Weak Encryption Threatens RFID Security

Filed in archive Tags and Readers on March 22, 2005

A group of academics and researchers have cracked the cryptographic security on the Texas Instruments Digital Signature Transponder. They spoofed the security systems and were able to jack cars and fill up the tanks with gas:

"With a little bit of technical acumen and a few hundred dollars, enterprising thieves can walk away with some late model cars and gas them up for free to boot, according to research published by computer security experts at The Johns Hopkins University (JHU) in Baltimore and RSA Security's RSA Laboratories in Bedford, Massachusetts.

In January, the researchers published the results of a technical analysis of a kind of secure RFID (radio frequency identification) technology called Digital Signature Transponder (DST) from Texas Instruments (TI), which is widely used to secure newer-generation automobiles and electronic payment systems like Exxon Mobil's Speedpass. The work revealed serious weaknesses in the cryptographic security used to protect data sent back and forth, and shines a light on the problem of security systems that rely on aging or inadequate cryptography, according to experts."

Go here for the Web page outlining the results of these hacking attempts. There are some videos showing the hacking (hmmm, I wonder how many crooks are watching them) and, more importantly, some suggested fixes.

Hat tip to Live Ammo Security News.