Mobil SpeedPass, Various Car RFID Car Keys Cracked

← Back to Stories (view on slashdot.org)

Mobil SpeedPass, Various Car RFID Car Keys Cracked

Posted by ryuzaki0 on Sunday January 30, 2005 @04:36AM from the feeling-safe-yet dept.

44BSD writes "Crypto-enabled RFID products, including Mobil SpeedPass and various car keys, have been defeated utterly by Avi Rubin, et. al. Details are at rfidanalysis.org. An academic paper is also available."

13 of 240 comments (clear)

Min score:

Reason:

Sort:

Comment removed by account_deleted · 2005-01-30 04:43 · Score: 2, Interesting

Comment removed based on user account deletion
Illegal under DMCA? by Anonymous Coward · 2005-01-30 04:44 · Score: 3, Interesting

They apparently tested one of their devices at an actual Mobil station. Will the Ashcroft/Gonzales Army arrest these guys?
Re:Well... by tomhudson · 2005-01-30 04:45 · Score: 2, Interesting

The car keys aren't such a big deal, because you'd also need the key itself for the mechanical part of the lock.
Nope, I've started cars and trucks with nothing more than a big screwdriver and some pounding.
Pop the lock cylinder, insert screwdriver, turn, drive away.
Before the first time I had to do it, I could have sworn it was impossible to lose a key in 1" of fresh-fallen snow.
First author by sunhou · 2005-01-30 04:49 · Score: 2, Interesting

Why does the slashdot summary say the work was done by "Avi Rubin et.al." when Rubin was the 5th out of 6 authors on the paper? Why not say Steve Bono et. al., since he was the first author?
DON'T NEED A CAR KEY by Pipermalibu · 2005-01-30 04:55 · Score: 2, Interesting

"The car keys aren't such a big deal, because you'd also need the key itself for the mechanical part of the lock." Not true, one of my cars has a function called "Keyless Go", just have a credit card type device on you and the car unlocks and starts at the press of a button. I am not sure if it using RFID though. No information on that. But it is using a similar technology for sure
Re:Well... by tomhudson · 2005-01-30 04:59 · Score: 2, Interesting

The hardest one I ever cracked was a Chevy Astro (the doors are thick, solid, etc.,, there's an anti-slim-jim plate in the door).
Me: Where's the van. Bubba: Parked outside. Me: You locked it okay> Bubba: Yep. Me: Okay, where are the keys. Bubba: Umm ... in the van? Me: WTF?
Keys in van, van running, close to quitting time, and getting dark fast.
So, 1 big screw-driver, 2 wooden shims, 1 coat-hanger wire and some cursing later, I can turn the engine off.
The quickest;
Co-worker:I've locked my keys in the car. Can you break into it without scratching the paint? Me: Okay, give me a few minutes ... less than a minute later ... Me: Here's your keys Co-worker: How did you do it so fast Me: Your back doors were unlocked.
Always check for passenger door, back doors, a hatchback, trunk or sun-roof that are open ...
40 bit keys and complexity by cyberfunk2 · 2005-01-30 05:09 · Score: 2, Interesting

I'm wondering.. when the RFID chips get a signal from the reader (eg: a mobil speedpass challenge/response), the speedpass obviously has to do some computation on the limited RF energy that its been given, and then return the answer.

I know vaguely how CPUs do these sort of calculations, but how do you HARD wire a system to do that on so little energy ?

Do the energy requirements go up w/ keysize ? The complexity of the circuits?

Do these things have some sort of static flash ROM ?
40 bit Key? by Deathlizard · 2005-01-30 05:11 · Score: 2, Interesting

Seriously. Why would Mobil build and support an RFID system protected under a 40 bit key? I thought at the very least those speedpass systems had a 64 bit key.

I know that encryption isn't that important when true physical contact is involved (such as most credit cards, which have no encryption protection but are starting to get some with smartcards) but when it comes down to something that basicially broadcasts a credit card number, you would think that mobil would be a bit more concerned about it.

If I had a mobil speedpass I would be concerned, since a small device placed on top of a gas pump could easily passive eavesdrop on your speedpass and pass that information to would be criminals.

The car key, although just as disturbing, isn't as important to have a strong key since it would involve way too much work to basicially steal one car. To do it you would have to somehow read the signal from the key by bumping into the person leaving the car to active scan their rfid signal, (passive eavesdropping would not work well since it only sends the signal at startup when the person's going to be driving away) Decode it, and then use it to start the car once you bypass the physical key. It would be much easier and faster to steal a car without an immobilization system then to bypass it.

--
In Soviet Russia, Trojan exploits YOU!
1. Re:40 bit Key? by nolife · 2005-01-30 06:09 · Score: 2, Interesting
  
  I can not comment on the decision to use a 40 bit key but I will still carry and use my SpeedPass. You can only use the device at these gas stations and for the in store purchases. Not high dollar unless you fill a few diesel trucks. A thief has to be physically present in these stores to use the cloned ID. Basically, he/she is not online in Russia somewhere ordering plasma screens. A large shopping spree would consist of the person going from gas station to gas stations buying junk food and gas. Your credit card company and the SpeedPass system will refund any fradulent purchases you did not make and the thief does not have your actual credit card number or any personal information about you that would be useful for anything.
  In conclusion..
  When I compare convienence to security, the SpeedPass still wins. To compare, my standard credit card if taken or even sighted, has the number written right on it with no encryption for anyone to see, including the resturant personell or gas station attendant inside the store who will gladly take the card and swipe it for you. They can do much more with that then my SpeedPass that is tied to that same exact credit card.
  
  --
  Bad boys rape our young girls but Violet gives willingly.
Re:Mercedes electronic keys - a good design by EMIce · 2005-01-30 05:17 · Score: 2, Interesting

The car does support multiple keys, so there must be a lookup table mapping physical keys to one time keys in there somewhere. So the car knows who last used the car last. It could make an interesting plot point in an episode of CSI.
Toll passes? by Anonymous Coward · 2005-01-30 05:22 · Score: 2, Interesting

Here's my question: Will this apply to toll road "speed passes" too? Does this mean that someone can charge up my account driving around all the tollways broadcasting my id? That could be a huge problem when we don't find that out until the bill arrives... and no verification to enter to make sure it's you (that would defeat the purpose of the speed pass). And a whole lot of time and money to go back and fix that system!

Chris
http://www.freeminimacs.com/?r=14620338
Re:Sad. by ivan256 · 2005-01-30 05:22 · Score: 2, Interesting

This is not how things typically work in my experience. In fact, it's not uncommon to have professional security audits done, and entire engineering teems know exactly what the problems are. After that, though, one of two things happens. Either somebody in marketing decides that good security practices are going to put customers off the product, or somebody in management decides they're going to look bad if the product is delayed and decides not to implement the security recommendations. When all is said and done, the product ships with crippled security.

It would hardly matter that SpeedPass type devices or RF car keys were cracked if you also needed a PIN to use them... But where's the convienience in that.
Re:Dupe... by jswatz · 2005-01-30 15:18 · Score: 2, Interesting

Actually, the Times story, which I wrote, came out at the same time as the RFID report from Hopkins was revealed.

--
"speaking only for myself since 1957"