eriksmartt.com>Selected Archives

ExxonMobil SpeedPass and Vehicle Immobilizers cracked

There's a great academic paper up at http://rfidanalysis.org/ describing the successful attack on the RFID system used by ExxonMobil SpeedPass and millions of "Vehicle Immobilizer" systems (ie., vehicles who's keys communicate with the car to prevent hot-wiring.) The attack took some smart people and custom computing, but was very inexpensive considering it's potential for abuse.

The success of the attack is in part due to the weak, proprietary encryption algorithm developed by Texas Instruments 10 years ago. It relies on a 40-bit key, which is simply too small for critical security now.

The implications of this are very interesting, especially as businesses push to increase the use of RFID tags. Don't get me wrong, I love RFID, but they way it's being used here could stand a little more security thought. Take this scenario: a trouble youth packs a similar exploit system into a portable computer in her backpack. She could walk around supermarkets and shopping malls with a high-powered RFID reader in her bag, quietly collecting SpeedPass keys from the dongle's in people's pockets and purses. This is even easier then stealing credit card numbers, being a completely passive action. No more dumpster diving -- just hang out around people and ping RFID chips! The cracked keys become black-market commodities, much like stolen credit card numbers or digital cable codes.

Mind you, using stolen RFID keys to buy fuel is just as dumb as using a stolen credit card. Modern gas stations have video cameras, and your license plate will be captured. In other words, it's a cool hack... but don't try this at home unless you'd like to see a little jail time.