Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mobil SpeedPass, Various Car RFID Car Keys Cracked

Posted by ryuzaki0 on from the feeling-safe-yet dept.

44BSD writes "Crypto-enabled RFID products, including Mobil SpeedPass and various car keys, have been defeated utterly by Avi Rubin, et. al. Details are at rfidanalysis.org. An academic paper is also available."

10 of 240 comments (clear)

  1. Well... by Anonymous Coward · · Score: 3, Insightful

    The car keys aren't such a big deal, because you'd also need the key itself for the mechanical part of the lock. The speedpass IS a big deal, because it's single-factor authentication, and people could go around charging gas to your account.

  2. Sad. by WindBourne · · Score: 2, Insightful

    These companies take a bunch of average coders and then ask them to create a secure program/toy/whatever. They almost certainly do not get true expert help. Then lo and behold, it gets cracked. And I am willing to bet that top ppl are surprised.

    --
    I prefer the "u" in honour as it seems to be missing these days.
    1. Re:Sad. by tomhudson · · Score: 3, Insightful
      The real reason is because anyone with brains will ask "What's wrong with the current system?"

      Speedpasses are not there for the benefit of the consumer, any more than the uscan at the supermarket.

      There's a debatable benefit for the key bugs for your car ignition - debatable because anyone can still steal/strip your car, and it gives people a false sense of security, as well as adding another layer to "what can go wrong now"...

      Speaking of which - Pontiac anti-theft radios. Leave your headlights on overnight, and you can't get a jump-start, because you have to re-code the radio first. Try that at -30 (and no, it wasn't me).

    2. Re:Sad. by plover · · Score: 2, Insightful
      The grandparent poster is correct, though, in that SpeedPass wasn't first designed to make your life easier: that's a byproduct of how the system works. I believe SpeedPass was first designed as a replacement for insecure, easy-to-forge credit cards. But being different, it turned into a marketing tool; something that made Mobil "more cool" than Amoco. Finally, speeding up the transaction at the pumps didn't hurt them any. But it really doesn't gain them any financial benefit except in terms of marketing.

      Replacing the existing mag stripe system is very important. Credit card theft losses today involve absolutely staggering amounts. Forging credit cards is almost child's play (or it would be if I were a child :-) There are professional crime rings that collect mag swipe data from dishonest restaurant employees, for example. And gas pumps are the perfect victim for forged cards. With no human to validate the little foil dove on the Visa card, any chunk of plastic with a mag stripe will do the trick.

      RFID was sold to Mobil as "difficult to forge." (Actually, it was probably sold as "impossible to forge", but that's sales lingo.) This is just the first public demonstration of a counter example.

      By the way, regarding time spent in lines: given a choice at Home Depot, I evaluate the lines this way: my first choice is self-checkout ONLY if no one's ahead of me; second choice, a cashier who knows what they're doing; and my dead-last choice is self-checkout waiting behind four idiots who collectively can't figure out how to put their barcodes under the lasers.

      --
      John
  3. Bye-Bye Karma by rel4x · · Score: 5, Insightful

    I'm probably going to get modded into oblivion for saying this.... But why don't people just not read dupes? I mean, it's not really hurting you that it's there...and some of us didn't see the first one, but see the second one. It just doesn't seem worth complaining over.

    --

    Before you mod me funny, think, perhaps I was insightfully funny?
  4. Re:CmdrTaco Cracked, Various Slashdot Editors Dupe by springbox · · Score: 5, Insightful

    This story is similar to the car key RFID system being cracked but if you look carefully the content is actually different and provides a more technical perspective to the situation. The other one was fluff compared to this. People here need to stop being so nit-picky because I find that most of these "duplicated" articles are informative and contain interesting content that I would have not seen otherwise.

  5. Re:CmdrTaco Cracked, Various Slashdot Editors Dupe by Anonymous Coward · · Score: 1, Insightful

    Oh shut up. It's the same story. If you had actually read the original, you would've found your way to the same information.

    It's a dupe. CmdrTaco doesn't the his own website and he ignores people that pay for it.

  6. Re:CmdrTaco Cracked, Various Slashdot Editors Dupe by elmegil · · Score: 1, Insightful
    The other one was fluff compared to this.

    Maybe if the editors were doing their JOBS that they get PAID FOR, they'd have recognized this fact and only let one story through--the one that would best meet the expectations of their audience.

    Oh wait, we don't have any expectations, because they behave like morons 90% of the time.

    --
    7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
  7. Re:Thing is... by NeoSkandranon · · Score: 2, Insightful

    Alarms are far less security than you might think. Picture an apartment complex or a college dorm parking lot. Lots of riced up civics and chunky tired jeeps with alarms that go off if you *fart* next to the car.

    After about a month of alarms going off in the dead of night, no one bats an eye at hearing one anymore.

    --
    If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
  8. Re:True enough... by |<amikaze · · Score: 2, Insightful


    But... if the brake light isn't on... there won't be any power flowing to it.