DefCon Chronicles: RFID spoofing
Melanie Rieback (whose academic advisor is Andrew Tanenbaum, yeah, that Andrew Tanenbaum) presented A Hacker’s Guide to RFID Spoofing and Jamming. Looking through her work, there’s also an interesting paper Is your car infected with a computer virus?
She mentioned RFID tracking of products, boxes, animals and even humans with the VeriChip product, which is apparently advocated by some exclusive clubs out there (no more standing in VIP line). A quote by Applied Digital CEO, where the company says they’re not putting encryption into their RFID tags, since it could only be read by proprietary scanners generated a few laughs.
While the tags themselves are pretty simplistic, there’s a potential for abuse. Reading somebody else’s tags, replicating and manipulating them, generating false positives, running equipment to capture valid RFID tags and to generate the corresponding fake ones (perfect man in the middle attack).
RFID Guardian is the project Melanie’s working on, and the video is available at the bottom of the page.
Why doesn’t RFID standard support basic authentication mechanism between the RFID tag and the reader? The standard went into the market, and if the companies agreed to add the authentication bits to it, that would mean making the entire product lines obsolete.
April 26th, 2007 at 2:53 pm #RFID and You « Hamilton Partners, Inc.
[...] an attack and compromise all the RFID tags in the vicinity. Professor Shamir is hardly alone. RFID spoofing is a popular topic among the tech [...]