RFID Journal Editor Mark Roberti's Blog
Academic Navel Gazing Continues
August 12, 2010
Researchers at the department of computer science and engineering at the University of South Carolina in Columbia, have published a paper, “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study,” that claims security flaws in radio frequency identification tire sensors could expose drivers to the threat of being tracked, because cars can be identified by capturing the ID in the sensor. I don’t know the students who wrote this paper, but they strike me as smart people who are incapable of thinking.
I’ll explain why this paper is absurd in a moment, but first lets take a look at what the paper says. The abstract points out that tire pressure monitoring systems represent one of the first, if not the first, in-car wireless networks mandated for every new automobile. They say the security and privacy implications of such in-car wireless sensor networks are not fully understood, so they decided to evaluate the privacy and security implications of two tire pressure monitoring systems using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system.
The researchers found that the sensor messages can be sniffed and decoded from up to 40 meters (120 feet) from a passing vehicle with a basic low-noise amplifier and the openly available GNU radio platform (a GNU radio is comprised of hardware and software and can be used for intercepting radio signals).
The researchers write: “This raises location privacy risks because vehicles could potentially be tracked through these identifiers and drivers do not have any option to disable the system. Furthermore, current protocols do not employ authentication mechanisms and vehicle implementation do not appear to perform basic input validation or filtering of messages. This allows straightforward spoofing of sensor messages. One of our experiments demonstrates this by triggering the tire pressure warning message in a moving vehicle through a spoofed message from another nearby vehicle.”
Folks, be warned. You are in eminent danger of having someone trigger a false pressure-warning message when your tires are properly inflated. This could become a major problem in cities around the world. Imagine the mayhem when driver after driver is forced to pull over and look at their tires, only to discover they are properly inflated. Chaos!
The privacy implications they talk about are no less ridiculous. They claim that someone with sophisticated knowledge of RF systems could set up a GNU radio alongside a road and identify cars and sniff out the IDs in the sensors in the tire pressure sensors. Why would anyone do this? The paper doesn’t say. It only says: “If the sensor IDs were captured at certain roadside tracking points and stored in databases, third parties could infer or proof [sic] that the driver has visited potentially sensitive locations such as medical clinics, political meetings, or nightclubs.”
Actually, that is false. If the senor IDs were captured and stored in a database, it wouldn’t prove anything. In order to prove that a specific driver was in a specific location, you would have to link a specific sensor to a specific car and then link that specific car to a specific driver.
I don’t know if vehicle makers keep track of which sensor with a specific ID got put into a specific car. If they don’t, then the only real threat would be if the person sniffing found another way to link a specific sensor to a specific car and driver (by, say, walking up and asking to see ID). But even if the auto companies do store information on which sensor went into which car, you would still need to know who owns that car.
So if I were a criminal or a policeman sitting on the roadside sniffing IDs in sensors, I would need to get into the carmaker’s database to find out the vehicle identification number (VIN) of the car that specific sensor went into. Then, I would need to access either the database of the dealer that sold the car or the department of motor vehicles to find out who bought or registered the car.
This would be difficult for a criminal to do. But I know that there are people who are paranoid about Big Brother governments watching their every move. Government agents who are hell bent on tracking you could certainly gain access to car company and motor vehicle department databases, right? Yeah, probably. But here is an important fact that the researchers seem to have overlooked—THERE IS AN IDENTIFYING SERIAL NUMBER ON THE FRONT AND BACK OF EVERY CAR.
That’s right, every car has a license plate. And if you are a government agent who wants to play Big Brother, you could either have a guy with binoculars read license plate from 100 meters or more, or you could photograph plates and look up the owner in the department of motor vehicles. That gets around the nettlesome problem of trying to match the sniffed sensor ID to the VIN. So the researchers have discovered a much more difficult way of identifying cars than already exists. I wonder if the University of South Carolina would give me a Ph.D. if I came up with, say, a really elaborate way of identifying prisoners with serial numbers on their prison garb.
OK, I’m being a little hard on these guys. Academics researchers do the world a valuable service by exploring the security vulnerabilities of RFID and wireless sensors, when there is a real threat. And there could be a time where unsecured wireless vehicle networks involve a real threat. If the use of these expands and the networks are not secured, perhaps criminals could use the researchers’ technique to disable the steering in a car, or terrorists could use it to disable an airplane engine in flight. But by putting their research in the context of an invasion of privacy using RFID today, they are hurting the RFID industry, because bloggers and privacy advocates will use their paper to justify their opposition to RFID. This does no one any good.
Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark's opinions, visit the RFID Journal Blog or click here.
POST A COMMENT
A Conversation with a Hotel Poacher
Posted on: 1/13/2016
The RFID Marketer's Mindset
Posted on: 3/5/2015
What RFID Solution Providers Should Do
Posted on: 3/4/2015
Be a Trusted Advisor for Attendees at LIVE! 2014
Posted on: 3/25/2014
What CEOs of RFID Companies Need to Know
Posted on: 12/18/2012
Tools for UHF Deployments
Posted on: 11/13/2012
RFID Journal Publishes Article No. 10,000
Posted on: 11/6/2012
Where to Find Good RFID Leads
Posted on: 9/27/2012
Talk to End Users About Their Business Problems
Posted on: 4/2/2012
RFID for a Good Cause
Posted on: 3/23/2012
About That Untapped Pool of Customers
Posted on: 3/15/2012
Hello! I'm Ready to Buy an RFID Solution
Posted on: 3/13/2012
Is There an Untapped Pool of RFID Customers Somewhere?
Posted on: 3/12/2012
How Small Companies Can Market RFID Successfully
Posted on: 3/9/2012
5 Common Mistakes Made by RFID Marketers
Posted on: 2/29/2012
Veterans Health Administration Seeks RTLS Experts
Posted on: 1/28/2011
How Do You Value Information?
Posted on: 11/17/2010
Maximizing Exhibitor ROI at RFID Journal LIVE! 2011
Posted on: 11/16/2010
RFID Could Reduce Return Fraud—a $14 Billion Problem
Posted on: 11/9/2010
Seeking Judges for the RFID Journal Awards
Posted on: 11/8/2010
Hong Kong RFID Awards 2010 Announced
Posted on: 10/20/2010
Some Positive Coverage of RFID
Posted on: 10/19/2010
More Musings on Moore
Posted on: 9/23/2010
More Free Advice for RFID Vendors
Posted on: 9/22/2010
Free Advice for RFID Vendors
Posted on: 9/21/2010
Inside an RFID Industry Roundtable
Posted on: 9/17/2010
Wal-Mart's President Says EPC RFID Strategy Is Working
Posted on: 9/16/2010
Are RFID-Enabled Credit Cards Safer Than Magstripe Cards?
Posted on: 9/15/2010
Technology Predictions Aren't Always Accurate
Posted on: 9/14/2010
Should We Be Tracking Kids With RFID?
Posted on: 9/13/2010
Internet of Things Event in Tokyo
Posted on: 9/8/2010
The Future is Not Inevitably Bleak
Posted on: 9/7/2010
The RFID Privacy Conundrum
Posted on: 8/27/2010
Using RFID to Improve Online Availability
Posted on: 8/26/2010
Coca-Cola Event Exploits RFID on Facebook
Posted on: 8/25/2010
Awarepoint's Big RTLS Music Video Contest
Posted on: 8/24/2010
PBS NewsHour Responds to RFID Journal
Posted on: 8/19/2010
PBS NewsHour Misinforms Viewers on RFID
Posted on: 8/16/2010
Posted on: 8/12/2010
A Privacy Expert’s Misguided View of RFID
Posted on: 8/11/2010
Please Contribute to the Sinclair Laing Memorial Scholarship Fund
Posted on: 8/9/2010
Using RFID to Solve Postal Address Problems
Posted on: 8/6/2010
BNET Blogger Spreads False Info About Wal-Mart and Privacy
Posted on: 8/5/2010
RFID Not at Fault in Passport Test
Posted on: 8/2/2010
Why Isn't Wal-Mart Killing the Tags?
Posted on: 7/27/2010
Privacy Nonsense Sweeps the Internet
Posted on: 7/26/2010
Thank You, Bill Hardgrave
Posted on: 7/9/2010
Staff Spread Too Thin? RFID Can Help
Posted on: 6/22/2010
ABC Eyewitness News Presents Selective Facts About RFID Credit Cards
Posted on: 5/28/2010
Presentations now available
Posted on: 5/6/2010
Do You Want to Be an RFID Gorilla?
Posted on: 4/2/2010
Why Contextual Marketing Works
Posted on: 3/30/2010
Would Geoffrey Moore Validate Your Business Model?
Posted on: 3/17/2010
The Biggest Mistakes Vendors Make at Trade Shows
Posted on: 3/9/2010
The Biggest Mistakes RFID Marketers Make
Posted on: 2/28/2010
When Will RFID Become a Mainstream Technology?
Posted on: 2/23/2010
Build the Whole RFID Solution
Posted on: 2/18/2010
RFID Deployments Rarely Start in the C-suite
Posted on: 2/12/2010
Be wary of hotel solicitations
Posted on: 2/7/2010
Posted on: 2/5/2010
Welcome to the all new RFID Connect
Posted on: 1/26/2010
Founder and Editor
Add them to my Contact List
Recommend this blog
Mark Roberti is the founder and editor of RFID Journal. His blog focuses on all aspects of radio frequency identification and related technologies.
Latest Blog Posts
Your luggage isn't lost - its just somewhere inconvenient
Advantages of using RFID in Apparel & Footwear Industry
How RFID sensor software differs from ‘standard’ RFID software
Power to the people, une soirée avec Jeremy Rifkin
SML Clarity 3.x Retail Software Platform Selected as Finalist for RFID Journal LIVE! Best New Product Award