Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is RFID Really That Scary?

Posted by timothy on from the relaaaaaax-citizen dept.

tcd004 writes "Defcon participant Chris Paget demonstrated his ability to capture RFID data from people hundreds of feet away for the PBS NewsHour. Paget went through the regular laundry list of security concerns over RFID: people can be tracked, their information accessed, their identities comprimised. Not so fast, says Mark Roberti of RFID Journal. Mark challenges Paget to point to a single instance where RFID was successfully used for nefarious purposes. The signals are too weak and the data is too obscure, according to Roberti. So who is right? Has RFID yet lead to a single instance of identity theft, illegal monitoring, or other security compromise?"

6 of 338 comments (clear)

  1. Re:Hmm by MobileTatsu-NJG · · Score: 1, Troll

    Dozens of RFID detectors that do broadcast GPS coordinates into space will be responsible for that part.

    You mean the RFID's with huge batteries that need constant charging and aren't called "RFID"s anymore?

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  2. Re:Yes and no by pnewhook · · Score: 0, Troll

    My bank switched their debit cards over to ones with "PayWave". It's an RFID chip that allows me to just magically wave my card around in the air and pay for stuff at the checkout line.

    Have you actually used it? That's not how it works. The RFID feature is EXACTLY the same as the magnetic swipe. The reader has to be initialized by the cash register to read (it's not set to read automatically just like the magnetic readers are not trying to read constantly until told to), and the signal is so weak you actually have to touch the card against the reader and hold it there for a few seconds. There is no way waving your card in the air will cause you to purchase anything.

    --
    Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
  3. Re:Yes and no by pnewhook · · Score: 0, Troll

    Or you can actually understand the technology, realize no vendor can read your card without your knowledge and not worry about it anyway.

    --
    Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
  4. Re:Here's a better Defcon RFID story... by Blakey+Rat · · Score: 1, Troll

    When the box got a return and found usable data, it snapped a picture.

    Uh... so what?

    Maybe the hotel they were staying at used RFID keys. Nothing here implies "if a RFID card has usable data, IT'S A SUPER-TOP-FEDERAL-CIA-SECRET-OMG!!!" He was just snapping photos of people with bus passes and hotel keys... retarded.

    --
    Comment of the year
  5. Re:Yes and no by pnewhook · · Score: 0, Troll

    Please elaborate, I was under the impression that a signal simply powers the card and induces a response from the card. No processing or challenge response unless it's a really expensive card.

    The signal does power the card but it is challenge, response and the data transmitted is encrypted.

    In which case anyone walking past you could read the card without you knowing.

    They would get an encrypted mess if they somehow concealed a bulky RFID transmitter and were able to keep that transmitter within 4 inches of your card for several seconds..

    --
    Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
  6. Re:Yes and no by pnewhook · · Score: 0, Troll

    My statement is still valid. you hand someone your card to pay for gas, they can go in and duplicate it very easily with a magnetic stripe just by swiping it through a reader.

    I dont know what you mean by the RFID skimmer can be inside the reader. Regardless, you need to have the card less than 4 inches away from the reader and held there for several seconds to read it. Even then the data is encrypted and required a challenge response.

    --
    Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.