Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cellphone Could Crack RFID Tags

Posted by ScuttleMonkey on from the let-the-wardriving-begin dept.

diverge_s writes "Adi Shamir of RSA is at it again. This time pointing out flaws in RFID systems. From the article: 'I haven't tested all RFID tags, but we did test the biggest brand and it is totally unprotected,' Shamir said. Using this approach, 'a cellphone has all the ingredients you need to conduct an attack and compromise all the RFID tags in the vicinity.'"

12 of 138 comments (clear)

  1. Link to the dude itself, dude! by Anonymous Coward · · Score: 5, Informative

    Here's the cryptographer's panel:
    http://media.omediaweb.com/rsa2006/1_5/1_5_High.as x

    Prof Shamir comes on at 6:15, but I recommend watching the whole hour through.

  2. RFID != Smart Card by CortoMaltese · · Score: 2, Informative
    It's a good thing our government wants to embed these things in our passports

    I knew this was coming the second I saw the headline.

    Biometric passports and most other applications that need secure tokens utilize smart cards.

    RFID tags are not the same as smart cards. The difference is huge. Please do your homework.

    So wait, besides inventory tracking, why do we use RFID at all?

    Besides inventory tracking, we usually don't. It is just confusion and FUD.

    1. Re:RFID != Smart Card by armb · · Score: 2, Informative

      > Biometric passports and most other applications that need secure tokens utilize smart cards.

      Except for the ones which really are planed to use RFIDs.

      Here's some homework for you:
      http://www.schneier.com/blog/archives/2005/08/rfid _passport_s_1.html
      http://www.theregister.co.uk/2006/01/30/burnham_rf id_evasions/
      http://catless.ncl.ac.uk/Risks/22.98.html#subj7.1
      http://catless.ncl.ac.uk/Risks/23.87.html#subj5.1

      --
      rant
    2. Re:RFID != Smart Card by peragrin · · Score: 2, Informative

      I hate to break this to you, but any card that has a contactless interface(ie hold the card near the reader) is an RFID setup. it should be RFRC Radio frequency responder chip. which the USA and the UK want to use in passports. hence why they are coming with faraday cage style bags.

      A smart card still needs to be swiped. I have one in my american express card. My roommates new debit card has an RFRC in it as well. As he can simple place his card on a special sign and have it read it.

      --
      i thought once I was found, but it was only a dream.
    3. Re:RFID != Smart Card by throwaway18 · · Score: 2, Informative

      I work on smart cards, including biometric passports. In this field, no one in their right mind would use RFID tags for passports, or anything requiring security. Ever.

      The problem here seems to be terminology (and clueless moderators).

      You are incorrectly assuming that "RFID" means a simple tag with no crypto.

      RFID is a generic term for any device that uses RF and identifys it's presence or absense. A resonant circuit without a chip that is used
      to tag library books is an RFID. A contactless smartcard that uses cryptography to make it harder to clone is an RFID.

      people then make the assumption that anything contactless is RFID
      That is a correct assumption.

      and thus insecure.
      This is an incorrect assumption, however as Shamir has shown it is early days for RFID security.

  3. Re:RFID tag reader already in many Nokia phones by ianalis · · Score: 5, Informative

    That is the reason why I was shocked when I read the title. I know that there are Nokia phones that can read RFID and Nokia is pushing for its widespread use. Here's a useful link regarding RFID in Nokia phones: http://europe.nokia.com/nokia/0,,55737,00.html

  4. RFID is not meant for security by Lord+Satri · · Score: 4, Informative

    I like what one of our users said:
    "To summarize:
    RFID for inventory tracking ==> Good idea
    RFID for security ==> Stupid idea    "

    Here below I copy parts a previous comment on another story (which wasn't moderated and thus, probably not read a lot):
    Anyone interested in RFID could also start with the excellent wikipedia.org entry.

    Of interest, Slashdot already discussed RFID production increases before. Yes, RFID can be scary, especially in a bank or in passports. Imagine, even Sun cares for RFID. MobileMag have a small article about a 100% organic matter RFID chip developed in Korea, costing only 0.5 cents.

    And if RFID and geospatial tech seriously interest you, see my sig ;-)

    --
    Animoog.org
  5. Re:this thread by ajs318 · · Score: 2, Informative

    As I understand it, there is a serious issue with selectivity when reading RFID tags, due to the fact that they all have to use the same frequency. Passive RFID tags work by absorbing less or more energy from a radio transmitter to send zeros and ones. Real-life reading ranges are of the order of a few centimetres. Longer ranges are theoretically possible but create difficulties in practice. The "real" reader {i.e. the one which is actually supposed to be reading the tag} can't be too sensitive, lest its signal be picked up by other RFID tags {this system is meant for use in a store full of goods with RFID tags .....} and they interfere with the signal. The "parasite" reader {i.e. the one which is picking up overspill from the "real" reading process} can be much further away, but needs to be kept stationary because it is responding to really minute changes in signal strength. The "real" reader doesn't care about the RF power at all, since it can measure how much is being absorbed indirectly by measuring how much current is being drawn by the transmitter circuit {when the tag is absorbing more power, the oscillator draws more current}. The "parasite" reader will still be affected by any other "real" readers operating nearby.

    The limitations of passive tags are decreed by universal laws and won't be overcome by invention. Ironically, RFID will become less of a threat the more widely it is deployed.

    --
    Je fume. Tu fumes. Nous fûmes!
  6. Re:Injected RFID tags... by plumby · · Score: 4, Informative
    That would be considered non-elective surgery, which is a form of assault {at least common assault, and maybe ABH or even GBH if an allergic reaction or septicaemia develops} -- and therefore illegal. Note also that you cannot consent to assault, and just because you said it was OK the perpetrator can still be prosecuted.

    Whether you can or can't consent to assault is irrelevant, as by agreeing to have the surgery, it would become elective and there would be no assault to consent to.

  7. Re:I cannot understand just one thing... by $ASANY · · Score: 2, Informative
    I was similarly baffled. I work with DoD to develop and implement RFID solutions for transportation and asset accountability, and I've never heard of anyone trying to encrypt the data on an RFID tag. The DOD-64 and DOD-96 passive RFID constructs aren't encrypted, and those are the two DoD-specific constructs used in logistics. It seems like he's talking out of his posterior -- sure it's easy to "crack" the data on an RFID tag, because what is encoded there is not encrypted at all. That's by intentional design.

    In the commercial workd, with Wal-Mart and Target the EPC constructs are also undencrypted. So when he talks about 'the most popular tag', I'm really wondering what he thinks that might be. Low-frequency livestock tags? 13.56 MHz access control badges? 900MHz passive Alien squiggle tags? Savi active tags? What the heck is this guy talking about, because none of these "popular" implementations encrypt the data on their tags?

    But let's say you managed to "crack" a tag. You got '2F0103047541A430000001F9' (yes, this is a valid construct with minimally munged data). Ok, how about someone tell me how that constitutes a breach of security.

  8. Re:Injected RFID tags... by kansas1051 · · Score: 4, Informative

    Note also that you cannot consent to assault, and just because you said it was OK the perpetrator can still be prosecuted.

    Your high school business law teacher who told you that didn't know what he was talking about. You can consent to a battery (unlawful touching) or an assault (reasonable apprehension of a battery). How do you think boxing, hockey, or football work? Each participant consents to being battered and assaulted (within the rules of the game) by other participants.

  9. Re:Shamir by MadMidnightBomber · · Score: 2, Informative
    This "prior art" did not count as it was unpublished. However the point about the mathematics is exactly correct. Shamir is one of the the greatest trinity of conmen to ever plauge the computer industry. If you ever want to know why you still don't have encrypted email, this guy is 33.33333....% of the reason.

    Dude, 2000 called. They want their excuse back.

    The first copy of PGP was released in 1991 [1]

    The RSA patent expired in 2000. If you're in the US. I don't believe it was patented elsewhere. [2]

    I seem to remember GNU Privacy Guard working OK around 2000 [3]. Want to think of another reason why no one is encrypting email?

    --
    "It doesn't cost enough, and it makes too much sense."