Copyright: 1996 - 2024
BSEE - KB3UON
RF Cafe began life in 1996 as "RF Tools" in an AOL screen name web space totaling
2 MB. Its primary purpose was to provide me with ready access to commonly needed
formulas and reference material while performing my work as an RF system and circuit
design engineer. The World Wide Web (Internet) was largely an unknown entity at
the time and bandwidth was a scarce commodity. Dial-up modems blazed along at 14.4 kbps
while typing up your telephone line, and a nice lady's voice announced "You've Got
Mail" when a new message arrived...
All trademarks, copyrights, patents, and other rights of ownership to images
and text used on the RF Cafe website are hereby acknowledged.
My Hobby Website:
RFID. Or Not.
Security issues frequently appear
in the news regarding interception of Wireless Local Area Network (WLAN)
and Bluetooth device traffic, and each time they do, engineers get busy
trying to plug the newly revealed holes. As with the Windows™ operating
system, most of the effort tends to be reactive rather than proactive;
resources are just too scarce and expensive to act otherwise. Also as
with Windows™ most of the effort on the part of the miscreants tends
to be directed toward the most popular, and therefore the most likely
to receive ample news coverage. Attacks on the MAC OS or Linux just
does not create enough of a media frenzy to make the work involved worthwhile.
Radio Frequency Identification Devices (RFID) are sort of in that
MAC OS and Linux category in the wireless data theft business. That
is not to say there is no reason for concern. Once confined to uses
in commercial shipping and maybe pet recovery implants, RFID is appearing
in more and more every-day products. Wal-Mart famously announced a plan
to incorporate RFID product price scanning in all their stores, both
as a convenience to the shopper and as a means to more tightly track
inventory and, yes, customers. Car and truck keys have had embedded
RFID chips for many years now as a theft-prevention feature (Ford recently
charged me $65 for a single duplicate), as well as some forms of credit/debit
cards, and specially-designed access implements. Those last items, and
other personal items like them, are what you should begin worrying about.
A team of computer scientists Johns Hopkins University in Baltimore
and RSA Laboratories in Bedford, MA, has successfully deciphered the
codes of RFID-equipped keys that protect cars from theft and cards meant
to prevent fraudulent gasoline purchases. They demonstrated that "an
attacker with modest resources—just a few hundred dollars" of off-the-shelf
equipment could pull off the crime. The stubby wands that trigger
the pumps at ExxonMobil gas stations are particularly vulnerable according
to a report at
www.rfid-analysis.org. Inside the head of an ignition key, the transponder
must convince the vehicle's computer that it has the correct 40-bit
code before fuel will flow to the engine. The transponders allow ExxonMobil
customers to buy gas by waving the wand in front of the pumps that use
the Speedpass system.
While details of the code-breaking technique
and the results are not divulged, the information casts doubts on the
usefulness of the Texas Instruments (TI) RFID chip used in the anti-theft
keys and the gas pump wands. The researchers assert, "It's very important
to ensure that we get security right in wireless devices from the very
start," and insist the theft is preventable by using a larger number
of bits. They suggest the de facto standard of 128 bits. Surely such
notoriety has gotten the attention of TI by now.
As can be seen
in the pictures on the website, codes were ascertained merely by trying
every possible code until the correct one is found. Intercepting the
code is as simple as standing or sitting next to a person carrying the
RFID implement long enough to run through as many code tries as necessary.
The next time you are sitting in an airport with someone typing busily
away on his laptop, he might just be stealing your SUV key code or preparing
for a few free trips to the gas station on your account. Now, 2^40 is
a pretty big number, and a lot of trials, but it does not take all that
long for a computer to crank through them. Besides, there's a 50-50
chance that the thief will only have to try 2^39 of them.