Security Analysis of a Cryptographically-Enabled RFID Device is the bland-sounding title of an article describing how to crack the security behind the Speedpass payment system, and some of those RFID-based immobilizer key fobs used by auto makers. The article caught my attention because I’m a user of both devices.
The authors describe some of the steps they followed to reverse engineer the codes. They attribute the weakness of the architecture to the use of (far-too-short) 40-bit keys, and describe some steps end users can follow to improve security slightly…e.g. wrap the transponder in aluminum foil when not in use.
The authors also have an article with videos detailing their approach, including how to read an RFID tag while its still in the victim’s pocket:
Funny … transponder sniffing, and its concomitant countermeasure of wrapping the key in tin foil, are not mentioned in Edmund’s article:- “Top 10 Ways to Steal a Car (and how to defend against them) “.
Related posts:
{ 2 comments… read them below or add one }
Aluminum foil sure has a lot of uses…still not nearly as many as duct tape, though.
I’m not surprised Edmund doesn’t mention tin foil. It doesn’t sound like something a lot of people would take seriously.