The Johns Hopkins researchers said that the RFID system they studied was designed to thwart car thieves and provide fast and convenient payments via safeguarded wireless transactions. The group found, however, that the TI tags were susceptible to attacks using mathematics and low-cost processors.
PEER 1 takes the complexity out of running your online business, so that you can focus on the possibilities. The ValuePro Managed Hosting Plan at just $299 is fully loaded to save you valuable time and resources. Learn more.
Technology researchers at Johns Hopkins University have found that radio frequency identification (RFID)
technologies used for automobile locks and easy-pay gasoline systems are sorely lacking in
protection, warning that opportunists could easily exploit the weakness for ill deeds.
The researchers, led by Avi Rubin, technical director of the Johns Hopkins Information Security Institute, cited poor encryption and inadequate protection from wireless hacking, which could allow access to automobiles or accounts that rely on the small, wireless-capable chips used for RFID.
The researchers claimed that the Texas Instruments (NYSE: TXN) system it cracked -- a low-power, radio frequency security system used worldwide by top car manufacturers and for more than 6 million key chain
tags used to purchase gasoline -- could allow easy access to tech-savvy thieves.
"I think this sets back vehicle security about a
decade," lead researcher Rubin told TechNewsWorld.
Ease of Use
The Johns Hopkins researchers said that the RFID
system they studied was designed to thwart car thieves
and provide fast and convenient payments
via safeguarded wireless transactions. The
group found, however, that the TI tags -- already in use around the
world -- were susceptible to attack using mathematics
and low-cost processors.
"Millions of tags that are currently in use by
consumers have an encryption function that can be
cracked without requiring direct contact," Rubin said
in a statement. "An attacker who cracks the secret key
in an RFID tag can then bypass security measures and
fool tag readers in cars or at gas stations."
The researchers said that they alerted TI and
demonstrated the security breach to the company, which
is among a number of different RFID system makers.
The Hopkins researchers, who teamed with RSA Security (Nasdaq: RSAS)
on the study, are putting other RFID systems to the test, Rubin said.
Early Disclosure
Ari Juels, RSA Laboratories principal research scientist, told TechNewsWorld the research was intended to
head off more widespread distribution of the faulty RFID technology.
"Our aim is to uncover weaknesses like this in RFID
devices before it becomes widespread and costly,"
Juels said. "This points to the importance of
implementing good security from the get-go."
While the research does not
indicate a general security problem with RFID, Juels said,
additional research is expected to reveal more
vulnerabilities.
"We are looking at other systems and there are
other RFID devices in widespread use that we believe
may have security weaknesses," Juels said.
Hardening RFID
RFID systems are being rapidly deployed in manufacturing and
distribution, with companies such as Wal-Mart requiring
the technology from suppliers.
Juels said the researchers are still assessing the parameters of the RFID weakness, indicating that factors
such as wireless range and other circumstances have yet to be investigated.
Jules said Texas Instruments, for example, was on
the right track by including encryption in its RFID
solution, but needed to harden it further.
"In cars as in commerce, RFID is becoming a
linchpin for security in day-to-day life," he said in
a statement. "It is important that RFID devices offer
a level of security commensurate with the value of the
assets they protect."
system it cracked -- a low-power, radio frequency security system used worldwide by top car manufacturers and for more than 6 million key chain
tags used to purchase gasoline -- could allow easy access to tech-savvy thieves.
Talkback: 
