Stealing a car has just gotten easier, thanks to a team of Johns Hopkins computer scientists.
Graduate students Steve Bono, Matthew Green, and Adam Stubblefield worked with Avi Ruben, the technical director of the Johns Hopkins Information Security Institute. The team, in conjunction with RSA Security, discovered a way to break the cryptographic code on a type of device commonly found in car keys that were previously thought to be secure.
Radio frequency identification (RFID) is a way of using wireless radio signals to transmit information. It is becoming increasingly common as on-the-go technologies are being improved. Farmers were the original users of this technology, organizing and tracking their livestock by means of RFID tags.
Additionally, the ExxonMobil SpeedPass system takes advantage of RFID technology. A SpeedPass token is a small apparatus which attaches to a person’s keychain and then allows them to wirelessly pay for products such as gas without swiping a credit card.
Another and larger use of RFID technology is in immobilizer car keys. These keys have a radio frequency (RF) device embedded in them with a code that corresponds to the vehicle they are for. If a key without this code is used to start the car, the engine will shut off after a few seconds. Therefore, carmakers have begun manufacturing immobilizer keys in order to cut down on car thefts. They are compulsory in Europe, where car theft has skyrocketed.
Only a car dealer can replace lost immobilizer keys, at considerable cost to the car owner. According to Ford’s Securilock system, there are four quadrillion unique RFID codes to chose from for each car. This differs greatly from the same key that each dealer use to use for each make they sold.
However, the Johns Hopkins researchers decided to study the Texas Instruments Registration and Identification system, a worldwide information network that uses RFID technology. While studying this, they came across a possible vulnerability in the system and decided to test it out.
In 15 minutes time, the researchers found they were able to uncover the secret code which is encrypted in a RF device by linking 16 inexpensive microchips that they purchased for $200. Once they knew this code, they could input it into another gadget that would imitate the original RF device.
The Johns Hopkins researchers were able to successfully use this method to hack into a SpeedPass token and make purchases with it. In addition, they uncovered the code in a 2005 Ford Escape. By then transmitting this code, they could use a normal ignition key to start the SUV, as opposed to normally needing a secure immobilizer key.
Immobilizer keys have been credited with a large decline in automobile thefts, and this vulnerability, although it will not lead to an immediate rise in thefts, means that the system needs to be reworked. One suggestion that the researchers have is for automobile manufacturers to distribute some sort of metal shield or case that will block the RF signals of keys when they are not being used.
The case of ExxonMobil SpeedPasses is not as critical since their system already has other built in security measures. Like credit cards, an account with unusual activity will be flagged.
Based on the results presented by the researchers, thieves with the right equipment could scan an area for RF signals and hack into vulnerable devices that they find.
In 2002 alone, there were 6,096 vehicle thefts in just Baltimore City. In all of Maryland, car thieves steal over 35,000 vehicles annually. Though technological advances are constantly increasing motor vehicle security, there will always be people who find loopholes.
Current technologies that aid in reducing car thefts include tracking devices, gas cap locks, and various types of alarms. The Maryland Vehicle Theft Prevention Council provides drivers with other tips to avoid getting your car stolen. These include parking in well-lit areas, not hiding spare keys inside the car, and keeping valuables out of sight.