http://nytimes.com/2005/01/28/science/28cnd-key.html?pagewanted=1&ei=5094&en=48eb306a45a3b7a0&hp&ex=1106974800&partner=homepage

According to this NY Times article, Texas Instruments' chip for RFID (Radio Frequency IDentification) has been cracked by a team from John Hopkins University and RSA Security.

Over 150 million units of the chip has been sold and is in use in e.g. Ford/Nissan, identification cards for access to certain areas, supply systems.

The attack is somewhat limited by the range of transmitter of the chip.

Tin-foil around a key blocks the signal.

That is in fact interesting but thieves have had scanners for years which can intercept security transmissions.

My take is to take reasonable care to stop the amateur and/or thrill seeker from stealing your car. A pro will probably get it. More important is the selection of parking spots. Would anyone care to guess how long it takes to hook a car up to a tow truck and drive away with it? The towing of vehicles has become so common place in some areas that it no longer draws more than a glance. The same goes for those alarms. I have seen cars driving down the highway with the alarm blaring away.

The difference is that this is branded as the latest and greatest. That the radio frequencies can be scanned is not novel, but that the security protecting those communications breaks is another thing... at least so fast.

In addition to the aforementioned ID and gas cards, there have been serious talking about introducing RFID based credit cards.

Here's a scenario: Joe Bob rolls off the interstate after filling up his Ford Explorer with gas at ExxonMobile, and heads to the crowded local mall. He looks around and loads up his groceries, walking straight through the checkout - all RFID tagged products paid for automatically using his RFID credit card when passing the register. Sweet. Next Joe Bob goes to buy some jewellery for his wife, equally easy.

But when Joe Bob comes out, his car is gone and when he comes home after calling a cab - he finds out after a few days that his bank account is empty and he has been given way high credit bills. The company employing him is alerted and they have to get him a new ID, check for intrustions, etc.

As it turns out, a man had passed him while picking up beer. The man didn't do anything except walk around the mall, perhaps buying something here and there. In case he would be searched, the RFID tag reader was built into his mp3 player or cell phone, along with a transmitter for off the shelf WLAN or GPRS/3G - though encrypted of course. As he walked down the ailes or read some magazines, the RFID reader would read the tags of those passing by or bumping into him. The tags would then be sent directly to a relay station for decryption or transportation.

In this case they were written ASAP to an empty key which they used to drive away his Ford Explorer.

Just a thought...

A walkthrough of the vulnerabilities and procedures:
http://rfidanalysis.org/

I guess they will be redesigning that chip, changing the algorithm.

Ok, I'm done.

ANYTHING can be broken into, cracked, or hacked given enough resources. The key is make it difficult enough that they move on to another target coupled with not appearing on their radar in the first place.

"Total" security is an illusion, at least electronic security, networks, radios, COMSEC, etc.