SpeedPass has been cracked
February 04, 2005
The popular radio-frequency ID system that is used to deter car thefts and as a convenience device for the purchase of gasoline can be defeated with low-cost technology, computer scientists from The Johns Hopkins University and RSA Laboratories have determined (see also previous report in SpyBlog and RFIDbuzz here).
Their findings, described in a new research paper, indicate that the encryption in RFID microchips in some newer car keys and wireless payment tags may not keep thieves at bay. Using a relatively inexpensive electronic device, criminals could wirelessly probe a car key tag or payment tag in close proximity, and then use the information obtained from the probe to crack the secret cryptographic key on the tag, the scientists said. By obtaining this key, lawbreakers could more easily circumvent the auto theft prevention system in that person's car or potentially charge their own gasoline purchases to the tag owner's account.
RFID Privacy Happenings: SpeedPass Is Cracked!
Graduate students at Johns Hopkins working with Avi Rubin, and Ari Juels and Michael Szydlo at RSA Laboratories, have posted an extended analysis of the Texas Instruments DST RFID used in both Mobil SpeedPass and in a variety of automotive anti-theft systems.
Apparently, the Digital Signature Transponder (DST) was based on a 40-bit cryptographic key and a 24-bit response. The website is a bit light on the "special-purpose cryptographic technique used to reconstruct the algorithm used in the DST tags," but apparently the overall system works.
- Press release: RFID Chips in Car Keys and Gas Pup Pay Tags Carry Security Risks: Thieves Could Exploit Encryption Vulnerabilities, Computer Scientists Warn
- Read the academic paper at rfid-analysis.org
Posted by andersja