|
 |
| Technology experts at Johns Hopkins
University and RSA Laboratories have found that radio frequency
identification (RFID) technologies used for automobile locks and easy-pay
gasoline systems are sorely lacking in protection, warning that
opportunists could easily exploit the weakness for ill deeds. (Photo:
Yahoo) | ¡¡BEIJING, Feb. 1 (Xinhuanet) -- Technology experts at
Johns Hopkins University and RSA Laboratories have found that radio frequency
identification (RFID) technologies used for automobile locks and easy-pay
gasoline systems are sorely lacking in protection, warning that opportunists
could easily exploit the weakness for ill deeds.
The researchers, led by Avi Rubin, technical director
of the Johns Hopkins Information Security Institute, cited poor encryption and
inadequate protection from wireless hacking, which could allow access to
automobiles or accounts that rely on the small, wireless-capable chips used for
RFID.
"Millions of tags that are currently in use by
consumers have an encryption function that can be cracked without requiring
direct contact. An attacker who cracks the secret key in an RFID tag can then
bypass security measures and fool tag readers in cars or at gas stations," Rubin
said in a statement.
Made by Texas Instruments Inc., the RFID system
studied for the report uses a device that prevents a car from starting unless
both the right key and the correctly coded RFID chip are used. "The devices have
been credited with significant reductions in auto theft rates, as much as 90%,"
the researchers wrote. They cited TI, which had been told about the problem, as
saying that it had received no reports of thefts due to the vulnerability.
The fuel-purchase system uses a reader inside the gas
pump that recognizes a key-chain tag waved nearby and automatically charges a
designated credit card.
More than 150 million of the TI transponders are
embedded in keys for newer vehicles built by at least three leading makers and
in more than 6 million key-chain gas tags, the researchers said.
The problem is that the mathematical key used to code
the verification system is too short, the experts said.
We stole our own car, and we bought gas stealing from our
own credit card,¡± said Avi Rubin, a professor of computer science at Johns
Hopkins who led the research team.
Texas Instruments was recently given demonstrations
of the team¡¯s code cracking capabilities, but the company maintains its system
is secure.
Tony Sabetti, a business manager with Texas
Instruments, said the hardware used to crack the codes was cumbersome, expensive
and not practical for common thieves.
¡°I think the way in which it¡¯s presented as being
inexpensive to do and quick and all the rest of that is an exaggeration,¡±
Sabetti said.
¡°And because of that, we believe the technology still
is extremely secure for the applications that it¡¯s used in.¡±
But Rubin said the code-breaking demonstrations
illustrate that developers did not pay enough attention to security.
¡°I think the implications are that it sets us back
about 10 years ago where we were with car security,¡± Rubin said.
In the seven years the technology had been in use,
Texas Instruments had never had a reported incident where a car had been stolen
or a gasoline-purchasing tag had been duplicated, company spokesman Bill Allen
said.
The Johns Hopkins team, which was funded by Bedford,
Massachusetts-based RSA Security Inc., recommended distributing free metallic
sheaths to cover the radio frequency devices when they are not being used.
(Agencies) | 
Breaking
News 
