Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

RFID holes create security concerns

Recent security glitches show RFID vulnerabilities
By Cara Garretson , Network World , 03/22/2007
  • Share/Email
  • Tweet This
  • Comment
  • Print

The recurring topic of RFID security flaws has been making headlines again lately. But unlike new e-mail viruses or Internet worms that demand the immediate attention of the IT department, this threat isn’t a front-burner security issue…at least not yet.

A few recent events have brought renewed attention to the fact that RFID is vulnerable. Earlier this month a security expert cracked one of the U.K.’s new biometric passports that use RFID to store personal information. Last month at the RSA Security `07 conference, a company called IOActive demonstrated an RFID cloner that can steal codes from building access cards. (IOActive was slated to show a similar demonstration at last month’s Black Hat security conference, but the session was quashed by a leading RFID card maker and generated more headlines regarding fairness and disclosure than the original demo would have.)

On the Offensive: The Power of Hosted Email Security: Download now

Add those events to headlines from the past year that the U.S. Department of State plans to issue passports with RFID chips containing personal information -- to which the American Civil Liberties Union has expressed vehement opposition because of the potential for exposed personal information – and reports that an RFID virus could be developed that make tags vulnerable, and suddenly the technology seems about as safe as sending confidential data over Web mail.

Yet, unlike Internet threats that could affect every person using the Web, RFID security holes are only truly dangerous if the information stored on these tags is valuable. In most enterprise applications of RFID today – many of which are still in their early phases – that’s not the case.

Related Content
The year in RFID threats
These headlines were among the revelations of RFID security weaknesses over the past year:year:
Security expert cracks RFID chip in U.K. passport — 3/6/07
A security expert has cracked one of the United Kingdom's new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration.
Lawmakers working to ban hacked RFID door cards — 2/28/07 U.S. lawmakers say the debate over use of similar RFID security technologies in the government space is far from over.
Battle brewing over RFID chip-hacking demo — 2/26/07
Secure card maker HID is objecting to a demonstration of a hacking tool at this week's Black Hat federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called proximity door access cards.
Industry group urges caution for RFID-enabled ID cards — 12/5/06
A government plan to use RFID chips in a proposed passport card program for U.S. citizens is drawing fire from some quarters.
Click to see: RFID threat timeline

Nutritional product maker Schiff Nutrition launched an RFID pilot about three months ago to tag cases and palates of supplements and energy bars with basic information – what the product is, where it was manufactured, and what kind of item it is. Security has not yet factored into the project, says Rod Farrimond, manager of business analysis, because that data alone isn’t valuable.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Comments (1)
Login
Forgot your account info?

RE: RFID holes create security concernsBy rfidglobal on August 28, 2007, 5:12 amOn the 30th of September this year, a new compliance directive will come into force from the Payment Card Industry (PCI) that will affect each and every business...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed