RFID crack raises spectre of weak encryption

A recent hack of RFID technology from Texas Instruments raises questions about the security of some consumer services.

With a little bit of technical acumen and a few hundred dollars, enterprising thieves can walk away with some late model cars and gas them up for free to boot, according to research published by computer security experts at The Johns Hopkins University (JHU) in Baltimore and RSA Security's RSA Laboratories in Bedford, Massachusetts.

In January, the researchers published the results of a technical analysis of a kind of secure RFID (radio frequency identification) technology called Digital Signature Transponder (DST) from Texas Instruments (TI), which is widely used to secure newer-generation automobiles and electronic payment systems like Exxon Mobil's Speedpass. The work revealed serious weaknesses in the cryptographic security used to protect data sent back and forth, and shines a light on the problem of security systems that rely on aging or inadequate cryptography, according to experts.

The team of researchers included staff from JHU's Information Security Institute, including Avi Rubin, the computer security expert who gained fame for his analysis of flawed electronic voting technology from Diebold Inc.

Rubin and a team of three graduate students, along with cryptography experts from RSA, used reverse engineering techniques and custom-designed tools to crack the cryptographic keys used to secure the systems and simulate both the RFID DST tags and readers. The hack allowed researchers to disable a vehicle immobilizer in a 2005 Ford automobile using a specially-equipped laptop computer, and purchase gas at a number of Exxon Mobil locations with a home-made Speedpass device, according to a copy of their findings, which was posted online. (See: http://rfidanalysis.org/.)

The TI technology is vulnerable to attack because it uses a decade-old, 40-bit cryptographic key to encrypt communications between the RFID DST tags and readers, the researchers found. TI also used an unknown and proprietary encryption algorithm on its DST devices, but Rubin's team reverse-engineered the secret algorithm by observing the way DST tags responded to specially-crafted challenges. Once they guessed the algorithm, researchers created a software program that could be used in so-called brute-force attacks on DST devices to recover their secret cryptographic keys, Rubin said.

The researchers worked for two months to break the TI algorithm, but once it was cracked, they made short work of the rest of TI's product, designing tools that guessed the encryption keys on five TI gas Speedpasses in two hours, Rubin said.

Other commercial security systems also use the DST technology, including cardkey access systems for buildings and livestock tracking products, he said.

But Tony Sabetti, global business manager for TI's RFID Systems, said that Rubin's team only broke one element of the system's security, and that successful thieves would need to defeat more security features to carry out a crime. For example, even crooks who could disable the vehicle immobilization feature would still have to find a way to start the car. And, for the Speedpass payment system, TI has other security features in place to stop fraudulent purchases, which the company cannot discuss, he said.

Sabetti said that TI does sell updated versions of the RFID technology that uses more advanced, 128-bit encryption algorithms. TI will also begin ramping up production of the 128-bit RFID chips, which have been available since 2003, the company said in a statement.

But Sabetti questioned whether the older technology is even seriously at risk.

"(JHU's) methods are wildly beyond the reach of most researchers," he said. "JHU is not painting an accurate picture of the risk for consumers. We recommend that customers apply the level of security they need for the application, and we're vigilant in making sure the systems are secure. I don't see any reason to change this approach," Sabetti said.

TI also said it would be difficult for attackers to read RFID tags so that they could then clone them, or intercept communications, noting that the equipment Rubin's team designed to do just that was "complex, expensive and cumbersome."

"When you're talking about snooping (RFID) transactions out of someone's pocket, one would have to ask 'What are the odds of that?'" Sabetti said.

But Rubin said that motivated thieves, such as organized crime groups, could have the desire and resources to carry out similar attacks, and noting that his group did simulate (and video tape) a successful attack in which the signal from an RFID Speedpass was captured. Assuming that the technology is too hard to crack is a mistake, he said.

"People build systems and underestimate what an attacker could do to take advantage of (them)," he said.

Unlike voting machine maker Diebold, Rubin said that TI paid attention to security when it designed the DST system, but that the product needs to be updated with stronger encryption, or an alternative system for authenticating users. The JHU hack also calls attention to a more widespread lack of security in consumer software and other products, he said.

"There are a lot of consumer products out there that don't have adequate security," he said.

Bruce Schneier, of CounterPane Internet Security Inc., agreed, saying that it's common for consumer systems to have inadequate security.

"The number of lousy encryption systems out there is amazing...even to me," he wrote in an e-mail.

Still, companies must weigh the cost of implementing stronger security against the cost of fraud, Schneier said.

"If a company is losing US$1 million a year to fraud, and fixing the security costs US$2 million a year, then it would be foolish for it to fix the system," he said.

However, the question of adequate versus inadequate security on systems like Speedpass and auto antitheft devices becomes more complicated when consumers, not companies, pay the cost of fraud.

"My worry is when a company implements poor security, and then the users suffer losses because of it.," Schneier said. "If TI's customers are losing money because of bad TI security, then TI has both a moral and legal obligation to either inform its customers or fix the system."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?