RFID hacking

Annalee Newitz has written a must-read piece for Wired on RFID hacking. RFID tags (Radio Frenquency ID) are small chips with information stored in them, that can be attached to items (or people) and "read" at short distance with a scanner (I'm semplifying here, more details on Wikipedia's RFID article). They are becoming commonplace as replacements for barcodes on products or embedded in smart cards, payment cards, automatic toll collection systems, identity badges, ski passes and much more. I constantly carry three or four of them, and I'm sure most people in Europe and the US do the same - without even knowing it, for the chips are embedded in the "electronic key" that identifies them at the office, or in their bank card, etc. The new US passports will also include a RFID chip - and some humans are getting them implanted under the skin.

But how secure are these chips? Of course the answer is always "it depends" - on the type of the chip (some include encryption, others don't) and the specific implementation. Annalee's article however points out, with real examples, a number of worrysome vulnerabilities. She tells how it is possible to skim the "key" (data) contained in smartcard badges and create a duplicate; how the stored information can be tampered or deleted or overwritten (a researcher shows her how to change the info on tags identifying books in a library; another cuts and pastes the price information from a tag attached to a cheap wine bottle into that identifying an expensive one); how RFID chips used by car antitheft devices (and generally embedded in the rubbery end of the key) can be desabled; or how implantable chips (she got one in her arm for the sake of researching the article) are at risk of cloning.

[tags: RFID]