Thoughts on EZ Pass / Speedpass

by lowtec

Thoughts on EZ Pass / Speedpass

Radio Frequency Identification (RFID) is a relatively new and largely unexplored technology. RFID technology is already in widespread use, some examples are: Exxon speedpass, EZPass for tollways, wireless smartcards and other wireless cards, secure car ignitions, and less common 'smart shelves'.

How does it work?

RFID operates in a number of unlicensed frequency bands worldwide, with 125 KHz and 13.56 MHz the most common. The 13.56-MHz tags hold as much as 2,000 bits of data, or roughly 30 times the information of 125-KHz tags. Low-frequency (30 KHz to 500 KHz) systems have short reading ranges and lower system costs. They are most commonly used in security access, asset tracking, and animal identification applications. High-frequency (850 MHz to 950 MHz and 2.4 GHz to 2.5 GHz) systems, offering long read ranges (greater than 90 feet) and high reading speeds, are used for such applications as railroad car tracking and automated toll collection. However, the higher performance of high-frequency RFID systems incurs higher system costs.

Short range, low-frequency tags are powered by a magnetic field when held up to the reader (It's basic physics - The tag contains a coil of wire which, when moved through a magnetic field generates an electric current). The longer range, higher frequency tags usually contain batteries which usually last 3-5 years. RFID tags are transponders; they recieve and transmit.

Although the majority of RFID tags are write-once/read-only, others offer read/write capability and could, for example, allow origin and destination data embedded in a shipping container's tag to be rewritten if the container is rerouted. The data store on a 13.56-MHz tag is large enough to contain routing information for the shipping container and a detailed inventory of the products inside.

As mentioned earlier, some stores have started using RFID tags on their products to track inventory and prevent theft. These tags are supposed to be deactivated after a sale is completed, but may not always be. If a tag was left in your clothes, it could be read by other readers and used to determine your identity. If we're not careful we could have something very similar to the Minority Report going on. As RFID tags get smaller and smaller they will be almost impossible to locate in something you have purchased. Europe plans to embed RFID tags in every piece of paper currency by the year 2005.

Many modern cars use RFID tags embedded in the key to determine if the car is being stolen. If not present the car will not start. RFID tags are susceptible to interference, and when in close proximity with a Mitsubishi SUV an Exxon speedpass would not let the vehicle start. If a car owner wants to get a new key for their car, they must go to their dealer and buy the special key with the embedded RFID tag, and follow the directions in their manual for programming the key. Usually the car will require two other valid keys in order to program a new key, otherwise your dealer will have to work his magic.

Security

In the Speedpass system a credit card is linked to your tag, but your credit card number is only referenced by an identifier on the tag, so no actual credit card numbers are processed on the system. This is a good safeguard but it doesn't prevent lost or stolen tags from working as no PIN numbers are required for operation. Typically if a tag is lost or stolen it must be reported to be deactivated.

It is questionable whether or not an RFID transaction could be 'sniffed' and replayed or whether a tag could be copied without opening it up to gain access to the memory. If this is possible then leaving your EZPass glued to your windshield, where anyone could read your key might not be a good idea. Depending on the implementation of the system, it may or may not be secure.

This is a brief description of an Exxon speed pass transaction: A gas-pump-based reader interrogates the key-fob SpeedPass (which contains a chip and an antenna) waved inches from the pump, obtains its identifier, passes that on via a Very Small Aperture Terminal (VSAT) network to a back-end system for credit approval and then turns on the pump, all in seconds.

Read range is another concern with security, because systems are designed not to cause interference and ignore weak signals it is possible to build a sensitive reader which would amplify weak signals.

RFID technology is another interesting technology, but it requires careful implementation in order for it to be secure and protect individuals’ privacy.

Links

Optimizing RFID Read Range:
http://www.e-insite.net/ednmag/contents/images/84480.pdf

Exxon Mobil Speed Pass:
http://www.speedpass.com or 1-87-SPEEDPASS (1-877-733-3727)
Request 4 free tags today! (requires valid credit card)

RFID Basics:
http://www.aimglobal.org/technologies/rfid/resources/papers/rfid _basics_primer.htm

©2006 DIG Magazine || Terms
DIG Magazine: #1

Into the Underground
Into the Underground
by lowtec
Explorations in Connected Technologies
Explorations in Connected Technologies
by Astral
An Analysis of Smartcards
An Analysis of Smartcards
by lowtec
Thoughts on EZ Pass / Speedpass
Thoughts on EZ Pass / Speedpass
by lowtec
Explicit Anarchy
Explicit Anarchy
by Dreg Nihilist
Stunning Snacks
Stunning Snacks
by lowtec
Scan of 1-800-326-XXXX
Scan of 1-800-326-XXXX
by NO CARRIER
Buffer Overflow Challenge
Buffer Overflow Challenge
by matrix
Conscience of a Hacker
Conscience of a Hacker
by the Mentor
DIG #1