The Security of RFID

Just look back to see how many statements are laughable from the first moment. When the passports with RFID in the United States said that the U.S. Government has informed that he is trying everything possible to avoid pirate attacks and fraud, something that have failed.

There were already a number of theoretical attacks on these passports, but certainly a practical demonstration always impacts much more than a theory that not everyone is able to understand. So that the video that shows how it has been ought to clear the lack of security of this technology, at least as it has been implemented.

The problem is no longer possible clone the RFID cards, but that you can do for very little money and quite remote. Chris Paget which has proven is that with $250 has been able to mount a system that can read the RFID identifier for passports at a distance of 10 meters. Anyway, it is possible, with hardware more powerful, read these labels from much further away, even more than 1.5 km.

In the case of passports in United States (and many other systems that use RFID) are not stored personal data in the chip itself, but that this only includes an identification number which, to be read by the computer, allows to obtain the rest of information from a database.

Therefore, read this number does not obtain personal information, but if clone the Passport. I can think of several ways to make “ weeds ” with that, but we must not go too far, since we have already seen examples of how this technology has been subverted on other occasions.

Some time ago we saw a much more serious case, which got read away credit cards, getting both the number and the expiration date or the name of the owner. These data are useful immediately by a possible attacker, with a loss not just privacy, but money.

Another famous example in which it is involved the RFID they are the tarjetas of transportation used in many cities. A team from a Dutch University showed how it was possible to clone the Oyster Card, the card used on London’s public transport.

Authorities downplayed this issue indicating that they are capable of detecting cloned cards and that, therefore, it would serve only to travel during a day. But taking into account that they are easy to reprogram, I still see large enough in the system security flaws.

The problems that clone us card adding the of Privacy, as in the case of the London underground, we can see the latest travel facts approaching card ticketing machines, something very simple if you have a cloned card.

In the vast majority of cases, the problem is not so much the RFID technology, but in the cryptographic implementation making it. The researchers say that made implementation in systems such as Mifare Classic, widely used for access to buildings and premises, is toy and that anyone can break it without problems.

Making a parallel with the Wi-Fi networks, it is clear that wireless technologies have major potential vulnerabilities, by not requiring physical environment access (either the network cable or card), it is necessary a more logical security.

In Wi-Fi, after it was discovered that WEP was vulnerable it has become to use, in most cases, WPA and other more secure systems. Something similar is needed with RFID technologies, They reported clear advantages, such as ease and rapidity of use, but it is necessary that also provide good security. Especially if it is at stake, our privacy and our money.