New RFID security threat: snooping tagged boxes loaded on trucks
By
John Cox
,
Network World
, 06/26/2007
- Share/Email
- Tweet This
- Print
Two vendors have demonstrated that it’s easy to wirelessly sniff information from the RFID tags on cases and pallets in big
rig trucks.
Forbes.com is reporting researchers from PacketFocus Security Solutions and Atlas RFID Solutions used standard tag readers and antennas to read the
electronic product code (EPC) labels on boxes loaded into an 18-wheel tractor-trailer rented from a local freight company.
They ran the penetration test from outside the truck to learn what information could be pulled from the tags, which eventually
will replace the ubiquitous bar codes used today.
It’s the latest blow to rapidly spreading RFID technology, which got its initial boost as a bar code replacement in retail
products but is spreading to wide array of new applications, from automatic vehicle toll collection to accessing medical records.
About a year ago, a research team reported they had infected RFID tags with malware by exploiting problematic code from RFID vendors. John Hopkins researchers are in the second year of a four-year project
to create a software security framework for RFID nets.
EPC tags enable each item to be uniquely identified, making it much easier to see where tagged items are in the supply chain,
and more accurately judge supply to meet demand. In a passive RFID system, wireless scanners, or readers, emit radio energy
that activates the tag, causing it to send back its unique identifying number and any other data associated with it. In active
RFID systems, the tag has its own radio and a battery to power it.
The test by PacketFocus and Atlas showed that this information can be sniffed by an attacker using readily available equipment,
according to the Forbes.com story. A rival or a criminal could read the EPC codes to learn what is shipping, how often and
when.
PacketFocus Hacking Director Joshua Perrymon was quoted as saying that an attacker could write to the EPC tags, changing or
disabling them if they are not adequately protected via authorization frameworks and passwords.
The next step, Perrymon said, is to test whether a car can cruise alongside or behind a moving truck and still read the tags.
The one issue the story doesn’t address is the range involved in the scanning attack. Radio ranges hinge on the frequency
band, the radio power and the sensitivity of the antenna.
Comment