Johns Hopkins University and RSA Labs demonstrate RFID token cracking and cloning with cheap FPGA hardware.
January 29, 2005
A low cost spoofing and cloning attack has been demonstrated by researchers from Johns Hopkins University and RSA Laboratories on some Texas Instruments RFID tag based tokens, used for transport road tolling and the purchase of fuel at petrol stations, and as part of a car key vehicle immobiliser system.
The researchers created a cheap code cracking device from off the shelf Field Programmable Gate Array hardware, to brute force attack the 40 bit keyspace. They wrote software to simulate the radio protocols of the RFID tokens on a laptop computer connected to radio equipment.
These tokens do not use modern strong cryptography, such as the AES algorithm, but the attack demonstration (including online videos) should be seen as a dire warning for the likes of Tesco, WalMart or the US Department of Defense who seem to be set to use billions of far less sophisticated yet still re-programmable RFID tags e.g. EPC Class 1 Generation 1 or Generation 2 tags, which do not use any encryption at all !
It also has implications for the privacy and security of new USA Biometric Passport for which it is also planned to use unencrypted RFID chips.
Cross posted from Spy Blog
Posted by wtwu