p2pnet - rss feed: Vehicle security chips cracked
p2pnet.net News:- Bad news for car makers – and others using some kinds of RFID (radio frequency identification ) technologies, sometimes called Spy Chips.
A Johns Hopkins University hacker team has cracked Texas Instruments “immobilizer” systems used by millions of of Fords, Toyotas and Nissans.
The cars won’t start unless their systems recognize a RFID chip in authorized keys.
“More than 150 million of the Texas Instruments transponders are embedded in keys for newer vehicles built by at least three leading makers, and in more than 6 million key-chain gas tags, the researchers said,” according to a CNN Money story.
Linked 16 chips
“The problem is that the mathematical key used to code the verification system is too short, they said. They bought a commercial microchip costing less than $200 and programmed it to find the key for a gasoline-purchase tag. They linked 16 such chips together and cracked the key in about 15 minutes.”
“All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it,” says the New York Times, going on:
The Texas Instruments division that makes the systems didn’t dispute that the Hopkins team had cracked its code, “but said there was much more to stealing a car than that,” states the NYT. “The devices, said the executive, Tony Sabetti, ‘have been fraud-free and are likely to remain fraud-free’.”
But as the story points out, the implications go beyond stealing cars because the technology chips used, for example, by systems which deduct highway tolls from drivers’ accounts and restrict access to workplaces.
“Wal-Mart is using the technology to track inventory, the Food and Drug Administration is considering it to foil drug counterfeiting, and the medical school at the University of California, Los Angeles, plans to implant chips in cadavers to curtail unauthorized sale of body parts.”
In short, “The Johns Hopkins researchers say that if other radio frequency ID systems are vulnerable, the new field could offer far less security than its proponents promise,” says the story.
David Wagner, an assistant professor of computer science at the University of California, Berkeley reviewed a draft of a paper by the Hopkins team and calls it an “early warning for all radio frequency ID systems”.
The TI riff chips are also used in millions of the Speedpass tags so drivers can buy gasoline at ExxonMobil stations without pulling out a credit card, “and the researchers have shown that they can buy gas with a cracked code,” says the author of the story, John Schwartz, quoting an ExxonMobil spokeswoman as saying”We strongly believe that the Speedpass devices and the checks that we have in place are much more secure than those using credit cards with magnetic stripes.”
Dr Aviel D. Rubin, who led the Johns Hopkins team, said people could protect their keys – or Speedpass tokens – safe by wrapping them in tinfoil.
But Texas Instruments executive Tony Sabetti said, “It’s a solution to a problem that doesn’t exist.”
The RFID system the Johns Hopkins team used is called a Digital Signature Transponder, and is distinct from the Electronic Product Code used by retailers and pharmacies for inventory control, says CNN Money.
‘Most important infrastructure enhancements’
America’s Homeland Security department plans to test RFID tags at US borders, says InformationWeek.
“As part of the project, visitors entering the country will be issued RFID tags that will track their comings and goings at border crossings, according to the Department of Homeland Security,” it states.
“Initially, the government will test RFID tags at a simulated port this spring. After that, the government will test the technology at border crossings in Arizona, New York, and Washington state from the end of July through spring 2006.”
Asa Hutchinson, Homeland Security undersecretary for border and transportation security, said, “Through the use of radio-frequency technology, we see the potential to not only improve the security of our country, but also to make the most important infrastructure enhancements to the U.S. land borders in more than 50 years,” according to InformationWeek.
And RFID chips don’t just have to be ‘on’. They can also be ‘in’.
Mexican attorney general Rafael Macedo de la Concha and the 200 people working in his office, for example, all have tiny electronic VeriChip spy transmitters buried in their arms to “help resolve serious security issues in Mexico”.
Something you think we should know? tips[at]p2pnet.net
===================
See:-
15 minutes - Popular car safety devices easily hacked, CNNÂ Money, January 31, 2005
hot-wire it - Graduate Cryptographers Unlock Code of ‘Thiefproof’ Car Key, New York Times, January 31, 2005
US borders - Homeland Security To Test RFID Tags At U.S. Borders, January 25, 2005
security issues - Spy chip health hazards, p2pnet, October 22, 2004
