Slashdot Mirror
Cellphone Could Crack RFID Tags
diverge_s writes "Adi Shamir of RSA is at it again. This time pointing out flaws in RFID systems. From the article: 'I haven't tested all RFID tags, but we did test the biggest brand and it is totally unprotected,' Shamir said. Using this approach, 'a cellphone has all the ingredients you need to conduct an attack and compromise all the RFID tags in the vicinity.'"
My 6620 is capable of responding to 13.56 MHz readers and may be capable of reading tags as well. Nokia has been working with Mastercard and others to bring payment and reward systems to mobile phone users. There is little information in Google, but the API is available. Check your Nokia 'wallet' function for RFID functionality.
The patent should never have been awarded in the first place. For one thing, mathematics should never be patentable. For another, there was already Prior Art invented at GCHQ in the UK -- but because of its nature, it was kept hushed-up.
The patent was never applicable in the UK nor the EU.
Je fume. Tu fumes. Nous fûmes!
Je fume. Tu fumes. Nous fûmes!
http://cq.cx/proxmarkii.pl provides a nice article on how one Canadian guy designed a small hardware solution for cloning RFID tags. It should be very clear that RFID is NOT secure -- it's actually more likely to be insecure, in spite of the vendors who are offering tin-foil hats for their RFID cards.
Paul Gillingwater
MBA, CISSP, CISM
That cloning device only works on cheap RFID's that don't do cryptographic authentication. This is not the first time this has been done.
http://www.cl.cam.ac.uk/~gh275/relay.pdf
The method Shamir talked about is a little more interesting because the cards are leaking information wbout what they are doing internally. It is possible that a more detailed examination of the power consumption may reveal other detail of what the card is doing as well as when it things it has receive a bad bit.
Power analysis has been a known attack on smartcards for a long time. A few cards were vulnerable to an attacker looking for increase current draw just after a PIN/password attempt when the card tried to increment a count of the number of failures, cut the power when it tries to write to the fail count and you could attempt a brute force attack. I believe the most obvious way around the problem, to decrement the counter before checking the PIN and increment it after if the check passed, is patented.
It would be interesting to see if any RFID cards have that flaw.
Why he calls it "compromise"? RFID tag is just something like license plate on your car.
You don't call your car security compromised just because everybody non-blind in victinity can read your license plate with naked eyes.
You need have access to police database in order to get sensitive information of car owner using car license plate. Nobody but criminals tries to hide their car license plate from casual observer.
Same for RFIDs - they just transmit some unique id, and one who wants to idenitfy person carrying RFID has to get access to right database (and indentity which database holds this info first).
I'd rather say that your security is compromised, if you cannot read what is transmitted by RFID tag in your passport or under your skin, and some unknown person with RFID scanner can.
So, in order to stop this hype about RFIDs compromising security, they have to cell RFID scanners for dollar on next corner, or make it standard feature of every cell phone (if components are really already in place) so everybody who is concerned about security can easily scan oneself and find out what kind of information is available from those tags.
Only reason why those RFID makers don't do it - is because they want to make money on scanners as well as chips theirselves.
RFID tag encodings adhere to standards (EPC and ISO); perhaps I'm missing something but what exact is there to crack when all the information is freely available on the internet?
Oh, a lesson in history from Mr. I'm my own grandpa.