Specifically those licensed from TI:

http://nytimes.com/2005/01/28/science/28cnd-key.html?pagewanted=1&ei=5094&en=48eb306a45a3b7a0&hp&ex=1106974800&partner=homepage

The researchers discovered a critically important fact: the encryption algorithm used by the chip to scramble the challenge uses a relatively short code, known as a key. The longer the code key, which is measured in bits, the harder it is to crack any encryption system.

"If you were to tell a cryptographer that this system uses 40-bit keys, you'd immediately conclude that the system is weak and that you'd be able to break it," said Ari Juels, a scientist with the research arm of RSA Security, which financed the team and collaborated with it.
I foresee another jump in Civic insurance rates. ;)

seems to require a membership to read that....

It's really not that big of a deal.

As mentioned in the article, you would have to get close enough to scan the RFID tag in the key which means the person would need to be within inches of you with a scanner.

Then, after you do that, you need to go away for awahile and break the encryption to make a clone key.

This is an AWFUL lot of effort to go through to steal an individual car. Immobilizer keys are not built to stop professional car thiefs with this type of equipment and experience. They are built to prevent the casual joyrider from being able to start the car.

If they wanted to go through that much effort to crack the RFID tag on your key, they probably would have quicker results simply towing the car in question.

You can't beat theives. It's simply not possible. The best you can hope for is discouraging the less skilled attempts. If someone wants your car bad enough, there's nothing you are going to be able to do to stop them from taking it.

Not unless you have a trunk monkey that knows Tae Kwon Do :lol:

You can't beat theives. It's simply not possible.

seems to require a membership to read that....
..................

seems to require a membership to read that....
Never register for a website again. www.bugmenot.com (http://www.bugmenot.com/)

Sure, some graduate electrical engineering students were able to crack the code with thousands of dollars worth of equipment. I don't think the average joe will be able to do the same. Replicating a 40+ bit RFID sequence is very difficult to do without complex antennas and transmitters. It would take quite a bit of knowledge of how RF backscatter works in order to simulate a signal.

More info: http://rfidanalysis.org/

Mobil Speedpass, too. :lol:

More info: http://rfidanalysis.org/
Mobil Speedpass, too. :lol:

Don't forget about EZPass too. 2005 will likely be the "Year of RFID". There are an unlimited number of applications for this technology. My professor at University of Pittsburgh holds the patent on an RFID technology that is to be used by Wal-Mart for inventory tracking starting this year ($$$$$)! His device is called the "PENI" tag.

Some of my colleagues recently made a demonstration of RFID as a replacement for the retail UPC bar code last semester. They were successfully able to fill a shopping cart with a large number of unique items, push the cart under a doorway-mounted antenna, and have a computer perform "check-out" in under a second without having to remove any items from the cart! Could you imagine how great it will be when this RFID technology reaches the grocery stores? We'll never wait in a checkout line again.

Could you imagine how great it will be when this RFID technology reaches the grocery stores? We'll never wait in a checkout line again.

And it seems that according to this article, some will never have to pay for groceries ever again!

:lol:

Could you imagine how great it will be when this RFID technology reaches the grocery stores? We'll never wait in a checkout line again.


Sorry for your colleagues. Already been there, done that.

IBM developed a system for Safeway UK using RFID that does just that. I believe they actually used passive Bluetooth RFID identifier tags for that particular implementation.

Hell, IBM was including it in their television commercials back in the 1999-2000 timeframe, when I worked there. The fully functional systems went online in several stores in late 2000.

It's really not that big of a deal.

As mentioned in the article, you would have to get close enough to scan the RFID tag in the key which means the person would need to be within inches of you with a scanner.

Then, after you do that, you need to go away for awahile and break the encryption to make a clone key.
Correct, and when WEP was first broken, it took a good deal of data gathering and number crunching to break the key. Now you can do it with 10-20 MB of data and a few seconds. You can buy devices the size of handhelds on eBay to gather the data and do it for you in seconds, if you so desire. This certainly isn't a big deal where the RFID device is used in conjunction with a key or other security system, but for the select new cars that are set up with the option to use only RFID to unlock the doors and start the car (being in the drivers seat with the tag and hitting the start button, etc) I would be worried in the near future.

Correct, and when WEP was first broken, it took a good deal of data gathering and number crunching to break the key. Now you can do it with 10-20 MB of data and a few seconds. You can buy devices the size of handhelds on eBay to gather the data and do it for you in seconds, if you so desire. This certainly isn't a big deal where the RFID device is used in conjunction with a key or other security system, but for the select new cars that are set up with the option to use only RFID to unlock the doors and start the car (being in the drivers seat with the tag and hitting the start button, etc) I would be worried in the near future.

Being involved in the RFID/AutoID/WLAN industry for over 15 years and I can tell you that if all they are using is the RFID tag's ID number and a) not using a read/write tag to roll some form of cypher or b) not using an ANSI or ISO chip (ie if they are using a standard based chip = cheap readers) then it will take next to nothing to break. Moore's law applies - expensive today, dirt cheap in a week!

Some h/w some s/w and a gain antenna (remember you can be a LOT further way to just listen than communicate) and someone could park out like the days of old with the fixed ID remotes.

There is a VERY good reason the WLAN world moved to things like WPA with it's temporal keys - anything fixed is just too simple to break

Don't forget about EZPass too. 2005 will likely be the "Year of RFID". There are an unlimited number of applications for this technology.
I certainly agree with you there. Within the next 10 years, when you go to a library to look for a book, the catalog will tell you which table the last person set it on and that it will be reshelved in aproximately x minutes. Libraries are really excited about the potential for statistical information about usage that will come about with RFID. As it is, most libraries have no idea which texts are being used in-house and which aren't. That's important info to have when maintaining a valuable collection. Having patrons simply walk out with their RFID library card and whatever books they're checking out is a bonus as well.

I certainly agree with you there. Within the next 10 years, when you go to a library to look for a book, the catalog will tell you which table the last person set it on and that it will be reshelved in aproximately x minutes. Libraries are really excited about the potential for statistical information about usage that will come about with RFID. As it is, most libraries have no idea which texts are being used in-house and which aren't. That's important info to have when maintaining a valuable collection. Having patrons simply walk out with their RFID library card and whatever books they're checking out is a bonus as well.

It's a nice idea with lots of upsides (and one that has been talked about for a long time - like the last 10 years - Blockbuster even had a self-check system designed for them 4 years ago - never went anywhere for reasons I will explain) but.......

The problem currently still remains that even with what WalMart is doing (which is only Pallet level NOT item level as some press would have you believe) the unit cost for a tag is too large (like 40 cents)- with a medium library of say 100K titles, it is going cost them nearly $40K for just the tags and the labor to apply all those labels and code them with the ISBN/id numbers is many MANY times that.

Take a large library like a university one that potentially has over a million titles.........too many $$$$$$ to even think of doing it.

And we haven't talked about the h/w needed to read the tags yet.....

It boils down to the fact that at present (and for at least a good number of years yet) the trade off needing to be reading many tags at the same time (smarter tag needed) vs where in the book to put it (RF losses to point of not reading) vs a tag adhesive that is asset grade vs the cost of the tags is going to be order of magnitudes more $ than a simple label.

[lecture off] - :lol: sorry but I have been playing with TI/Indala/Motorola/Intermec RFID tags for more than 10 years - seen many of the same apps come up time and again....

The problem currently still remains that even with what WalMart is doing (which is only Pallet level NOT item level as some press would have you believe) the unit cost for a tag is too large (like 40 cents)- with a medium library of say 100K titles, it is going cost them nearly $40K for just the tags and the labor to apply all those labels and code them with the ISBN/id numbers is many MANY times that.

The University of Pittsburgh's RFID solution will only cost between 5 and 9 cents per tag upon introduction, and is being targeted toward smaller businesses. Also, unlike other RFID solutions, the PENI tag has the ability to be permantently disabled, significantly reducing the possibility of cloning similar to what was mentioned in the original post. For example, when a customer leaves a store with an expensive item, an antenna will send a "self destruct" signal to the RFID tag. Since the tag no longer works, it cannot be cloned outside of the store.

I would assume that the immobilizer keys found in cars will become programmable by the car's transmitter, and the codes will be dynamic. That is, each time you start the car, the code in the key is changed and synchronized. Somebody would have to follow you for a long time in order to crack a dynamic code pattern.

It's the beast! Run for your life! Soon they will be implanted in our wrists. Millions of doomsday folks will freak out. Cars will be stolen. Mass consumption will become hyper-efficient. The government will know where we are and what we buy. It's the end times, I'm telling you. Get your guns, run for the hills and only pay for things with cash. Only then will you be safe from the BEAST (internet + RFID + GPS + big brother + TV + ...)

;)

PENI is still not a real technology yet

been around since 2002 and VERY little said since it's initial splash

I suspect that if anything at all some of the design technology (on the power side) might get made but I suspect their protocols are DOA

You can't beat theives. It's simply not possible. The best you can hope for is discouraging the less skilled attempts. If someone wants your car bad enough, there's nothing you are going to be able to do to stop them from taking it.

Here we go again with "thieves are Gods and have infinite dexterity, intelligence and immortality points". “Thieves can look at you and control your mind”, “Thieves can steal your kiddies and sell them in India before you finish taking a leak”... :rolleyes:

Here we go again with "thieves are Gods and have infinite dexterity, intelligence and immortality points". “Thieves can look at you and control your mind”, “Thieves can steal your kiddies and sell them in India before you finish taking a leak”... :rolleyes:

Unless you are willing to sit outside your car with a shotgun whenever you aren't driving it, they don't need all those abilities. It takes less than ten minutes to load a car up on a flatbed.

Unless you are willing to sit outside your car with a shotgun whenever you aren't driving it, they don't need all those abilities. It takes less than ten minutes to load a car up on a flatbed.
What if you are parked longitudinally between cars?
Or what about if your car is outfitted with air suspension that lowers the car to lay on the ground when you park? I mean seriously a helicopter with an electromagnet can fly your car away but what % of thieves use tow trucks?

What if you are parked longitudinally between cars?
Or what about if your car is outfitted with air suspension that lowers the car to lay on the ground when you park? I mean seriously a helicopter with an electromagnet can fly your car away but what % of thieves use tow trucks?

Longitudinally is not a problem. You only have to put the car on dollies and you can move it however you want. Air suspension isn't a huge problem either as all it would take is a LITTLE bit of leverage to get the car up high enough to get a jack under there and dolly the wheels. How do you think repo people do it? Besides, you can't park those ways all the time, if your specific car is a target, they will wait until they get a chance.

Serious thieves will use a tow truck. The point is, if someone wants your car bad enough, they will find a way to get it. An RFID immobilizer was never a good deterrent of theft for more serious thieves as it only immobilizes the engine. Someone who would be willing to use an elaborate means to trick an RFID tag is serious enough to just tow the car.

There are two classes of car thieves. Thieves that want to use the car and thieves that want the actual car. The first are what you can most easily guard against as they will just move on to another car if yours is too hard. They are also not the premeditated type The second isn't as easy because there is a reason why your car is valued above another. The more valued it is to them, the less likely they will move on to another target. These thefts are premeditated and planned out, some even after weeks of watching.

Unfortunately, due to the zero margin nature of the car theft business, it doesn't take much to make a specific car more valued over another.