has been true with automotive transponder systems. Just as the dealers reap huge profits in selling and servicing these systems, automotive locksmiths who are willing to make the investment in time, tools and inventory also are increasing their bottom line.
Current Trends
Most of the first-generation automotive transponders were manufactured by Texas Instruments or Megamos. Today, many smaller companies, mostly located in China, produce specialty transponders that can emulate the functions of various automotive transponders. Some of these companies supply chips to the auto manufacturers and automotive locksmith market as well.
Probably the most widely known of these is the Super Chip from Xhorse. (Image 1) These inexpensive chips can be programmed quickly and easily to emulate many different automotive transponders. They can be used for cloning and generating a key or prox fob that will be recognized as a “dealer key” by a wide variety of vehicles. Super Chips can be programmed by using several different tools but are designed to work with Xhorse tools, such as the Key Tool, Key Tool Max, Key Tool Mini and Key Tool Plus. (Images 2 and 3)
The Super Chip also is incorporated into the line of Xhorse Universal prox fobs and flip keys. These fobs, while certainly not truly universal, can be programmed to emulate an amazing variety of vehicle prox fobs and flip keys and are available in many forms, some of which are almost indistinguishable from the various OEM fobs.
I began to stock these fobs several years ago, and they have proven to be invaluable. Because I live in a beach town, I’m forced to deal with fobs and keys that either have been lost on the beach or “accidentally” taken for a swim in salt water. Tourists often are stranded far from home until they can get a replacement key or fob. The Xhorse Universal fobs have allowed me to rescue many families and salvage their vacations when I didn’t have an OEM fob for their vehicle.
Autel recently entered the “Universal Smart Key” market with its new MaxiIM KM100 tool (Image 4) and line of IKEY fobs. The KM100 obviously is produced in conjunction with Xhorse’s equipment, because many of the menus and functions of the KM100 are virtually identical to the same functions on my Key Tool Max, but the KM100 delivers much more programming capability than the Key Tool Max. I haven’t had my KM100 long enough to get a feel for the capabilities of the tool, but it already has allowed me to rescue the owner of a late-model Mazda at a fraction of what the dealer had quoted. And, yes, I made a healthy profit at the same time.
A variety of OEM look-alike IKEY fobs already have been announced, but at the time of this writing, they’re in short supply. But soon, I expect to be able to offer look-alike fobs to my customers at attractive prices.
One of the options that I’m particularly excited about is the look-alike Chrysler prox fobs. The KM100, with its Bluetooth VCI connection and the capability to essentially clone a prox fob, will be a huge time-saver and revenue booster on Chrysler products. With this tool, I hope to bypass the Chrysler/FCA Security Gateway ordeal when I add a prox fob.
Speaking of FCA
As you probably know, FCA vehicles have been a huge pain to program since FCA introduced the Security Gateway concept on the 2017 Chrysler Pacifica. On some new Jeep vehicles, you must pull down the rear edge of the headliner just to add an additional prox fob!
Now, in an attempt to add insult to injury, FCA has begun to send letters to owners of FCA vehicles that urge the owners to have the RF Hub “locked” by the dealership. In the letter, owners are told that there’s a “software security vulnerability that allows experienced thieves to program their own key fob using aftermarket diagnostic tools.” There’s no mention of the fact that FCA has been aware of this “vulnerability” since 2015 or that this “vulnerability” is the same technique that their own technicians use for programming.
If the vehicle owner is gullible enough to fall for this, then the RF Hub must be replaced before even the dealership could add or replace a lost prox fob. I already encountered a Chrysler vehicle where the RF Hub was locked. Fortunately, my Autel IM608 alerted me to this in the initial IMMO scan, so I didn’t waste half my day trying to figure out why I couldn’t program a key for the vehicle. That vehicle was at a used-car dealership, so it got sent back to the local Chrysler dealer for repair. But I plan to make checking the RF Hub to see whether it’s locked part of any late-model FCA vehicle programming from now on. I also hope my new KM100 will allow me to bypass this inconvenience. We’ll report more on this at another time.
In the meantime, transponders are here to stay, and if you want to be an automotive locksmith, you’ll have to spend the time and the money necessary to work in that market. As I always say, “There is no automotive job that will require you to be a rocket scientist, but almost every job that you do will be different.” It will be your responsibility to keep abreast of the changes in systems and equipment and different techniques. If that sounds like a challenge that you can handle, then automotive locksmithing might be the right career for you.
Steve Young has been a locksmith since 1973 and has trained and taught locksmiths since 1988. He is a frequent contributor to Locksmith Ledger.