Weak Encryption Threatens RFID Security
Filed in archive Tags and Readers on March 22, 2005
A group of academics and researchers have cracked the cryptographic security on the Texas Instruments Digital Signature Transponder. They spoofed the security systems and were able to jack cars and fill up the tanks with gas:
"With a little bit of technical acumen and a few hundred dollars, enterprising thieves can walk away with some late model cars and gas them up for free to boot, according to research published by computer security experts at The Johns Hopkins University (JHU) in Baltimore and RSA Security's RSA Laboratories in Bedford, Massachusetts.
In January, the researchers published the results of a technical analysis of a kind of secure RFID (radio frequency identification) technology called Digital Signature Transponder (DST) from Texas Instruments (TI), which is widely used to secure newer-generation automobiles and electronic payment systems like Exxon Mobil's Speedpass. The work revealed serious weaknesses in the cryptographic security used to protect data sent back and forth, and shines a light on the problem of security systems that rely on aging or inadequate cryptography, according to experts."
Go here for the Web page outlining the results of these hacking attempts. There are some videos showing the hacking (hmmm, I wonder how many crooks are watching them) and, more importantly, some suggested fixes.
Hat tip to Live Ammo Security News.
Permalink: Weak Encryption Threatens RFID Security
Tags: rfid security threatens weak encryption rfid+security threatens+rfid weak+encryption
Vote for Weak Encryption Threatens RFID Security:
|
Rating: 7.00 out of 4 vote(s) cast.
|
Response from:
/pd
(03/23/05 4:34pm)
Response from:
AMTS
(10/16/05 2:25am)
How difficult would it be for an expert computer programmer to reverse engineer an RFID chip containing a processor that uses a cryptographic algorithm to generate a 64-bit serial number....and then clone that RFID chip and use it to access an area requiring that chip to interact with a transponder?
Most Popular
Best of
Case Studies
Companies
Contactless Payment Systems
contest
Did you know
EPC Standards
Healthcare
Implementation
Information About
Interviews
Libraries
Market Size
Misc
Near Field Communication
Patents
Privacy and Security
Quick introduction
Report
Retail


http://peterdawson.typepad.com/scmv20/2005/01/rfid_hacks.html