Has RFID Technology Become a Threat?

Who is the privacy freak that keeps finding things like this and the smart phone stuff?

I don't know, but I don't like everyone knowing my whereabouts or what purchases I made at the store.

We should remember that paranoids have real enemies, too.

Come to think of it, what in the possible world could the blog author mean by hacking an RFID chip? They don't say anything at all about this concept or anything else in the single opening sentence or the following brief question. I've written more than the blogger in this reply than the blogger has in this teaser. I'm beginning to think that the blogger needs to write an article for a trade magazine but they don't know where to start. So in complete acknowledgement that I maybe doing somebody else's work here's my ideas on hacking RFID made "out of whole cloth".

To speculate how or why one might want to hack an RFID chip, you have to know what an RFID chip is and how it works. A Radio Frequency IDentification chip is a means for a business to track inventory. There are two forms of RFID devices used today; passive and active. A passive device must be queried for a chip to identify itself. An active RFID device broadcasts its presence without input. To save power most active RFID devices periodically broadcast their signal. Both style devices have a limited range that they are effective in broadcasting their signals. There is little to no actual data value in the RFID device itself. All value can be found in the package the RFID is attached to and due to the low power transmission level that the RFID must be close to the receiving equipment. So the only hacking value to the chips will be to falsely represent their ID number. This maybe useful to have a package appear to be something that they are not. The problem for the hacker is that unless the RFID identity number already exists in a database, knowing the number is completely useless to anyone but that database. A hacker will find hacking the database much more rewarding than the ID tag itself. Now one might wish to temporarily fool a database where a known item exists but even in the best crime novel, this ploy easily falls apart when the RFID device properly arrives at a destination but the item does not. The few items valuable enough to warrant a one time RFID substitution will certainly have other security means in place.

While the largest consumer of RFID tags are clearly firms packaging items for sale at the retail level, there are many more uses of the technology.

MIFARE DESfire EV1 and MIFARE Classic are commonly found in larger access control systems. Even these fairly new and complicated proximity credentials can be cloned in as little as ten seconds, thus providing someone with an access credential with all priveleges of the one that had been cloned. This possibility of hacking a RFID access token, as you can imagine, can be troublesome for the physical access control of a facility. Consider this: Are there areas of your workplace where someone who is not a trusted employee would just LOVE to get into? What value would this compromised information be to, say PEPSICO™, if the information were the famous and closely guarded COCA-COLA™ recipe? There may be facilities with even larger, even more important secrets.

Of course employees can be considered a package. This un-personalized view of minions came when the Personnel Department became Human Resources. But one is hacking the database system by making RFID copies. One is not hacking the RFID itself. There are easy ways to track and deter this kind of copying activity, too. The easiest is multiple points of identification. The most effective is... well I'm not going to write anything that could get me in trouble. Maybe CR4 should be a little more scrutinized for trying to solicit methods for illegal activities.

"The easiest is multiple points of identification." Correct. Easiest, and fairly effective. And as you say, you are not hacking the RFID token or the system itself (as there are no changes to either), you are pilfering (cloning) the response of the token in an attempt to gain something. I don't know about tracking the illicit copying, but there are many ways to deter copies.

And I said "... an access credential with all priveleges of the one that had been cloned." The credential itself has no priveleges. In a weak access control system the presented credential alone provides access privelege (or computer access, or a lunch charge, or whatever). This can be fortified by.... _{discretion exercised by Doorman here, leaving some vacant spaces in the information.}

It is sort of disheartening to see all of the information available on the 'net about this sort of thing. However, there is a big difference between reading about it and building a... oops, just about let another cat out of the bag!

Good points, redfred. Thanks for the visit!

I believe they are thinking more of credit cards, cell phones that can pay bills and the like.

One would be wise to shield the signal even though it is weak.