Group Demonstrates Security Hole in Oyster Card
10 March, 2008
Like many doing academic research on cryptography, Nohl looks for vulnerabilities in existing security systems in order to help build better systems in the future.
"In order to build more secure systems, you have to understand why previous systems failed," said David Evans, an associate professor of computer science in U.Va.'s School of Engineering and Applied Science, who is Nohl's adviser for his doctoral studies in computer security. "Analyzing systems and understanding how to break them gives you a lot of insight into how to build better systems."
Originally from Germany, Nohl and his two Germany-based partners presented their research at a conference in Berlin in December that demonstrated for the first time — publicly, at least — that the costs of breaking this wireless security are much lower than previously thought. How many malicious hackers have done so already, or will do so in the future, is anybody's guess.
The miniscule computer chips at issue are called RFIDs, short for "radio-frequency identification." They send and receive information over short distances (generally 10 feet or less) via very low-power radio waves.
RFIDs were first used commercially in the 1960s on a small scale, but as the costs of RFID tags have dropped precipitously over the past two decades, RFIDs have become widely deployed and there are now billions of them in use. Their use has grown exponentially since 2000, and some experts predict it will continue to grow explosively in the near future. RFIDs may one day effectively replace (or at least augment) the ubiquitous bar codes that currently identify all our products. In such uses, the information held on the RFID is often unencrypted.
"In order to build more secure systems, you have to understand why previous systems failed," said David Evans, an associate professor of computer science in U.Va.'s School of Engineering and Applied Science, who is Nohl's adviser for his doctoral studies in computer security. "Analyzing systems and understanding how to break them gives you a lot of insight into how to build better systems."
Originally from Germany, Nohl and his two Germany-based partners presented their research at a conference in Berlin in December that demonstrated for the first time — publicly, at least — that the costs of breaking this wireless security are much lower than previously thought. How many malicious hackers have done so already, or will do so in the future, is anybody's guess.
The miniscule computer chips at issue are called RFIDs, short for "radio-frequency identification." They send and receive information over short distances (generally 10 feet or less) via very low-power radio waves.
RFIDs were first used commercially in the 1960s on a small scale, but as the costs of RFID tags have dropped precipitously over the past two decades, RFIDs have become widely deployed and there are now billions of them in use. Their use has grown exponentially since 2000, and some experts predict it will continue to grow explosively in the near future. RFIDs may one day effectively replace (or at least augment) the ubiquitous bar codes that currently identify all our products. In such uses, the information held on the RFID is often unencrypted.
Recommended Articles
blog comments powered by Disqus
