Auto, Gas Security Chips Vulnerable, Study Finds

R.A. Hettinga rah at
Sun Jan 30 07:51:15 PST 2005



Auto, Gas Security Chips Vulnerable, Study Finds
 Sat Jan 29, 2005 08:00 PM ET

 WASHINGTON (Reuters) - Tiny radio-transmitter chips that make possible
high-security car keys and swipe-by gasoline passes can be cracked using
cheap technology, U.S. computer experts said on Saturday.

 The radio-frequency ID, or RFID, system uses a relatively simple code that
criminals can easily decipher, making it easier to steal a car or get a
free tankful of gasoline, the team at Johns Hopkins University in Baltimore
and RSA Laboratories said.

 "We've found that the security measures built into these devices are
inadequate," said Avi Rubin, technical director of the Johns Hopkins
Information Security Institute.

 "Millions of tags that are currently in use by consumers have an
encryption function that can be cracked without requiring direct contact.
An attacker who cracks the secret key in an RFID tag can then bypass
security measures and fool tag readers in cars or at gas stations," Rubin
said in a statement.

 Made by Texas Instruments (TXN.N: Quote, Profile, Research) , the RFID
system studied for the report uses a device that prevents a car from
starting unless both the right key and the correctly coded RFID chip are

 "The devices have been credited with significant reductions in auto theft
rates, as much as 90 percent," the researchers wrote. They cited Texas
Instruments, which had been told about the problem, as saying the company
had received no reports of thefts due to the vulnerability.

 The fuel-purchase system uses a reader inside the gas pump that recognizes
a key-chain tag waved nearby and automatically charges a designated credit

 More than 150 million of the Texas Instruments transponders are embedded
in keys for newer vehicles built by at least three leading makers, and in
more than 6 million key-chain gas tags, the researchers said.

 The problem is that the mathematical key used to code the verification
system is too short, they said.

 They bought a commercial microchip costing less than $200 and programmed
it to find the key for a gasoline-purchase tag. They linked 16 such chips
together and cracked the key in about 15 minutes.

 The researchers said a metal sheath could help prevent the problem. Texas
Instruments representatives were unavailable for comment.

 The RFID system they used is called a Digital Signature Transponder, and
is distinct from the Electronic Product Code used by retailers and
pharmacies for inventory control.

 RSA Laboratories, based in Bedford, Massachusetts, is a division of RSA
Security (RSAS.O: Quote, Profile, Research).
R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list