Researchers were able to crack car alarm systems based on RDIF making it simple for criminals to steal your car or get free gas.
Reuters provides a good overview of the study:
“The radio-frequency ID, or RFID, system uses a relatively simple code that criminals can easily decipher, making it easier to steal a car or get a free tankful of gasoline, the team at Johns Hopkins University in Baltimore and RSA Laboratories said.
“We’ve found that the security measures built into these devices are inadequate,” said Avi Rubin, technical director of the Johns Hopkins Information Security Institute.
“Millions of tags that are currently in use by consumers have an encryption function that can be cracked without requiring direct contact. An attacker who cracks the secret key in an RFID tag can then bypass security measures and fool tag readers in cars or at gas stations,” Rubin said in a statement.”
The NY Times adds:
” Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind “immobilizer” systems from Texas Instruments Inc. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in millions of Fords, Toyotas and Nissans.
All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it.
An executive with the Texas Instruments division that makes the systems did not dispute that the Hopkins team had cracked its code, but said there was much more to stealing a car than that. The devices, said the executive, Tony Sabetti, “have been fraud-free and are likely to remain fraud-free.”
The implications of the Hopkins finding go beyond stealing cars.
Variations on the technology used in the chips, known as RFID for radio frequency identification, are widely used. Similar systems deduct highway tolls from drivers’ accounts and restrict access to workplaces.”
Murdok | Breaking eBusiness News
Your source for investigative ebusiness reporting and breaking news.
