The students were able to crack the tags' 40-bit encryption algorithm using commonly available hardware and software components. With this equipment, they show how an attacker could eavesdrop on an active transaction session to grab a key and, theoretically, gain access to an otherwise secure system.
The students are careful to point out that systems such as SpeedPass use elaborate anti-fraud technology, so they should still be regarded as secure. However, they suggest that RFID tags contain a stronger key, using a 128-bit algorithm.
Finally, it should be noted that the analysis was conducted with the cooperation of Texas Instruments.
Source: Boing Boing