FutureWire - futurism and emerging technology

Thursday, September 22, 2005

Cracking RFID

If RFID tags are going to be the glue that holds together the pervasive computing environment of the future, security must be a primary consideration. Several graduate students from Johns Hopkins University have completed an analysis of a widely used RFID device -- the Texas Instruments DST tag, found in ExxonMobil SpeedPass electronic payment devices, among other places -- and their findings are sobering.

The students were able to crack the tags' 40-bit encryption algorithm using commonly available hardware and software components. With this equipment, they show how an attacker could eavesdrop on an active transaction session to grab a key and, theoretically, gain access to an otherwise secure system.

The students are careful to point out that systems such as SpeedPass use elaborate anti-fraud technology, so they should still be regarded as secure. However, they suggest that RFID tags contain a stronger key, using a 128-bit algorithm.

Finally, it should be noted that the analysis was conducted with the cooperation of Texas Instruments.

Source: Boing Boing