RFID = vulnerable

RFID, short for radio frequency identification, is becoming the de facto identification mechanism recently. There is no need for line-of-sight, can be embedded as passive emitters (no onboard battery), and can be small enough to be implanted into the human skin.

However, like the early Internet stages, security was not a concern and was not considered in its design. This leads to problems especially when many RFID are used in security areas such as building passes and passports. Other uses include tracking shipment, retail stores, library books. The tags may store credit information, which can be used in gaming centers, public transport, petrol stations and toll gates.

Data on an RFID can be easily tapped by a scanner. They are usually unencrypted AND unlocked, meaning they can be read in clear and even overwritten. People have tried tapping a hotel keycard and transferring the information onto a cream cheese (retail food product) with an RFID tag. He then used the cheese to open his hotel door!

Building passes can also be scanned by just walking past the person who keeps the pass in his wallet or bag. The signal can be re-emitted at the building door to gain access easily. Walking along a shelf of library books using an emitter can potentially erase all information in those tags if they are left unlocked. Free gas top-ups are possible and are tried and tested.

I wonder if our EZLink, ERP, NLB, and building passes in Singapore have the same security issues…

http://www.wired.com/wired/archive/14.05/rfid.html

Leave a Reply