Scientists crack security system of millions of cars University team breaks code of KeeLoq system used by major manufacturers
By James Hamilton IT'S THE WORST NIGHTMARE OF THE REMOTE-CONTROL AGE - GERMAN SCIENTISTS claim to have cracked the code of the electronic blipper that locks and unlocks cars and garage doors.
The team from Ruhr University says it is now relatively straightforward to clone the remote control devices that act as the electronic keys.
The scientists say they have overcome the KeeLoq security system, which is made by US-based Microchip Technology and is used by Honda, Toyota, Volvo, Volkswagen and other manufacturers to transmit access codes using radio frequency identification technology.
The revelation caused consternation among the car makers. Volvo said it took security extremely seriously, but preferred not to comment further until its technical teams were able to look at the scientists' claims to establish whether they could be substantiated. At Volkswagen, a spokeswomen would make no comment. Honda also said it would pass the information to its engineering teams, echoing the view: "We obviously take security very seriously."
If the claims are correct, it could pose a major headache for the car companies, whose keyless entry systems are becoming increasingly more common in their high-end marques.
The research team from Ruhr's Electrical Engineering and Information Sciences Department said the crack applies to all known car and building access control systems that rely on the KeeLoq cipher. It targeted and ultimately cracked its RFID as part of its research in embedded security. "The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters," says professor Christof Paar, head of the communication security group at the department.
Timo Kasper, a PhD student who worked on the research, blamed KeeLoq for keeping the cipher secret. He said: "If they had made it public they would have found out 20 years ago that it's insecure. Now it's a little bit too late, because it's already built into all the garages and cars."
Because most access devices are publicly available, it's not too hard for attackers to get their hands on one to perform the analysis. The hack requires about £1500 worth of equipment and a fair amount of technical skill, but once the unique master key for a particular model is available, it works universally, Kasper said.
Paar's team used various code-breaking technologies to develop several attack variables. The researchers said that the most devastating was the so-called side-channel attack on car keys (or building keys), which can be cloned from a distance of several 100 meters.
Based on the research, an attacker can reveal the secret key for the remote control in under an hour, and the manufacturer key of the corresponding receivers in less than a day.
"Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key and to open your garage or unlock your car," says Paar. "With another malicious attack, a garage door or a car door can be remotely manipulated so that legitimate keys do not work any more. Thus, after the security of the building or car has been breached, the attacker can prevent you from future access."
The scientists said the KeeLoq's security relies on poor key management, in which every key is derived from a master that's stored in the reading device. Moreover, it uses a proprietary algorithm that had already been shown to generate cryptographically-weak output.
That algorithm was kept secret for most of the last 20 years but 18 months ago an entry on Wikipedia published it. The research team almost immediately spotted weaknesses.
Microchip officials have been quiet on the revelations, relying instead on a prepared statement which said: "The paper requires detailed knowledge of the system implementation and a combination of data, specialised skills, equipment and access to various components of a system, which is seldom feasible.
"These theoretical attacks are not unique to the Keeloq system and could be applied to virtually any security system."
|
|
Posted by: I'm no really here on 11:28pm Sat 5 Apr 08
I wonder if the security of information on the proposed ID Cards will be weaker or stronger that what car manufacturers use? Anyone want to place bets?
I wonder if the security of information on the proposed ID Cards will be weaker or stronger that what car manufacturers use? Anyone want to place bets?
Posted by: wee folding bike on 10:02am Sun 6 Apr 08
Well the simple solution is to have cars so old they don't have beepers or they are broken and you use the old fashioned key thing.
Well the simple solution is to have cars so old they don't have beepers or they are broken and you use the old fashioned key thing.
Posted by: Politically-incorrec
t Man, Glasgow on 10:38am Sun 6 Apr 08
Don't see why this is supposed to be a "surprise".
Every other security measure can be circumvented. What makes the "boffin" think the "crooks" are not way ahead of him.
Don't see why this is supposed to be a "surprise".
Every other security measure can be circumvented. What makes the "boffin" think the "crooks" are not way ahead of him.
Posted by: McSomeone, Scotland on 10:49am Sun 6 Apr 08
I wonder if this is the same German academics who proved that the controversal ID card security was also easy to crack?
If it is man made then somewhere there is a man or women who can create the tools/software to open it. There is no such thing as 100% secure, especially with regards to computers, software and computer generated items such as ID. They can all he accessed because the guiding principle is for ease of access as few people who deal with them have the education or intelligence to handle complex codes or information. Or put another way, it's aimed at the lowest median level of intelligence that will be working with it.
Same with credit cards, why do you think crooks are only half a day behind banks when they introduce new security measures?
I wonder if this is the same German academics who proved that the controversal ID card security was also easy to crack?
If it is man made then somewhere there is a man or women who can create the tools/software to open it. There is no such thing as 100% secure, especially with regards to computers, software and computer generated items such as ID. They can all he accessed because the guiding principle is for ease of access as few people who deal with them have the education or intelligence to handle complex codes or information. Or put another way, it's aimed at the lowest median level of intelligence that will be working with it.
Same with credit cards, why do you think crooks are only half a day behind banks when they introduce new security measures?
Posted by: MJ on 12:27pm Sun 6 Apr 08
Anything and everything can he hacked or cracked. Solution be aware of it and learn to deal with it.
As for old fashined key locks. The technology is even cheaper. The first (and last) time I locked my keys in the car I used a coathanger. It took @ 3 min. Then when I had a girlfriend who regularly locked her key in the car I went high tech and invested $1.49 on a Slim Jim as it saved a lot of wear and tear on the rubber window seal.
Anything and everything can he hacked or cracked. Solution be aware of it and learn to deal with it.
As for old fashined key locks. The technology is even cheaper. The first (and last) time I locked my keys in the car I used a coathanger. It took @ 3 min. Then when I had a girlfriend who regularly locked her key in the car I went high tech and invested $1.49 on a Slim Jim as it saved a lot of wear and tear on the rubber window seal.
Posted by: Alex, Oregon,USA on 5:17pm Sun 6 Apr 08
Now why would they(German Scientist) try to break the car companies code???? Why would they want to do that except to cause havoc in todays world.
What a bunch of jerks! I hope they get their butts kicked in court & go to jail.[bold]bold[/bold]
Now why would they(German Scientist) try to break the car companies code???? Why would they want to do that except to cause havoc in todays world.
What a bunch of jerks! I hope they get their butts kicked in court & go to jail.
Posted by: sam, greenock on 5:53pm Sun 6 Apr 08
[quote][bold]Alex[/bold] wrote:
Now why would they(German Scientist) try to break the car companies code???? Why would they want to do that except to cause havoc in todays world. What a bunch of jerks! I hope they get their butts kicked in court & go to jail.[bold]bold[/bold] [/quote] Alex,
I've got it on good authority that they've all been grounded and sent to bed without any supper. Such naughty children........
tsk tsk tsk
Alex wrote:
Now why would they(German Scientist) try to break the car companies code???? Why would they want to do that except to cause havoc in todays world. What a bunch of jerks! I hope they get their butts kicked in court & go to jail.
Alex,
I've got it on good authority that they've all been grounded and sent to bed without any supper. Such naughty children........
tsk tsk tsk
Posted by: wee folding bike on 10:04pm Sun 6 Apr 08
MJ,
Drive a really old Volvo and nobody will steal it.
The failure of bicycle locks is one reason I use a folding bike. I take with with me to work, the cinema, restaurants etc.
MJ,
Drive a really old Volvo and nobody will steal it.
The failure of bicycle locks is one reason I use a folding bike. I take with with me to work, the cinema, restaurants etc.
Posted by: Bill, earth on 11:50am Mon 7 Apr 08
This is stupid. The majority of car thieves either enter unlocked cars, or break the window.
This is stupid. The majority of car thieves either enter unlocked cars, or break the window.
Posted by: U SLAAAAAAGZ, Wales on 11:53am Mon 7 Apr 08
Shouldn't they spend there time doing something interesting, and helpful?
Breaking a code and then publicly announcing it is just annoying and stupid!
I think they should all be put in a Volvo and driven off a cliff - Only to check out its security though!
Shouldn't they spend there time doing something interesting, and helpful?
Breaking a code and then publicly announcing it is just annoying and stupid!
I think they should all be put in a Volvo and driven off a cliff - Only to check out its security though!
Posted by: Me on 11:56am Mon 7 Apr 08
alex ur a idiot lol they do this because its to better seciurty n i woulndt be suprised if someone else isnt atleast already tring to do this
alex ur a idiot lol they do this because its to better seciurty n i woulndt be suprised if someone else isnt atleast already tring to do this
Posted by: Tony on 12:06pm Mon 7 Apr 08
[quote][bold]Bill[/bold] wrote:
This is stupid. The majority of car thieves either enter unlocked cars, or break the window.[/quote] Not really true. Most low level criminals will use those methods, but organised criminals will use high levels of sophistication to steal the cars without damage - after all an undamaged car costs less to repair to sell on.
Bill wrote:
This is stupid. The majority of car thieves either enter unlocked cars, or break the window.
Not really true. Most low level criminals will use those methods, but organised criminals will use high levels of sophistication to steal the cars without damage - after all an undamaged car costs less to repair to sell on.
Posted by: Bryan on 12:06pm Mon 7 Apr 08
Alex in 16th Century wrote:
Now why would they (Galileo) try to mess with our unscientific heliocentric beliefs???? Why would they want to do that except to cause havoc in today's world. What a jerk! I hope he gets himself lynched and thrown in jail.
Alex in 16th Century wrote:
Now why would they (Galileo) try to mess with our unscientific heliocentric beliefs???? Why would they want to do that except to cause havoc in today's world. What a jerk! I hope he gets himself lynched and thrown in jail.
Posted by: Dave, Ann Arbor, MI USA on 12:06pm Mon 7 Apr 08
Welcome to the techno-world. Gamers unite! Attack the hackers...wait...Nap
ster was a wonderful hack which helped open a new world...gamers, belay that command.
Welcome to the techno-world. Gamers unite! Attack the hackers...wait...Nap
ster was a wonderful hack which helped open a new world...gamers, belay that command.
Posted by: tbone on 12:09pm Mon 7 Apr 08
Uhmmm lemme see.
Where can I find a car thief that is well-versed in mathematical algorithms, ability to develop software, obviously well edumacated and a PHD no less...
Damned everywhere... a dime a dozen... where am I going to house my Camry with these PHD car theives roaming the neigborhood?
Uhmmm lemme see.
Where can I find a car thief that is well-versed in mathematical algorithms, ability to develop software, obviously well edumacated and a PHD no less...
Damned everywhere... a dime a dozen... where am I going to house my Camry with these PHD car theives roaming the neigborhood?
Posted by: Anne Onyme on 12:22pm Mon 7 Apr 08
To "u slagz": Breaking a FAULTY code and then publicly announcing it is the only way to force manufacturers to spit the required money and resources to build devices REALLY doing what they advertise. Instead of ripping you of your money without providing you any real security whatsoever. What these Geman scientist did, other may have done years ago (18 years old vulnerability, here!) The only reason we didn't hear of it before is because it's cheaper for thieves to replace a broken window. Google "full disclosure" and "security through obscurity", read a bit, and maybe you'll think before posting next time.
To "u slagz": Breaking a FAULTY code and then publicly announcing it is the only way to force manufacturers to spit the required money and resources to build devices REALLY doing what they advertise. Instead of ripping you of your money without providing you any real security whatsoever. What these Geman scientist did, other may have done years ago (18 years old vulnerability, here!) The only reason we didn't hear of it before is because it's cheaper for thieves to replace a broken window. Google "full disclosure" and "security through obscurity", read a bit, and maybe you'll think before posting next time.
Posted by: U SLAAAAAAGZ, Wales on 2:59pm Mon 7 Apr 08
To "Anne Onyme" :
There are a lot more important things than a stupid car/alarm code for scientists to research.... And if anyone was bothered about security, obviously with a decent car worth taking, a after-market alarm would be installed.
But then do you believe all security cannot be bypassed?
To "Anne Onyme" :
There are a lot more important things than a stupid car/alarm code for scientists to research.... And if anyone was bothered about security, obviously with a decent car worth taking, a after-market alarm would be installed.
But then do you believe all security cannot be bypassed?
Posted by: Cliff, Atlanta, GA on 3:50pm Mon 7 Apr 08
Why is this so amazingly unexpected?
I have always assumed that someone could record the RF produced by these when I use it and play it back sometime later to break in.
It is only a little harder than recording the sound a touch tone phone makes and playing it back to dial a phone number or enter an access code entered via phone.
Why is this so amazingly unexpected?
I have always assumed that someone could record the RF produced by these when I use it and play it back sometime later to break in.
It is only a little harder than recording the sound a touch tone phone makes and playing it back to dial a phone number or enter an access code entered via phone.
Posted by: Kyle, Texas, USA on 4:05pm Mon 7 Apr 08
To U SLAAAAAAGZ,
What more important things are SECURITY RESEARCHERS supposed to work on than 20-year-old security systems which guard against theft of millions of highly expensive machines?
Recall that "scientist" doesn't mean "guy who can cure cancer, hack the Pentagon, and design an airplane." Researchers are highly specialized into one field.
To U SLAAAAAAGZ,
What more important things are SECURITY RESEARCHERS supposed to work on than 20-year-old security systems which guard against theft of millions of highly expensive machines?
Recall that "scientist" doesn't mean "guy who can cure cancer, hack the Pentagon, and design an airplane." Researchers are highly specialized into one field.
Posted by: Brad on 4:44pm Mon 7 Apr 08
Thieves can also break the windows of the car and open the door, and it's a lot more pragmatic. Though this may prove to cost less for them over time if they're taking the entire car. The fact of the matter is that once you have the door open, you still have to start the car if you're going to steal it, and if you're stealing something out of it, then breaking a window is faster and cheaper.
Thieves can also break the windows of the car and open the door, and it's a lot more pragmatic. Though this may prove to cost less for them over time if they're taking the entire car. The fact of the matter is that once you have the door open, you still have to start the car if you're going to steal it, and if you're stealing something out of it, then breaking a window is faster and cheaper.
Posted by: Peter on 6:19pm Mon 7 Apr 08
[quote][bold]Brad[/bold] wrote:
Thieves can also break the windows of the car and open the door, and it\'s a lot more pragmatic. Though this may prove to cost less for them over time if they\'re taking the entire car. The fact of the matter is that once you have the door open, you still have to start the car if you\'re going to steal it, and if you\'re stealing something out of it, then breaking a window is faster and cheaper.[/quote] Breaking a window is faster and cheaper, but you can do this in broad daylight with people around and no one will think twice.
Brad wrote:
Thieves can also break the windows of the car and open the door, and it\'s a lot more pragmatic. Though this may prove to cost less for them over time if they\'re taking the entire car. The fact of the matter is that once you have the door open, you still have to start the car if you\'re going to steal it, and if you\'re stealing something out of it, then breaking a window is faster and cheaper.
Breaking a window is faster and cheaper, but you can do this in broad daylight with people around and no one will think twice.
Posted by: U SLAAAAAAGZ, Wales on 7:21pm Mon 7 Apr 08
[quote][bold]Kyle[/bold] wrote:
To U SLAAAAAAGZ,
What more important things are SECURITY RESEARCHERS supposed to work on than 20-year-old security systems which guard against theft of millions of highly expensive machines?
Recall that "scientist" doesn't mean "guy who can cure cancer, hack the Pentagon, and design an airplane." Researchers are highly specialized into one field.[/quote] To Kyle,
Obviously SECURITY RESEARCHERS! would be better off researching and developing a new technology, than to prove a 20 year old way does not work.... Honestly if all they have to work on is 20 year old faulty products, what is the point of them anyway?
Are you really surprised something to do with security, developed 20 years ago does not work?
Anyone with a decent enough car will have a proper system fitted, rather than manufacturer standard! - Still this can be bypassed!
Kyle wrote:
To U SLAAAAAAGZ,
What more important things are SECURITY RESEARCHERS supposed to work on than 20-year-old security systems which guard against theft of millions of highly expensive machines?
Recall that "scientist" doesn't mean "guy who can cure cancer, hack the Pentagon, and design an airplane." Researchers are highly specialized into one field.
To Kyle,
Obviously SECURITY RESEARCHERS! would be better off researching and developing a new technology, than to prove a 20 year old way does not work.... Honestly if all they have to work on is 20 year old faulty products, what is the point of them anyway?
Are you really surprised something to do with security, developed 20 years ago does not work?
Anyone with a decent enough car will have a proper system fitted, rather than manufacturer standard! - Still this can be bypassed!
Posted by: Adisharr on 7:32pm Mon 7 Apr 08
[quote][bold]U SLAAAAAAGZ[/bold] wrote:
Shouldn't they spend there time doing something interesting, and helpful?
Breaking a code and then publicly announcing it is just annoying and stupid!
I think they should all be put in a Volvo and driven off a cliff - Only to check out its security though![/quote] This is how progress and security advances are made.
U SLAAAAAAGZ wrote:
Shouldn't they spend there time doing something interesting, and helpful?
Breaking a code and then publicly announcing it is just annoying and stupid!
I think they should all be put in a Volvo and driven off a cliff - Only to check out its security though!
This is how progress and security advances are made.
Posted by: Friend on 7:34pm Mon 7 Apr 08
[quote][bold]Bryan[/bold] wrote:
Alex in 16th Century wrote:
Now why would they (Galileo) try to mess with our unscientific heliocentric beliefs???? Why would they want to do that except to cause havoc in today's world. What a jerk! I hope he gets himself lynched and thrown in jail.[/quote] Might want to consider the ordering on that last part.
Bryan wrote:
Alex in 16th Century wrote:
Now why would they (Galileo) try to mess with our unscientific heliocentric beliefs???? Why would they want to do that except to cause havoc in today's world. What a jerk! I hope he gets himself lynched and thrown in jail.
Might want to consider the ordering on that last part.
Posted by: Barny Rubble, Bedrock on 8:33pm Mon 7 Apr 08
To Cliff,
The security codes for these devices change every time the lock is opened or closed, so if someone did intercept the code and try to use it, it would already be out of date.
Each successful use of the lock causes both the key and the lock to invoke a mathematical formula to calculate what the next code should be.
What the scientists seem to have done, however, is to work out how to calculate what that next code will be and so allow them to take complete control of the lock, since, as soon as they use their [italic]own[/italic] key on the lock, the lock and [italic]their[/italic] key change in sync, leaving the [italic]original[/italic] owner's key permanently out of sync and therefore unable to control the lock.
To Cliff,
The security codes for these devices change every time the lock is opened or closed, so if someone did intercept the code and try to use it, it would already be out of date.
Each successful use of the lock causes both the key and the lock to invoke a mathematical formula to calculate what the next code should be.
What the scientists seem to have done, however, is to work out how to calculate what that next code will be and so allow them to take complete control of the lock, since, as soon as they use their
own key on the lock, the lock and
their key change in sync, leaving the
original owner's key permanently out of sync and therefore unable to control the lock.
Posted by: Kyle, Texas, USA on 9:23pm Mon 7 Apr 08
To U SLAAAAAAGZ:
Actually, we have a lot of better technology and have had it for years, yet that didn't force the auto manufacturers to move to better technology?
Seeing as how it's cheap to hack this technology (as the researchers said), how do we know that criminals haven't already done so and taken advantage of the weakness? We don't, but you can bet it's possible. But that didn't force the auto manufacturers to fix the weaknesses, either!
In fact, without the researchers of this article, we'd be in a system where the thieves possibly knew how to beat the system, it was beatable, and the auto manufacturers didn't care one bit because no one was holding their boots to the fire.
Also, look up "diversification of skills." We can't have every researcher doing the same thing. If we did, there'd be a lot of wasted resources.
To U SLAAAAAAGZ:
Actually, we have a lot of better technology and have had it for years, yet that didn't force the auto manufacturers to move to better technology?
Seeing as how it's cheap to hack this technology (as the researchers said), how do we know that criminals haven't already done so and taken advantage of the weakness? We don't, but you can bet it's possible. But that didn't force the auto manufacturers to fix the weaknesses, either!
In fact, without the researchers of this article, we'd be in a system where the thieves possibly knew how to beat the system, it was beatable, and the auto manufacturers didn't care one bit because no one was holding their boots to the fire.
Also, look up "diversification of skills." We can't have every researcher doing the same thing. If we did, there'd be a lot of wasted resources.
Posted by: tubtub, earth, somewhere on 2:41am Tue 8 Apr 08
Well, this can be more than a bit annoying. The 'thieves' can deny you access to your own car. Imagine your key doesn't unlock you door. Worse still, what if they can deactivate your key when it's in the ignition and you're driving down the highway? Do you know what happens to late model cars when the ignition is off? Imagine not being able to steer your car because the ignition lock activates, and simultaneously loosing acceleration... shudder. Why should those german scientists make me the victim of the car companies bad codes? Do they have the right to kill you?
Well, this can be more than a bit annoying. The 'thieves' can deny you access to your own car. Imagine your key doesn't unlock you door. Worse still, what if they can deactivate your key when it's in the ignition and you're driving down the highway? Do you know what happens to late model cars when the ignition is off? Imagine not being able to steer your car because the ignition lock activates, and simultaneously loosing acceleration... shudder. Why should those german scientists make me the victim of the car companies bad codes? Do they have the right to kill you?
Posted by: Paul, Ireland on 10:28am Tue 8 Apr 08
[quote][bold]tbone[/bold] wrote:
Uhmmm lemme see. Where can I find a car thief that is well-versed in mathematical algorithms, ability to develop software, obviously well edumacated and a PHD no less... Damned everywhere... a dime a dozen... where am I going to house my Camry with these PHD car theives roaming the neigborhood?[/quote] I dont think thieves need to have intimate knowledege of how a piece of technology works to use it... Do u think the thieves that steal mobile phones and then use software to unlock them know how that software works?
tbone wrote:
Uhmmm lemme see. Where can I find a car thief that is well-versed in mathematical algorithms, ability to develop software, obviously well edumacated and a PHD no less... Damned everywhere... a dime a dozen... where am I going to house my Camry with these PHD car theives roaming the neigborhood?
I dont think thieves need to have intimate knowledege of how a piece of technology works to use it... Do u think the thieves that steal mobile phones and then use software to unlock them know how that software works?
Posted by: Daniel, Germany on 5:05pm Tue 8 Apr 08
[quote][bold]MJ[/bold] wrote:
Anything and everything can he hacked or cracked. Solution be aware of it and learn to deal with it.
As for old fashined key locks. The technology is even cheaper. The first (and last) time I locked my keys in the car I used a coathanger. It took @ 3 min. Then when I had a girlfriend who regularly locked her key in the car I went high tech and invested $1.49 on a Slim Jim as it saved a lot of wear and tear on the rubber window seal.[/quote] Oh, I think there are existing some good crypto-algorithm's which are - assumed they are implemented well - actually safe because with the actual technique it would need centuries to break a real secure key.
And that is where the actual problem begins: Most users don't use secure passwords or keys, most of them use words that everyone could find in a dictionary.
And the statement "Anything and everything can he hacked or cracked" is definitively wrong. It is proven that even you have unlimited computing power (which is impossible) you would never ever crack something that is encrypted with a 100% random key and the one-time-pad-algorit
hm ;-)
ps: Please excuse my horrible english.
MJ wrote:
Anything and everything can he hacked or cracked. Solution be aware of it and learn to deal with it.
As for old fashined key locks. The technology is even cheaper. The first (and last) time I locked my keys in the car I used a coathanger. It took @ 3 min. Then when I had a girlfriend who regularly locked her key in the car I went high tech and invested $1.49 on a Slim Jim as it saved a lot of wear and tear on the rubber window seal.
Oh, I think there are existing some good crypto-algorithm's which are - assumed they are implemented well - actually safe because with the actual technique it would need centuries to break a real secure key.
And that is where the actual problem begins: Most users don't use secure passwords or keys, most of them use words that everyone could find in a dictionary.
And the statement "Anything and everything can he hacked or cracked" is definitively wrong. It is proven that even you have unlimited computing power (which is impossible) you would never ever crack something that is encrypted with a 100% random key and the one-time-pad-algorit
hm ;-)
ps: Please excuse my horrible english.
Posted by: conor, Ireland on 5:07pm Tue 8 Apr 08
I think the point here is that they were using a 20 year old chipher key, from one master code. The amount of advancement in the field of RFID in the last few years has made this a bit of a non issue. Tags can now be programmed with unique keys making them near immpossible to hack even if you do record the RF. Don't blame the scientist blame the manufactures, RFID tags are so cheap now that they are probably cheaper than ordinary keys to make individually.
I think the point here is that they were using a 20 year old chipher key, from one master code. The amount of advancement in the field of RFID in the last few years has made this a bit of a non issue. Tags can now be programmed with unique keys making them near immpossible to hack even if you do record the RF. Don't blame the scientist blame the manufactures, RFID tags are so cheap now that they are probably cheaper than ordinary keys to make individually.
Posted by: Major, Russia on 6:11pm Tue 8 Apr 08
Russian kuvalda - no keys no problems
Russian kuvalda - no keys no problems
Posted by: Let Us All Jump To Conclusions, Wisconsin on 12:27am Wed 9 Apr 08
Anyone who thinks RFID tags are completely secure, or at least the ones in new credit cards, should look at this:
http://tv.boingboing
.net/2008/03/19/how-
to-hack-an-rfide.htm
l
I firmly believe that [italic]anything[/italic] that it widely used in the public sector is hackable.
Anyone who thinks RFID tags are completely secure, or at least the ones in new credit cards, should look at this:
http://tv.boingboing
.net/2008/03/19/how-
to-hack-an-rfide.htm
l
I firmly believe that
anything that it widely used in the public sector is hackable.
Posted by: Pave Paws on 11:28pm Thu 10 Apr 08
Most signals that are broadcast wireless can be broken into with time and proper equipment. It is the ones that have don't have good key management and have a single master key that is shared amongst many devices will broken into easier. Most of this is because RFID companies don't want to spend the money on creating longer encryption keys and tracking all of those master keys.
In short it is economics driving this issue with weak keys and only few master keys.
Most signals that are broadcast wireless can be broken into with time and proper equipment. It is the ones that have don't have good key management and have a single master key that is shared amongst many devices will broken into easier. Most of this is because RFID companies don't want to spend the money on creating longer encryption keys and tracking all of those master keys.
In short it is economics driving this issue with weak keys and only few master keys.
Posted by: Mark on 9:48am Wed 30 Apr 08
The manufacturers will [bold]never[/bold] spend money on a implementing/designi
ng a new system without proper proof (i.e. What we have now thanks to these dudes) that their system is insecure, and probably public pressure (i.e. What we have now thanks to these dudes).
In fact, no company wants to spend money on security unless it absolutely needs to. Looks at banks for example, totally behind in the security world.
The manufacturers will
never spend money on a implementing/designi
ng a new system without proper proof (i.e. What we have now thanks to these dudes) that their system is insecure, and probably public pressure (i.e. What we have now thanks to these dudes).
In fact, no company wants to spend money on security unless it absolutely needs to. Looks at banks for example, totally behind in the security world.
Comment | Read Comments (34)
Print this story
Email to a friend
