RFID Journal Editor Mark Roberti's Blog

Academic Navel Gazing Continues

August 12, 2010

Researchers at the department of computer science and engineering at the University of South Carolina in Columbia, have published a paper, “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study,” that claims security flaws in radio frequency identification tire sensors could expose drivers to the threat of being tracked, because cars can be identified by capturing the ID in the sensor. I don’t know the students who wrote this paper, but they strike me as smart people who are incapable of thinking. 

I’ll explain why this paper is absurd in a moment, but first lets take a look at what the paper says. The abstract points out that tire pressure monitoring systems represent one of the first, if not the first, in-car wireless networks mandated for every new automobile. They say the security and privacy implications of such in-car wireless sensor networks are not fully understood, so they decided to evaluate the privacy and security implications of two tire pressure monitoring systems using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system. 

The researchers found that the sensor messages can be sniffed and decoded from up to 40 meters (120 feet) from a passing vehicle with a basic low-noise amplifier and the openly available GNU radio platform (a GNU radio is comprised of hardware and software and can be used for intercepting radio signals). 

The researchers write: “This raises location privacy risks because vehicles could potentially be tracked through these identifiers and drivers do not have any option to disable the system. Furthermore, current protocols do not employ authentication mechanisms and vehicle implementation do not appear to perform basic input validation or filtering of messages. This allows straightforward spoofing of sensor messages. One of our experiments demonstrates this by triggering the tire pressure warning message in a moving vehicle through a spoofed message from another nearby vehicle.” 

Folks, be warned. You are in eminent danger of having someone trigger a false pressure-warning message when your tires are properly inflated. This could become a major problem in cities around the world. Imagine the mayhem when driver after driver is forced to pull over and look at their tires, only to discover they are properly inflated. Chaos! 

The privacy implications they talk about are no less ridiculous. They claim that someone with sophisticated knowledge of RF systems could set up a GNU radio alongside a road and identify cars and sniff out the IDs in the sensors in the tire pressure sensors. Why would anyone do this? The paper doesn’t say. It only says: “If the sensor IDs were captured at certain roadside tracking points and stored in databases, third parties could infer or proof [sic] that the driver has visited potentially sensitive locations such as medical clinics, political meetings, or nightclubs.” 

Actually, that is false. If the senor IDs were captured and stored in a database, it wouldn’t prove anything. In order to prove that a specific driver was in a specific location, you would have to link a specific sensor to a specific car and then link that specific car to a specific driver. 

I don’t know if vehicle makers keep track of which sensor with a specific ID got put into a specific car. If they don’t, then the only real threat would be if the person sniffing found another way to link a specific sensor to a specific car and driver (by, say, walking up and asking to see ID). But even if the auto companies do store information on which sensor went into which car, you would still need to know who owns that car. 

So if I were a criminal or a policeman sitting on the roadside sniffing IDs in sensors, I would need to get into the carmaker’s database to find out the vehicle identification number (VIN) of the car that specific sensor went into. Then, I would need to access either the database of the dealer that sold the car or the department of motor vehicles to find out who bought or registered the car. 

This would be difficult for a criminal to do. But I know that there are people who are paranoid about Big Brother governments watching their every move. Government agents who are hell bent on tracking you could certainly gain access to car company and motor vehicle department databases, right? Yeah, probably. But here is an important fact that the researchers seem to have overlooked—THERE IS AN IDENTIFYING SERIAL NUMBER ON THE FRONT AND BACK OF EVERY CAR. 

That’s right, every car has a license plate. And if you are a government agent who wants to play Big Brother, you could either have a guy with binoculars read license plate from 100 meters or more, or you could photograph plates and look up the owner in the department of motor vehicles. That gets around the nettlesome problem of trying to match the sniffed sensor ID to the VIN. So the researchers have discovered a much more difficult way of identifying cars than already exists. I wonder if the University of South Carolina would give me a Ph.D. if I came up with, say, a really elaborate way of identifying prisoners with serial numbers on their prison garb. 

OK, I’m being a little hard on these guys. Academics researchers do the world a valuable service by exploring the security vulnerabilities of RFID and wireless sensors, when there is a real threat. And there could be a time where unsecured wireless vehicle networks involve a real threat. If the use of these expands and the networks are not secured, perhaps criminals could use the researchers’ technique to disable the steering in a car, or terrorists could use it to disable an airplane engine in flight. But by putting their research in the context of an invasion of privacy using RFID today, they are hurting the RFID industry, because bloggers and privacy advocates will use their paper to justify their opposition to RFID. This does no one any good. 

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark's opinions, visit the RFID Journal Blog or click here. 


No comments for this blog post, be the first to write a comment – click here

A Conversation with a Hotel Poacher

Posted on: 1/13/2016

The RFID Marketer's Mindset

Posted on: 3/5/2015

What RFID Solution Providers Should Do

Posted on: 3/4/2015

Be a Trusted Advisor for Attendees at LIVE! 2014

Posted on: 3/25/2014

What CEOs of RFID Companies Need to Know

Posted on: 12/18/2012

Tools for UHF Deployments

Posted on: 11/13/2012

RFID Journal Publishes Article No. 10,000

Posted on: 11/6/2012

Where to Find Good RFID Leads

Posted on: 9/27/2012

Talk to End Users About Their Business Problems

Posted on: 4/2/2012

RFID for a Good Cause

Posted on: 3/23/2012

About That Untapped Pool of Customers

Posted on: 3/15/2012

Hello! I'm Ready to Buy an RFID Solution

Posted on: 3/13/2012

Is There an Untapped Pool of RFID Customers Somewhere?

Posted on: 3/12/2012

How Small Companies Can Market RFID Successfully

Posted on: 3/9/2012

5 Common Mistakes Made by RFID Marketers

Posted on: 2/29/2012

Veterans Health Administration Seeks RTLS Experts

Posted on: 1/28/2011

How Do You Value Information?

Posted on: 11/17/2010

Maximizing Exhibitor ROI at RFID Journal LIVE! 2011

Posted on: 11/16/2010

RFID Could Reduce Return Fraud—a $14 Billion Problem

Posted on: 11/9/2010

Seeking Judges for the RFID Journal Awards

Posted on: 11/8/2010

Hong Kong RFID Awards 2010 Announced

Posted on: 10/20/2010

Some Positive Coverage of RFID

Posted on: 10/19/2010

More Musings on Moore

Posted on: 9/23/2010

More Free Advice for RFID Vendors

Posted on: 9/22/2010

Free Advice for RFID Vendors

Posted on: 9/21/2010

Inside an RFID Industry Roundtable

Posted on: 9/17/2010

Wal-Mart's President Says EPC RFID Strategy Is Working

Posted on: 9/16/2010

Are RFID-Enabled Credit Cards Safer Than Magstripe Cards?

Posted on: 9/15/2010

Technology Predictions Aren't Always Accurate

Posted on: 9/14/2010

Should We Be Tracking Kids With RFID?

Posted on: 9/13/2010

Internet of Things Event in Tokyo

Posted on: 9/8/2010

The Future is Not Inevitably Bleak

Posted on: 9/7/2010

The RFID Privacy Conundrum

Posted on: 8/27/2010

Using RFID to Improve Online Availability

Posted on: 8/26/2010

Coca-Cola Event Exploits RFID on Facebook

Posted on: 8/25/2010

Awarepoint's Big RTLS Music Video Contest

Posted on: 8/24/2010

PBS NewsHour Responds to RFID Journal

Posted on: 8/19/2010

PBS NewsHour Misinforms Viewers on RFID

Posted on: 8/16/2010

Academic Navel Gazing Continues

Posted on: 8/12/2010

A Privacy Expert’s Misguided View of RFID

Posted on: 8/11/2010

Please Contribute to the Sinclair Laing Memorial Scholarship Fund

Posted on: 8/9/2010

Using RFID to Solve Postal Address Problems

Posted on: 8/6/2010

BNET Blogger Spreads False Info About Wal-Mart and Privacy

Posted on: 8/5/2010

RFID Not at Fault in Passport Test

Posted on: 8/2/2010

Why Isn't Wal-Mart Killing the Tags?

Posted on: 7/27/2010

Privacy Nonsense Sweeps the Internet

Posted on: 7/26/2010

Thank You, Bill Hardgrave

Posted on: 7/9/2010

Staff Spread Too Thin? RFID Can Help

Posted on: 6/22/2010

ABC Eyewitness News Presents Selective Facts About RFID Credit Cards

Posted on: 5/28/2010

Presentations now available

Posted on: 5/6/2010

Do You Want to Be an RFID Gorilla?

Posted on: 4/2/2010

Why Contextual Marketing Works

Posted on: 3/30/2010

Would Geoffrey Moore Validate Your Business Model?

Posted on: 3/17/2010

The Biggest Mistakes Vendors Make at Trade Shows

Posted on: 3/9/2010

The Biggest Mistakes RFID Marketers Make

Posted on: 2/28/2010

When Will RFID Become a Mainstream Technology?

Posted on: 2/23/2010

Build the Whole RFID Solution

Posted on: 2/18/2010

RFID Deployments Rarely Start in the C-suite

Posted on: 2/12/2010

Be wary of hotel solicitations

Posted on: 2/7/2010

Start Blogging

Posted on: 2/5/2010

Welcome to the all new RFID Connect

Posted on: 1/26/2010