By Peter Weiss
A team of computer scientists has unraveled the codes of tiny radio devices that protect cars from theft and prevent fraudulent gasoline purchases.
The exercise in reverse engineering by researchers at Johns Hopkins University in Baltimore and RSA Laboratories in Bedford, Mass., shows that “an attacker with modest resources—just a few hundred dollars” of off-the-shelf equipment—can crack the codes of millions of car keys and the stubby wands that trigger the pumps at ExxonMobil gas stations, the team reports in a draft article posted Jan. 28 on the Internet (http://www.rfid-analysis.org/).
“There is a practical risk here,” says team member Ari Juels of RSA, the company that created an encryption technique used throughout the Internet.
The team has withheld from its article critical code-breaking details that could abet would-be hackers. The makers of products that rely on the security technology say that without those key specifics, criminals are unlikely to achieve what the Johns Hopkins-RSA team has.
“If you look at the kind of equipment and time needed by the researchers to break this, it’s not what would normally be considered an attractive theft opportunity,” claims J. Donald Turk of ExxonMobil in Fairfax, Va.
In any case, Juels says, the new study uncovers a preventable weakness in wireless security technologies, which are becoming more prevalent. “It’s very important to ensure that we get security right in wireless devices from the very start,” he says.
Led by Juels and Aviel D. Rubin of Johns Hopkins, the code crackers directed their attack specifically against a type of miniature radio transmitter-receiver, or transponder, made by Texas Instruments of Dallas. Inside the head of an ignition key, the transponder must convince the vehicle’s computer that it has the correct 40-bit code before fuel will flow to the engine. The transponders allow ExxonMobil customers to buy gas by merely waving the wands in front of the pumps on the company’s Speedpass system.
A typical cryptographic system contains two parts: a secret number, or key, and a procedure, or cipher, for validating the key without unveiling it. The rule among cryptographers, Juels says, is to use a big key—128 bits or more. That way, not even someone with access to the most powerful computers could test every possible key.
By using only 40 bits and relying on the cleverness of their cipher, the transponder designers went wrong, says Rubin. After breaking the cipher, which was a major challenge met by trial-and-error methods and cryptographic expertise, “we just tried all possible keys,” he says.
“This is a warning that you can’t take shortcuts on the design of these systems,” comments Internet-security specialist Steven M. Bellovin of Columbia University.