Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mobil SpeedPass, Various Car RFID Car Keys Cracked

Posted by ryuzaki0 on from the feeling-safe-yet dept.

44BSD writes "Crypto-enabled RFID products, including Mobil SpeedPass and various car keys, have been defeated utterly by Avi Rubin, et. al. Details are at rfidanalysis.org. An academic paper is also available."

8 of 240 comments (clear)

  1. Well... by Anonymous Coward · · Score: 3, Insightful

    The car keys aren't such a big deal, because you'd also need the key itself for the mechanical part of the lock. The speedpass IS a big deal, because it's single-factor authentication, and people could go around charging gas to your account.

  2. Sad. by WindBourne · · Score: 2, Insightful

    These companies take a bunch of average coders and then ask them to create a secure program/toy/whatever. They almost certainly do not get true expert help. Then lo and behold, it gets cracked. And I am willing to bet that top ppl are surprised.

    --
    I prefer the "u" in honour as it seems to be missing these days.
    1. Re:Sad. by tomhudson · · Score: 3, Insightful
      The real reason is because anyone with brains will ask "What's wrong with the current system?"

      Speedpasses are not there for the benefit of the consumer, any more than the uscan at the supermarket.

      There's a debatable benefit for the key bugs for your car ignition - debatable because anyone can still steal/strip your car, and it gives people a false sense of security, as well as adding another layer to "what can go wrong now"...

      Speaking of which - Pontiac anti-theft radios. Leave your headlights on overnight, and you can't get a jump-start, because you have to re-code the radio first. Try that at -30 (and no, it wasn't me).

    2. Re:Sad. by plover · · Score: 2, Insightful
      The grandparent poster is correct, though, in that SpeedPass wasn't first designed to make your life easier: that's a byproduct of how the system works. I believe SpeedPass was first designed as a replacement for insecure, easy-to-forge credit cards. But being different, it turned into a marketing tool; something that made Mobil "more cool" than Amoco. Finally, speeding up the transaction at the pumps didn't hurt them any. But it really doesn't gain them any financial benefit except in terms of marketing.

      Replacing the existing mag stripe system is very important. Credit card theft losses today involve absolutely staggering amounts. Forging credit cards is almost child's play (or it would be if I were a child :-) There are professional crime rings that collect mag swipe data from dishonest restaurant employees, for example. And gas pumps are the perfect victim for forged cards. With no human to validate the little foil dove on the Visa card, any chunk of plastic with a mag stripe will do the trick.

      RFID was sold to Mobil as "difficult to forge." (Actually, it was probably sold as "impossible to forge", but that's sales lingo.) This is just the first public demonstration of a counter example.

      By the way, regarding time spent in lines: given a choice at Home Depot, I evaluate the lines this way: my first choice is self-checkout ONLY if no one's ahead of me; second choice, a cashier who knows what they're doing; and my dead-last choice is self-checkout waiting behind four idiots who collectively can't figure out how to put their barcodes under the lasers.

      --
      John
  3. Bye-Bye Karma by rel4x · · Score: 5, Insightful

    I'm probably going to get modded into oblivion for saying this.... But why don't people just not read dupes? I mean, it's not really hurting you that it's there...and some of us didn't see the first one, but see the second one. It just doesn't seem worth complaining over.

    --

    Before you mod me funny, think, perhaps I was insightfully funny?
  4. Re:CmdrTaco Cracked, Various Slashdot Editors Dupe by springbox · · Score: 5, Insightful

    This story is similar to the car key RFID system being cracked but if you look carefully the content is actually different and provides a more technical perspective to the situation. The other one was fluff compared to this. People here need to stop being so nit-picky because I find that most of these "duplicated" articles are informative and contain interesting content that I would have not seen otherwise.

  5. Re:Thing is... by NeoSkandranon · · Score: 2, Insightful

    Alarms are far less security than you might think. Picture an apartment complex or a college dorm parking lot. Lots of riced up civics and chunky tired jeeps with alarms that go off if you *fart* next to the car.

    After about a month of alarms going off in the dead of night, no one bats an eye at hearing one anymore.

    --
    If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
  6. Re:True enough... by |<amikaze · · Score: 2, Insightful


    But... if the brake light isn't on... there won't be any power flowing to it.