In 1997, Ford Motor Co. equipped the Mustang with one of the
first RFID ignition immobilizers in the U.S. car industry.
Theft levels for the Mustang immediately dropped 70 percent
from just two years prior. The results were stunning, and
pretty much every other carmaker followed suit.
Today, the RFID (radio frequency identification) industry
claims a 90 percent reduction in theft rates for car models
equipped with RFID starters, immobilizers and entry systems.
Both automakers and insurance companies have full faith in
the devices, even going so far as to label them unbeatable.
And certainly, the technology is an impressive display of
security innovation.
RFID relies on radio-frequency signals to create a system
that, for the first several years it was in use, was indeed
uncrackable. In the 1990s, many a car thief was thwarted by
the rather brilliant addition of RFID immobilizers to regular
old physical keys. An RFID immobilizer is a chip embedded in
the top part of an ignition key. This chip sends out
an encrypted string of radio-frequency signals, basically
a particular number of impulses broadcast on various radio
frequencies to create a specific code, when the driver
inserts it into the ignition-key slot. Without this code, the
car either won't start or won't activate the fuel pump. So
even if someone hotwires the car or copies an ignition key,
the ignition isn't going to work because it hasn't received
the proper radio-frequency code.
If you have a car that comes with a special "valet key," the
immobilizer probably shuts down the fuel pump if the car is
started without the code. This means the car is going to run
only on whatever fuel is left in the fuel line, which will
only get it a couple of blocks. Thus the valet key -- valet
parkers only have to drive a car very short distances. If
they try to drive off with your car, they won't get very far.
Neither will any other potential car thief.
Early RFID systems, both keyless entry (the key fob device
with the button you press to unlock the car) and vehicle
immobilizers, used 32-bit encryption. That means they sent
a code of 32 impulses. With 32 bits in the code, there are
billions of possible combinations. In newer schemes,
including remote starters that let you start a car with the
push of a button, the codes have 40 bits, which increases the
possibilities. With so many possible codes, the system seems
unbeatable.
And at first, it was.
RFID Car Systems: Radio Protection
Cars with RFID security do have lower theft rates, and it
makes sense. This type of system makes getting in and driving
off a lot more complicated.
Keyless entry and immobilizer systems work in pretty much the
same way. Let's say you have a keyless-entry fob. It's
a standard radio-transponder setup: Inside is a circuit
board, a radio transmitter, a battery and an antenna. When
you get near your car, perhaps 5 feet to 10 feet (a few
meters) away, you press the button to unlock your doors. The
RFID chip in the fob sends out a code of 40 impulses
broadcast on different frequencies. The corresponding RFID
chip in the car receives this code and accesses the car's
software to find out if the code is the right one. If it is,
the doors unlock.
This is called an active RFID system, since pushing the
button actively sends out the code, instead of receiving it.
The immobilizer chips in ignition keys are also active.
Keyless ignition, on the other hand, is a passive RFID
system. Instead of the ignition chip sending out the code,
the car sends out the code and the ignition chip receives it.
Ignition systems have no battery (or a different kind), and
they have a lower-power antenna, so they won't broadcast as
far. It's an additional security measure.
On its face, the system seems impenetrable: There are
billions of possible sequences, and brute force will no
longer get the car moving. Add in rolling codes, which are
becoming more common -- a system in which the expected
sequence changes slightly every time you push the button --
and the options get closer to a trillion. But as with any
security system, it's only impenetrable until thieves figure
out a way around it. Look at safes and burglar alarms; you've
got to update those frequently in order to stay ahead of the
robbers. Car RFID systems are no different.
RFID hacking is the most high-tech approach to car theft yet.
Using hardware that grabs radio frequency signals out of the
air, and software that decrypts it, thieves with time on
their hands can steal an RFID-equipped car. In 2005,
researchers at Johns Hopkins University in Maryland
demonstrated how.
RFID Security: Hacking In
The fact is, people steal cars equipped with RFID security.
It's especially common in Europe, where RFID has been used in
cars for longer than in the United States. To prove the
weaknesses of the system, researchers at Johns Hopkins went
about breaking in. What they found was startling.
If you equip a laptop computer with a microreader, a device
that can capture radio signals, you can capture the
transmissions sent out by an RFID immobilizer key. Positioned
within a few feet of the RFID transponder -- say, sitting
next to the car owner in a restaurant -- the laptop sends out
signals that activate the chip. When the key begins
broadcasting, the reader grabs the code, and the computer
begins decrypting it. Within 20 minutes, you've got the code
that'll tell the car to start. (Once you have a good database
of codes stored in your laptop, the time gets much shorter.)
Pair that code with a copy of the physical key or a hotwire
job, and you're on your way. In the case of the passive
ignition system, the process is similar, but you need only
stand next to the car, not the person carrying the key.
In cars that have RFID entry and ignition, it's an all-in-one
process. Break the codes, and you can not only unlock the
doors, but also start the car and drive away. According to
some security experts, this is the problem with the system.
RFID is a really great addition to a car's physical security
system, but on its own, it allows for complete access with
just a single act of decryption. For a thief with good
equipment, it's a snap.
This is where the RFID, insurance and car industries object
to the portrayal of RFID systems as faulty. Sure, the Johns
Hopkins researchers could break it. They have money and
hardware. Car thieves would never take the time or spend the
money to break an encrypted code.
But with the payoff of tens of thousands of dollars for
a high-end car, thieves have decided to give it a whirl. And
whereas locksmiths weren't allowed to copy RFID-equipped keys
at first, annoyance on the part of car owners who lost their
keys led to a loosening of the rule. Now, both locksmiths and
regular consumers can buy kits that can capture and clone
an RFID code. The result is that people are losing their
RFID-secured cars, and insurance companies call the owners'
claims fraudulent because RFID security is uncrackable. The
owners must be lying.
There are a few possible solutions to this problem that don't
involve scrapping RFID. The Johns Hopkins scientists propose
several ways to better secure the system: First, RFID makers
should switch from 40-bit to 128-bit encryption; owners
should wrap their fob in tinfoil when not using them, to help
block fraudulent signals from activating transmission; and
most important, carmakers should use RFID technology as
an additional security measure, not the sole one.
As with any other security system, the advice is simple:
Layer up. Don't rely on any single protection method.
Instead, use several different types of security in order to
make it as complicated as possible to bypass.
Aucun commentaire:
Enregistrer un commentaire