Sunday, January 30, 2005

Students crack RFID security

The New York Times is reporting that a group of researchers have managed to crack the most prevalent impelementation of RFID as a security device. They can read your chip/card while standing next to you in the elevator, crack the keys and, less than an hour later, replicate your chip or card.

While the threat remains theoretical, this has significant repurcussions for owners of vehicles that use RFID immobilizers, pay-at-the-pump systems and facilities that use RFID access cards. See: The New York Times > Science > Students Find Hole in Car Security Systems. See also a discussion at Slashdot: Slashdot Mobil SpeedPass, Various Car RFID Car Keys Cracked

Update: The full articled on how it was done is available here:

"The Texas Instruments DST tag is a cryptographically enabled RFID transponder used in several wide-scale systems including vehicle imobilizers and the ExxonMobil SpeedPass system. This page serves as an overview of our successful attacks on DST enabled systems. A preliminary version of the full academic paper describing our attacks in detail is also available below. "

No comments: