Hackers Crack the RFID Code
Posted on August 7, 2006
Hackers have managed to hack into the RFID chips that the U.S. government is putting into passports. The hackers' goal was to show the incredible security vulnerability of the emerging -- and very popular -- technology that embeds a computer chip wrapped with tiny radio antennae into everything from food products to passports.
High-tech passports touted as advances in national security can be spied on remotely and their identifying radio signals cloned, computers hackers were shown at a conference. Radio frequency identification technology, referred to as RFID, used in cash cards and passports, can be copied, blocked or imitated, said Melanie Rieback, a privacy researcher at Vrije University in the Netherlands. Rieback demonstrated a device she and colleagues at Vrije built to hijack the RFID signals that manufacturers have touted as unreadable by anything other than proprietary scanners. "I spend most of my time making the RFID industry's life miserable," the doctorate student told AFP. "I am not anti-RFID. It has the potential to make people's lives easier, but it needs to be used responsibly."We're not big fans of the current RFID technology. Kudos to Rieback for continuing to point out the serious security flaws of this technology.
Rieback and university compatriots expected to have a reliable portable version of their device, RFID Guardian, finished in six months and "had no plans to immediately mass-produce these things." A cheer rose from the legion of hackers in the conference room when Rieback announced that the schematics and the computer codes for the device would be made public. "The industry and government needs to not be scared of us," Rieback said. "They need to talk with us and to work with us. Hopefully, together we can come up with some kind of reasonable compromise."
RFID equipment makers would be wise to ramp up encryption and other security while technology is catching on, according to Rieback. Rieback was not the only speaker at the gathering who claimed to have found RFID vulnerabilities. "If you are using RFID on cows, who cares?" Rieback asked rhetorically. "But, with a passport, it only takes one breach at the wrong time and it could wreck it for the RFID industry."