« Will the M-Class be the Next Hybrid SUV? |
Main
| Goodyear Offers Cash for Tire Punctures »
February 19, 2005
Exxon SpeedPass Cracked by College Researchers; Millions of Electronic Car Keys Also at Risk
Using a hidden antenna, hackers can steal your SpeedPass info -- or your car key -- and then help themselves!
|
| In
this astonishing video, a Johns Hopkins graduate student uses a micro transmitter
to "buy" gas by simulating a stolen Exxon SpeedPass account code.
|
A team of graduate students at Johns Hopkins University have created a process to silently "lift" electronic codes -- literally from your pocket -- and then use that same data to access your gasoline credit account, or even start your car.
The team chose the Exxon SpeedPass, which contains a tiny transmitter to enable users to access gas pumps. They successfully stole the code, then cracked it -- and then used a transmitter to simulate the code and fool the pump into dispensing "free" gasoline. There are approximately seven million SpeedPasses in circulation.
The team also "lifted" a similar code from the ignition key to a 2005 Ford Escape. In this case, the code prevents the car from starting, even if the ignition switch is turned, or hot-wired.
However, with the code, the team demonstrated they were able to use a non-electronic key to effectively "steal" the vehicle. [It belonged to one of the team members.] There are approximately 150 million electronic car keys with similar technology [known as vehicle immobilizers] on the market today.
[More video and photos after the jump.]
Both the Exxon SpeedPass and the key that were cracked are powered by a Texas Instrument chip known as a Radio Frequency IDdentification, or RFID. The researchers contend that the TI device is insufficiently complex to withstand modern hacking capabilities. And they proved it.
For about $5,000, the Johns Hopkins team put together the hardware necessary to accomplish their goal. Using an antenna, the team was able to detect the code from the devices, without physically contacting either of them. That code, however, needed to be deciphered before it could then be turned around and used to communicate with either the gas pump or the Ford Escape's ignition.
It is this part of the process that ordinary thieves are not likely to be able to replicate. Using an array that looks like something out of Star Trek, the students cracked the code.
Truth is Smarter
than Fiction |
|
|
| The Johns Hopkins
University research team of Adam Stubblefield, Professor Avi Rubin, Steve
Bono and Mark Green. |
Mr. Spock and
Captain Kirk. |
Once their computer had determined the actual code of the device, they were able to turn around and "fool" the gas pump into believing it was talking to the actual SpeedPass. In this next video, one of the team demonstrates how they obtained the SpeedPass code with a hidden antenna. For more information on this fascinating -- and sobering -- project, go to the team's website.
|
| This
video is something
you'd expect to see in a movie thriller, where the secret code is handed
off without contact. Briliant! |
Posted by Frank at February 19, 2005 11:17 AM | Filed under Auto News