Security

Another blow to wide-spread usage of RFID


In another blow to the adoption of RFID in the enterprise, often billed as a barcode replacement, researchers from PacketFocus Security Solutions and ATlas RFID Solutions use standard tag readers and antennas to read the EPC (Electronic Product Code) labels on boxes that are loaded into a rented 18-wheeler tractor-trailer.

According to PacketFocus Hacking Director Joshua Perrymon:

An attacker could write to the EPC tags, changing or disabling them if they are not adequately protected via authorization frameworks and password.

You can read more about this topic at Forbes.com.

The next step is to test whether a car can cruise alongside or behind a moving truck and still be able to read the tags.

What is your opinion on the viability of RFID - do you think that the security angle a hopeless cause that it cannot hope to ever address adequately? Join the discussion.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

5 comments
raisch
raisch

Without a key, your house is vulnerable to thieves. Without cryptographic protection, your RFID tags can be read or written by anyone. How does the revelation that ignoring manufacturers' instructions could cause unexpected problems warrant news coverage? I'm sure if everyone ignored the correct handling of kitchen knives it would doom that "technology" as well. *sigh*

paulmah
paulmah

What is your opinion on the viability of RFID - do you think that the security angle a hopeless cause that it can never hope to ever address adequately?

tech1
tech1

My understading of this message is that you will not have this problem if you apply reccomended Vendor security standards. The article clearly states that *default* RFID implementations may be vulnerable to certain attacks. This is nothing different that any other security advisory or best-practice guide. I think the work these guys are doing is great. Someone has to step up and warn companies about potential risks of new technology. Finally, I don't agree that security is holding up any real progress of RFID. The industry has ALWAYS looked at ROI and the business return side with security last. WHy all the sudden does a few potential risks stop the entire industry? It Doesn't! The only thing slowing up the RFID industry is PRICE. Not security..

don.abbott
don.abbott

Amen, the adoption is dependant upon not only cost, but also deployment, management, integration with various supply chain and inventory control applications as well as, but not the least, a change in how behavior, technology and change is perceived by the workforce that comes in contact and use RFID technology. Any Change is scary, but the fact is, these guys are warehouse employees, truck drivers, and fork lift operators. The greatest hurdle in adoption is compliance and cooperation of people bahvior and attitude toward the benefit to them, not the company overall ROI. If they hate, you may as well lie down in the road and let the CFO run a BlueBird bus over you. Yes - the bus will be full of all the warehouse employees as they go to thier monthly Union meeting. GOOD LUCK

Dr Dij
Dr Dij

honda with lowered wheels & a racing engine and I have Vin Diesel along, I could pick and choose trailers with the most expensive gear to hijack. Of course if we get caught, who will stop the Necromongers?