Academic Navel Gazing Continues

Another study unearths a potential security problem with RFID that could expose people to a nonexistent threat.
Published: August 30, 2010

Researchers at the department of computer science and engineering at the University of South Carolina in Columbia, have published a paper, “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study,” that claims security flaws in radio frequency identification tire sensors could expose drivers to the threat of being tracked, because cars can be identified by capturing the ID in the sensor. I don’t know the students who wrote this paper, but they strike me as smart people who are incapable of thinking.

I’ll explain why this paper is absurd in a moment, but first lets take a look at what the paper says. The abstract points out that tire pressure monitoring systems represent one of the first, if not the first, in-car wireless networks mandated for every new automobile. They say the security and privacy implications of such in-car wireless sensor networks are not fully understood, so they decided to evaluate the privacy and security implications of two tire pressure monitoring systems using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system.

The researchers found that the sensor messages can be sniffed and decoded from up to 40 meters (120 feet) from a passing vehicle with a basic low-noise amplifier and the openly available GNU radio platform (a GNU radio is comprised of hardware and software and can be used for intercepting radio signals).

The researchers write: “This raises location privacy risks because vehicles could potentially be tracked through these identifiers and drivers do not have any option to disable the system. Furthermore, current protocols do not employ authentication mechanisms and vehicle implementation do not appear to perform basic input validation or filtering of messages. This allows straightforward spoofing of sensor messages. One of our experiments demonstrates this by triggering the tire pressure warning message in a moving vehicle through a spoofed message from another nearby vehicle.”

Folks, be warned. You are in eminent danger of having someone trigger a false pressure-warning message when your tires are properly inflated. This could become a major problem in cities around the world. Imagine the mayhem when driver after driver is forced to pull over and look at their tires, only to discover they are properly inflated. Chaos!

The privacy implications they talk about are no less ridiculous. They claim that someone with sophisticated knowledge of RF systems could set up a GNU radio alongside a road and identify cars and sniff out the IDs in the sensors in the tire pressure sensors. Why would anyone do this? The paper doesn’t say. It only says: “If the sensor IDs were captured at certain roadside tracking points and stored in databases, third parties could infer or proof [sic] that the driver has visited potentially sensitive locations such as medical clinics, political meetings, or nightclubs.”

Actually, that is false. If the senor IDs were captured and stored in a database, it wouldn’t prove anything. In order to prove that a specific driver was in a specific location, you would have to link a specific sensor to a specific car and then link that specific car to a specific driver.

I don’t know if vehicle makers keep track of which sensor with a specific ID got put into a specific car. If they don’t, then the only real threat would be if the person sniffing found another way to link a specific sensor to a specific car and driver (by, say, walking up and asking to see ID). But even if the auto companies do store information on which sensor went into which car, you would still need to know who owns that car.

So if I were a criminal or a policeman sitting on the roadside sniffing IDs in sensors, I would need to get into the carmaker’s database to find out the vehicle identification number (VIN) of the car that specific sensor went into. Then, I would need to access either the database of the dealer that sold the car or the department of motor vehicles to find out who bought or registered the car.

This would be difficult for a criminal to do. But I know that there are people who are paranoid about Big Brother governments watching their every move. Government agents who are hell bent on tracking you could certainly gain access to car company and motor vehicle department databases, right? Yeah, probably. But here is an important fact that the researchers seem to have overlooked—THERE IS AN IDENTIFYING SERIAL NUMBER ON THE FRONT AND BACK OF EVERY CAR.

That’s right, every car has a license plate. And if you are a government agent who wants to play Big Brother, you could either have a guy with binoculars read license plate from 100 meters or more, or you could photograph plates and look up the owner in the department of motor vehicles. That gets around the nettlesome problem of trying to match the sniffed sensor ID to the VIN. So the researchers have discovered a much more difficult way of identifying cars than already exists. I wonder if the University of South Carolina would give me a Ph.D. if I came up with, say, a really elaborate way of identifying prisoners with serial numbers on their prison garb.

OK, I’m being a little hard on these guys. Academics researchers do the world a valuable service by exploring the security vulnerabilities of RFID and wireless sensors, when there is a real threat. And there could be a time where unsecured wireless vehicle networks involve a real threat. If the use of these expands and the networks are not secured, perhaps criminals could use the researchers’ technique to disable the steering in a car, or terrorists could use it to disable an airplane engine in flight. But by putting their research in the context of an invasion of privacy using RFID today, they are hurting the RFID industry, because bloggers and privacy advocates will use their paper to justify their opposition to RFID. This does no one any good.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark’s opinions, visit the RFID Journal Blog or click here.