A group of computer security researchers in Israel and Belgium say they've discovered the electronic equivalent of a Slim Jim -- a way to pop the electronic door locks on most cars without ever touching them.

Drivers don't have to worry about their cars being hacked just yet – a baseball bat is still a more effective auto theft tool – but the announcement shows yet again that newfangled security devices can be more vulnerable than you think.

Most modern cars are now equipped with convenient remote keyless entry systems. Now it seems that tool could be a convenient way for criminals to break into hundreds of cars in an afternoon.

By listening in on the wireless "conversation" between a car and its key, the researchers found they could crack the code that keeps the communication secret. Then they were able to emulate the electronic key and trick the car into unlocking itself.

Nearly all cars with remote keyless entry use an encryption system called KeeLoq. It was developed during the 1980s and purchased by Microchip Technology Inc. in the 1990s. Like all encryption systems, KeeLoq scrambles messages so they can't be read by anyone who intercepts them. Only someone -- or something -- with the appropriate deciphering key can unscramble the message.

Eli Biham, a computer science professor at the Technion-Israel Institute of Technology, says there are 18 billion possible keys for a KeeLoq transmission, making it practically impossible for even the fastest computer to work out the key through brute force.

"But," he said, "we found a shortcut."

By intercepting several transmissions from the electronic key and analyzing them, Biham and his colleagues say they were able to eliminate many of those 18 billion possibilities and work out a master key in about one day. All that's required is remote access to one key for about an hour -- say, while a person is sitting in his office with the key still in a shirt pocket.

Then, after working out the encryption scheme, Biham's group says it can unlock all cars using that master key within a few minutes.

"In modern ciphers, you don't expect this to happen," Biham says, noting that carmakers are still relying on 20-year-old cryptography to keep cars safe. "I don't understand how companies sell cryptography from the 1980s."

'Badly broken'
The research paper, called "How to Steal Cars, (PDF)" was presented at the Crypto 2007 conference at the University of California, Santa Barbara, last week. Exact details for exploiting the discovery won't be published for several months, Biham says, but Microchip Technology was informed weeks ago.

"KeeLoq is badly broken," the paper says, adding, tongue-in-cheek, "Soon, cryptographers will all drive expensive cars."

Microchip wouldn't comment on the team's discovery.

"Microchip Technology Inc. doesn't address matters of security in the public domain," was all that spokesman Eric Lawson would say.

But other cryptography experts said the research was significant.

"This is a very practical application of cryptanalysis," said Jon Callas, chief technology officer with the encryption firm PGP Corp., who attended the presentation. "There is a larger lesson here, which is some of these devices aren't as secure as they are being sold to us."

Slim Jim a bigger threat
Still Callas isn't worried about his car locks being hacked just yet. There are several barriers to using the technology. While a key hacker would be able to pop the lock on the door and perhaps disarm and alarm, he or she probably couldn't get the car started without using old-fashioned car theft tools, he said. And even with the most sophisticated computers, hacking the locks still takes over an hour, while a baseball bat can do just as good a job in a second or two.

"There is not a whole lot of threat to the end consumer," he said. "A guy with a Slim Jim is a bigger threat."

The method could prove lucrative under the right circumstances, however. A thief armed with a master key could park a car with listening devices in the middle of a shopping mall lot and eavesdrop on every car as a driver parks, walks away, and pushes their key to lock the doors. Within seconds, the transmission could be intercepted, analyzed, paired with information about a known master key and used to pop the locks. A criminal could theoretically open hundreds of cars each day that way, stealing a treasure trove of iPods and GPS gadgets without leaving a trace

"That would be worth someone's time," Callas said. Victims "would have a hard time convincing (their) insurance companies that this had happened."

A simple fix
Modest adjustments to encryption tools would foil such a plot, Callas said. Biham's method requires tricking the car's system into answers a long series of questions. But the use of "throttling" -- inserting a delay after every three requests, as some Web sites now do – can slow or eliminate such brute force attacks. So Callas has no plans to disable his electronic locks, which could be done by disconnecting the car's battery while parked.

"I'm more concerned about losing my radio presets than having my car stolen like this," he joked.

Intense research into Keeloq by several groups began last year after proprietary information about KeeLoq's cryptography was leaked onto a Russian Web site. Biham said the information aided his group's research, but argued that properly implemented cryptography should withstand publication of such details.

Both he and Callas were critical of Microchip for not publishing its cryptographic scheme in public earlier, which would have allowed researches to probe it for holes.

"Those of us who are in the field believe that algorithms should be published from the start because an analysis can strengthen them," Callas said. "We only use public algorithms because in long term they are more secure."

While the immediate threat to car owners is low, Biham says the research shows the technology used to protect remote keyless entry systems is outdated.

"There are other tools criminals can use today (to steal cars) that are easier," Biham says. "But we show that it's possible to (hack the locks) and these systems to be replaced."

You think your cell phone bill is bad? It's probably nothing like the $3,900 monthly bill Sarah Howe just got.

A $3,900 bill might seem impossible, but if you ever plan to use your cell phone overseas, or you give one to your traveling teen-ager, you'd better read on.

Howe's 18-year-old daughter, Hannah, spent July in Mexico attending an art class at a small village named San Miguel de Allende, about four hours outside Mexico City. Mom wanted Hannah to feel safe and connected during the trip, so she let Hannah take her T-Mobile phone.

But Howe, who lives just outside Washington D.C., was worried about the potential phone bill. Hannah had taken a similar trip to Mexico the previous year and come back with a bill of several hundred dollars. So Howe said she called T-Mobile before the trip to make sure Hannah was on the proper plan for calls and text messages from Mexico.

Two weeks into the trip, she called T-Mobile again to make sure the bill wasn't outlandish. It was too late: It was already nearly $4,000. Text messaging accounted for about $200 of the bill; the rest was for incredibly expensive conversations, billed at $1.49 per minute.

"Here's one call that's 86 minutes, for $128. Here's one that's $122, another that's $102, all on the same day," Howe said, looking over the 49-page bill.

Still, a $3,900 phone bill would have required Hannah to talk for more than 40 straight hours. Perhaps that's not unthinkable to parents of teen-agers, but Hannah has told her mother she didn't make all those calls.

Since most of them say "number unavailable" on the bill, it's impossible to track down what really happened, Howe said.

Hannah Howe

T-Mobile spokesman David Henderson confirmed that the firm had talked to Howe and was investigating the situation, but said he couldn't provide additional information, citing privacy reasons.

Howe said she was told by T-Mobile customer service representatives that she had to pay.

"One of T-Mobile reps I talked to told me he had never seen anything like it," she said.

Still, they offered no relief from the bill, even though there was "no explanation for all the incoming calls in the middle of the night billed to her phone for hundreds of dollars – with no phone number listed on the bill to track. They just said I had to pay the thousands. (It's a) nightmare."

Persistent calls to customer service, and a call to MSNBC.com, seem to have softened the firm's position. On Thursday, Howe said she had an amicable conversation with a different T-Mobile representative and they discussed an "equitable way to end all this."

Many cell phone users are finding themselves in the brave new world of borderless cell phone dialing – without borderless rates. Hannah's phone was enabled for international calling because her mom had turned on what T-Mobile calls its "World Class" feature. Calling rates vary wildly through World Class (they are explained on T-Mobile's Web site), but the standard rate for using a T-mobile phone in Mexico is $1.49 per minute – incoming or outgoing. Mexico ranks in the middle of T-Mobile's prices. Calls from Spain are 99 cents per minute, for example, which calls from New Zealand are $1.99 and calls from Russia are $4.99.

Other major providers also offer international calling rates, though coverage varies widely. Many U.S.-based cell phones are not compatible with overseas cell networks.

All international cell phone calling brings with it other expensive potential pitfalls. Some carriers charge when calls are placed to your phone, even if you don't answer it -- because the call was carried over another company's network in order to reach your handset. To be safe, you should keep your phone off while traveling unless you need it.

OTHER RED TAPE WRESTLING TIPS
• Consumers should always call their cell phone companies before taking their handset on an out-of-country trip to a) see if the phone will work, and b) understand the financial consequences of using it
• Renting a cell phone at your destination might be cheaper than using your own, so consider that. Also, callers with handsets that accept SIM cards can buy local cards and save money, as long as they've unlocked their phones. Call your carrier to ask for unlock codes, or search the Internet for instructions.
•Forward your calls to a voicemail box so you can get less-essential messages using a land-line or calling card. But know that there is a difference between a "soft" forward, which happens at the phone, and a "hard" forward, which happens at the network. With a soft forward, you might be charged for a call connection. Call your carrier to implement a hard forward.
*T-Mobile offers a special plan called kidConnect that disables the phone once kids use up their minutes (though they can still call mom and dad). With that plan, there's no surprise bills. Check with your carrier for similar "capped" plans.

Nicki Harris couldn't understand how she'd exceeded the monthly minutes on her Sprint calling plan. She is careful with her prime-time calling and pays for a plan that gives her free Sprint-to-Sprint calls, so calls to her husband and mother don't eat into her monthly allotment. Yet her bill showed she had shot clear through her 800-minute-per-month ceiling.

A close look at her monthly bill revealed a surprising culprit: Numerous calls to retrieve voice mail had chewed up many minutes.

"I noticed overage charges for calls to my voicemail," said Harris, 28. "I thought this was a mistake, so I e-mailed customer service and they responded that they do not consider calls to voicemail to be a call to a Sprint phone number. ... It's hard to believe."

But it's not a mistake. Free Sprint-to-Sprint calls don't include calls to voicemail, the company told me. And it turns out Sprint isn't alone. AT&T/Cingular and Verizon also charge regular per-minute assessments on voicemail calls.

Add voicemail to the long list of sneaky, hard-to-figure charges to look for in your telecom bills.

Of the four largest carriers, only T-Mobile considers voicemail calls as in-network calls.

Sprint spokeswoman Jennifer Walsh defended the policy by saying the free mobile-to-mobile minutes is a promotion designed to "encourage people to call other subscribers." Also, she said, callers could "game the system" by using the voicemail to place outside calls, thereby getting outside network calls for free.

Verizon and AT&T/Cingular didn't get back to me in time with explanations.

Nicki Harris and Ray Evans

But one has to wonder how many consumers understand the distinction. It might also make you wonder about the delays you must endure while retrieving voicemail and setting other options. On my Verizon phone, for example, I'm told I have an unheard new message three times before the message is actually played. ("You have one unheard message. The following message has not been heard. First unheard message.")

Harris only lost about $5 on her most recent bill due to the voicemail calls, but the San Antonio, Texas, resident and devoted hidden-fee sleuth tried to argue the principle with Sprint.

"This is insane. How is checking my voice mail not a Sprint-to-Sprint call?" she said. "I couldn't find any written policies anywhere on this."

She did complain to Sprint, and asked for a refund. In an email reply, the company dug in.

"Calls made to your Voicemail are not considered as Sprint to Sprint, as the Voicemail number is a non-Sprint number. As the charges are valid, no credit is due," wrote Joe R. from Sprint.

Fees for not calling
Of course, this is hardly the first absurd policy you'll find on telephone bills. Earlier this year, Verizon's long distance division dreamed up a new fee for consumers who don't use their service. Consumers on Verizon's basic calling plan are now charged $2 a month (plus tax!) in each month they don't make long-distance calls from their land line. It's called a "short fall" charge and amounts to a minimum fee.

A month without long distance calls isn't as rare as you might think. Given the proliferation of free long-distance calling on cell phones, plenty of consumers don't dial long distance from home any more. At Verizon, they all have to pay $2 now.

It's kind of like getting charged by Exxon for gas on a month when you don't drive your car and take the bus instead.

Consumers who find this $2 charge on the bill do have an option -- they can disable long distance service entirely from their phones. That will cost you a one-time $5.50 fee, however.

Verizon's Jim Smith defended the short-fall fee, saying that consumers should be expected to pay something for maintaining the "potential" to make a call. Consumers who pay a monthly fee for a discounted long-distance plan don't have to pay the short fall fee. But a lot of consumers don't have a discount plan -- about 2 million of Verizon's 15 million long-distance customers, Smith said.

"We believe everyone should be on a plan," he said.

Or perhaps Verizon believed a clever turn of phrase would ensure those 2 million customers generate a guaranteed minimum of $48 million a year. Prior to April, when the fee was implemented, consumers without calling plans who made no calls paid nothing to Verizon.

Verizon isn't alone in its minimum monthly charge. At AT&T, the monthly minimum is $4.95.

That should give you even more incentive to shut off your home long-distance service. When you do, you'll also save a couple of extra dollars in universal service taxes.

Of course, if you do that, you'll have to keep a close eye on your mobile phone bill, and be particularly judicious with voicemail calls.

RED TAPE WRESTLING TIPS
•If you retrieve voicemail during the day, access it "remotely" from your office phone as often as possible. That will save you cell phone minutes.
•Get to know shortcuts that allow you to bypass voicemail menu trees as quickly as possible. Saving one minute per call could really add up by the end of the month.
•Shut off long distance access from your home phone to avoid monthly minimum charges and universal service fund fees.

Leah lived for seven years with an abusive man. The bruises, the bleeding and the isolation were only part of his strategy to control her, she says. He turned technology on her, too. He installed spyware on her computer, read her e-mail, tracked her cell phone calls, spied on the Web sites she visited, even attached a GPS locator device to her car.

One day, after she visited her college Web site, he accused her of trying to contact a former boyfriend. The punishment was severe.

"He beat me all weekend after that," she said.

There's nothing new about abusive spouses using technology to terrorize, said Cindy Southworth, technology director at the National Network to End Domestic Violence. What is new is that now nearly all abusers use high-tech spying tools to try to extend their domination, she said.

That's why the domestic violence victim advocacy group is running a training session on high-tech spousal abuse tactics this week in Kansas City for employees and volunteers at the nation's 2,000 local domestic abuse shelters.

"Victims find us every week," she said. "We are constantly hearing stories now from local agencies we've trained on this. … Everybody is using technology now, so in every domestic violence case, the parties are using technology."

Spyware has been around for years, and so have software packages marketed specifically to suspicious spouses.

But so have wiretapping laws which make electronic interception of other people's conversations illegal -- making use of such spouse spying tools a likely violation of federal law. That should make you scratch your head when you search for "cheating spouse" on your favorite search engine and find thousands of links to software products specifically intended to spy on husbands or wives.

In at least one high-profile case, a software maker was indicted by federal authorities for marketing spouse-spying products. In August 2005, Carlos Enrique Perez-Melara was indicated in the Southern District of California for creating and selling a product called "Loverspy." Four Loverspy users also were indicted.

But the legal action hasn't slowed the use of spy technology in abusive relationships, Southworth said. If anything, the tools are more common now and much easier to use.

GPS makes it easy to track victims
The latest twist: GPS gadgets that sell for hundreds of dollars that can be secretly installed on a victim's vehicle. The unit beams coordinates to a Web page that maps the victim's car wherever it goes.

Leah's former husband placed a GPS unit underneath the hood of her car, she said.

"He would show up everywhere I was -- the grocery store, at work," she said.

Leah was scheduled to tell her story at the week-long "Safety Net" technology awareness training, which is designed to teach shelter workers and volunteers about the latest high-tech weapons that are commonly used in abusive relationships. Leah, a 35-year-old from Minnesota, agreed to talk with MSNBC.com under condition that we preserve her anonymity.

Leah says she was naive about technology when she met her future husband in 1994. Looking back, she said, the signs of paranoia and his need for control seem obvious, though they weren't at the time.

In 1998, he gave her a cell phone and demanded that she answer it within two rings. At night, he would search the call history to see who she'd been talking to.

"I didn't realize he could do that at the time," she said.

Things escalated quickly. One evening, she woke up to find him e-mailing her friends, pretending to be her. He was fishing for information about where she'd been.

She began taking extra precautions, such as deleting her Internet browser cache, but that was ineffective. Spyware he'd installed on the machine allowed him to watch her every move online.

Cut off from the outside world
Southworth said spying is just one goal when an abuser uses high-tech tools. The other is isolation. In a traditional abusive situation, a spouse or lover will slowly cut off the victim from the outside world, discouraging interaction with friends and family. In extreme cases, the couple will actually move far away from family and friends, making e-mail and Web access the only remaining tie to other relationships and normalcy.

"The reason they do this is to maintain power and control," Southworth said.

The tactics are effective, as Leah learned quickly when she could no longer e-mail friends.

Several research projects have shown that the most dangerous time for an abused spouse comes when the victim considers leaving or ending the relationship. There is real danger that the violence will escalate then, Southworth said. Technology can genuinely endanger victims at this point.

"With spyware, if the victim is thinking about leaving, all that is captured. If the victim looks for plane tickets, shelters, a new apartment, it all shows up in the computer logs," she said. Given the prevalence of spying software, the agency now advises anyone in an abusive relationship not to use their home computer for these kinds of tasks. Instead, they should go to a public library or a friend's house and use their computer for research, Southworth said.

Spyware difficult to spot
Hiep Dang, a security researcher from McAfee who will offer a presentation on technical aspects of spyware at the domestic violence conference, said some people mistakenly believe they can find spyware when it's installed on their computers.

"The programs can run in stealth mode undetected," he said. "They make it very difficult to find these applications on a machine."

McAfee's antivirus product will detect and disable most spouse-spyware programs, as will several other antivirus products, but anyone with physical access to the computer can disable and bypass the security software fairly easily.

Separation makes it easier for victims to keep their computers clean of spyware, but it's no guarantee that technology can't be used against them. Long after Leah had left her husband, he was still trying to track her.

Two years ago, knowing that Leah had grown cautious about using her computer, he sent an electronic greeting card laced with spyware software to Leah's mother. She didn't fall for the trick, but the incident served as a reminder that Leah must still be wary of the kinds of things her former lover might do.

'Always going to be a battle'
Leah has 5-year-old and 7-year-old daughters, and must constantly remind schools and social groups not to put the girls' pictures or names on Web pages her ex-husband could easily find.

"There's always going to be a battle around technology and safety for us," she said.

Southworth is quick to point out that technology tools are not the cause of abuse, and said she doesn't believe they contribute to an escalation in violence.

"Twenty years ago, abusers checked auto odometers to keep track of spouses. We've had phone tapping for decades," she said.

Leah's not so sure.

"There were more tactics used to stalk me because of technology. I was directly punished because of these things. I was bleeding and black and blue because of a technology (device) he had used," she said. "I love using e-mail, I love my cell phone. There are all these great things about technology, but for someone in my position there's so many downfalls to it all that people are just are not aware of.

"If there was no that technology, my past and present would have been easier and my future (would) be easier," she said.

TIPS
*Anyone in a bad relationship should not use their home computer -- or any computer that an abuser has physical access to -- for research. Use a computer in a public location to find information on shelters or to communicate with friends.
*Updated antivirus software will generally detect the presence of spyware, but only if it is configured properly. Victims who leave an abusive situation and get a new computer should keep software updated and be very wary of unexpected e-mails or electronic greeting cards.
*The National Network to End Domestic Violence has much more information available on its Web site.

If you think a lot of fake e-greeting cards and unexpected e-mail attachments are landing in your inbox lately, you're right. Spammers have once again reinvented their techniques and in recent weeks have been pummeling inboxes with specially crafted messages that evade many spam filters. Their latest trick: Adobe Acrobat attachments hawking stocks and the usual body-enhancement medicines.

Just this week, massive spam campaigns pumping two tiny stocks -- Prime Time Group Inc and China Shoe Holdings Inc -- peppered Internet users. There was so much spam that China Shoe Holdings was motivated to issue a press release Wednesday saying it had nothing to do with the e-mails.

Security firm Sophos said there were so many messages touting Prime Time Group that the total amount of spam sent to its clients jumped 30 percent within 24 hours.

"This was the mother of all (Acrobat) spam campaigns," Sophos researcher Ron O'Brien said.

Sophos has a detailed description of the spam messages on its Web site.

The swift rise in what some are calling "attachment spam" corresponds directly with an equally rapid decline in image spam, which became spammers' favorite tactic about six months ago. Image spam includes only pictures advertising stocks or products. With no text, the messages can trick filters that scan for suspicious words like "BUY!"

But as spam blockers improved their ability to detect unwanted image spam, spammers turned to the Acrobat attachments with advertisements that have become the next step in the cat-and-mouse game, O'Brien said.

"This is a clear sign that anti-spam vendors are having more success in blocking image-based attacks," said Doug Bowers, a researcher at Symantec Corp. "But spammers keep poking and prodding."

The new kind of spam also corresponds with an increase in fake greeting card messages, and that's no accident, said O'Brien. In fact, Sophos researchers think all these developments are tightly related. Would-be spammers first send out fake greeting cards, which trick recipients into visiting Web pages that are booby-trapped with malicious software that allows visitors' computers to be hijacked. Then those hijacked computers are turned into spam machines, and directed to send out attachment spam. The two-stage attacks are very effective.

With success comes imitation. Attachment spam was virtually nonexistent earlier this year, when half of all spam was image spam, according to Symantec's recent state of spam report.

Attachment spam began to emerge in June, and by July accounted for 8.2 percent of all spam. Meanwhile, image spam was down to 25 percent. And in the past 48 hours, thanks to the large spam campaigns, about one-third of all spam was attachment spam, Bowers said.

Of course, if the spam weren't profitable, it wouldn't continue. A glance at Prime Time Group Inc.'s stock chart suggests the recent stock-pumping spam might be dramatically effective. The stock is up about 75 percent from its opening price on Friday morning, though it's impossible to know how much of that might be connected to the spam campaign that began Tuesday morning.

Still, the Security and Exchange Commission has shown recently it's worried about stock spam. In March, it suspended trading in 35 companies that had been promoted in e-mail campaigns.

RED TAPE WRESTLING TIPS
*Don't ever read electronic greeting cards. They have officially become more trouble than they are worth. If you think one might be authentic, and you just can't resist, call the sender before opening it to make sure the card is real.
*So far, "attachment spam" is not infectious, just annoying. The Acrobat files researchers have inspected contain a simple message, but no computer virus, so if you've opened one of those, that doesn't mean your computer is infected. But avoid opening the attachments anyway, because future versions of the spam could very well be laden with spyware or Trojan horse programs
*Ensure your antivirus and spam-blocking software is up to date.

SUBMIT YOUR RED TAPE VIA VIDEO
Got some Red Tape you'd like MSNBC.com to untangle? Submit your personal saga via video by clicking here.

Everybody knows cell phone calls can be expensive. But can a single call to your provider's customer service line cost you $200? It sure can.

Chris and Irene McCann of Palmdale, Calif., found that out the hard way. Irene called the company in September after the couple had moved and run into trouble using their phones. The conversation seemed harmless -- until Chris tried switching cell phone providers nearly a year later.

Their story, like the tale of Yon-Paul Siebeneck we shared earlier this month, will make you want to grab your most recent cell phone bill looking for answers. Trouble is, you might not even find what you're looking for in the small print.

But you will find an explanation in the Gotcha Room by watching this video, produced by NBC's Andrew Gross, with graphics by NBC's Corey Hall. You can also click to read a transcript.

This transcript has been added in reaction to several comments below. Thanks to readers for the suggestion.

TRANSCRIPT:

When Chris McCann switched cell phone companies, he thought he was free of his original contract. But then he and his wife were hit with a $200 early termination fee. Why? His two-year contract had been quielty extended an extra year.

McCann: We had no paperwork. We had no signatures. We had nothing from them indicating we had ever done anything to extend our contract beyond the original two-year obligation that we had.

What happened to Chris? Let's go to the Gotcha Room.

Gotcha Room: It might not seem right but it is how they do business. Cell phone companies can extend your contract without you ever signing anything. Say you call up your cell phone company and you ask for more minutes or just an address to mail a check. You might find your contract has just been extended another two years.

The key to changing providers without paying an early termination fee is knowing when your contract is up. But that's easier said then done. Especially when contracts are extended without your knowledge.

McCann: They never send you anything in writing. It never appears on your bill. You really have no way of knowing unless you call them and specifically ask. And even if you do ask they seem to be a bit evasive in trying to answer the question.

Want to avoid this kind of surprise? End every call or visit with your cell phone company by saying clearly you do not authorize any contract extensions.