Sunday, January 30, 2005

Car security code cracked by Hopkins researchers

from the AP:

A research team at Johns Hopkins University said it discovered that the "immobilizer" security system developed by Texas Instruments could be cracked using a "relatively inexpensive electronic device" that acquires information hidden in the microchips that make the system work.

The radio-frequency security system being used in more than 150 million new Fords, Toyotas and Nissans involves a transponder chip embedded in the key and a reader inside the car. If the reader does not recognize the transponder, the car will not start, even if the key inserted in the ignition is the correct one.

It's similar to the new gasoline purchase system in which a reader inside the gas pump is able to recognize a small key-chain tag when the tag is waved in front of it. The transaction is then charged to the tag owner's credit card.

Researchers said they were able to crack that code, too.

"We stole our own car, and we bought gas stealing from our own credit card," said Avi Rubin, a professor of computer science at Johns Hopkins who led the research team.

This is in the area of RFID technology. The Digital Signature wedge transponder is an authenticating device using a challenge/response (uni-directional) encryption method which makes the transponder response highly secure. Other features include a fixed, unique read-only code and optional password protection. The device is ideally suited for applications which demand the most secure authentication techniques in the smallest available package (such as vehicle immobilizers and locks).

Integrated Solutions wrote:

The rapid deployment of RFID (radio frequency identification) technology remains mired in a sea of standards and high-priced hardware. Yet, its few existing applications have already created a public perception that this technology is ubiquitous. Point of sale transactions, automatic toll collectors, and animal tracking are all examples of well-known RFID applications.

Recently, Ford and Toyota incorporated RFID into the security systems of select new vehicles. Now, thousands of new car and truck owners rely on this technology to disable their vehicles in the case of a theft attempt. This security process is accomplished by embedding RFID chips and antennas into a vehicle's ignition system and the owner's key fob. The chip in the fob sends a signal to the antenna in the steering column allowing the vehicle to be started. If the key fob isn't present, the vehicle can't be started.

Bruce McKinley quickly saw the implications this technology (and the auto industry's support of it) was going to have on his company. McKinley, CEO of Dealer Security Solutions (DSS) (Rancho Cordova, CA), specializes in selling aftermarket auto security systems to car dealers. "The allure of an RFID anti-theft device is its simplicity," McKinley explained. "There are no buttons to press or codes to remember as in the previous systems we were offering. Add to that the support of major auto manufacturers, and you have a whole new security industry." For McKinley, offering anything less than RFID seemed like trying to sell old technology. Thus, he began researching RFID in 1999.


Post a Comment

<< Home