What are the dangers of using radio frequency identification (RFID) tags?

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country: Select... Afghanistan Aland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia, The Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Man, Isle of Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine Panama Panama Canal Zone Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands Wallis and Futuna Islands Western Sahara Yemen Zambia Zimbabwe
Email Address:

I would like to receive a FREE subscription to Information Security magazine online.
YesNo

Do you manage, evaluate, recommend, implement, support or purchase security products, software or services?
YesNo

Please estimate the yearly security budget for your entire organization including all security products and services.
Please select... Over $10 Million $5 Million-$10 Million $1 Million-$4.9 Million $500,000-$999,999 $100,000-$499,999 $50,000-$99,999 $25,000-$49,999 $10,000-$24,999 Less than $10,000 None

What is your role in purchasing IT related products and services? (Check all that apply)
Technical decision maker
Financial decision maker
Recommend/Specify
Evaluate products
Implement Products/Services
Determine Needs
Create Security Strategy
None

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

BROWSE BY TAG Identity Management and Access Control,   Wireless Network Security: Setup and Tools,   Wireless Network Protocols and Standards,   Enterprise Network Security,   Enterprise Identity and Access Management,   User Authentication Services,   Security Token and Smart Card Technology,   Expert Archive: Identity Management and Access Control,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Management and Access Control Learn about enterprise strategy for server virtualization single sign-on Employee information security awareness training for new IAM systems Can you combine RFID tag technology with GPS to track stolen goods? Is there a free enterprise-caliber password-management tool? Cryptosystem attacks that do not involve obtaining the decryption key Can any firm or organization get a digital signature certificate? Should the CTO have domain administrator access? Does password sharing in international branches violate SOX? What are best practices for secure password distribution after a data breach? Is it possible to encrypt CDs and DVDs as well as SD cards? Wireless Network Protocols and Standards Wireless Security Lunchtime Learning An introduction to wireless security A wireless network vulnerability assessment checklist Lesson 1: How to counter wireless threats and vulnerabilities Lesson 1 quiz: Risky business Wireless Security Lunchtime Learning Entrance Exam Risky Business: Understanding WiFi threats Study reveals lack of financial wireless computer security Preparing enterprise Wi-Fi networks for PCI compliance Cracks in WPA? How to continue protecting Wi-Fi networks Security Token and Smart Card Technology Risk management must include physical-logical security convergence RSA researcher Ari Juels: RFID tags may be easily hacked Portable security storage device could replace OTP devices Can you combine RFID tag technology with GPS to track stolen goods? Security token and smart card authentication Hackers can target embedded smart card chips What should an enterprise look for in a password token and a vendor? Are smart cards insecure if Mifare Classic RFID encryption is cracked? What are good features to look for in access control software? Secure Computing SafeWord 2008 product review

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary authentication server  (SearchSecurity.com) Chameleon Card  (SearchSecurity.com) key chain  (SearchSecurity.com) key fob  (SearchSecurity.com) key string  (SearchSecurity.com) national identity card  (SearchSecurity.com) security token  (SearchSecurity.com) smart card  (SearchSecurity.com) tokenization  (SearchSecurity.com) two-factor authentication  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Your concerns about the radio frequency identification (RFID) tag in your new passport are legitimate, and you're not alone. RFID tags, in general, have been controversial within IT security for other uses besides just passports.

But the technology itself is fantastic. As you correctly note, it'll make going through immigration and customs a breeze when returning from overseas travel. And for tracking inventory in a warehouse, livestock on a range or other non-human objects, RFID has streamlined processes and saved money. It's just when it's used for tracking people or for paying bills where problems arise with privacy and security.

The difference in these situations is the possibility of identity theft or fraud. Unlike other transactions, like those on the Web, for example, RFID broadcasts radio signals openly in the air where they can be intercepted. Generally speaking, other wireless devices share this problem. But RFID tags on passports and credit cards carry nothing but personal data and funds and are unusually unencrypted, making them even easier targets for identity thieves and fraudsters.

The other problem with RFID chips versus, say, embedded smart chips is that as wireless devices they don't need to be near the reader to be read. Smart chips, on the other hand, need to be put next to, or into, a reader, so they aren't as susceptible to being sniffed in the open.

On a credit card, someone could conceivably cut out the chip, and the card would still function. But altering a passport not only invalidates it, but is also illegal.

A vocal opponent of RFID passports has been security guru Bruce Schneier, who has railed against RFID chips on his blog since the passports were first released in 2006.

Schneier has mentioned cases where researchers have been able to clone passport chips, including a demonstration at Black Hat in 2006. The exploit took the researcher only two weeks to develop. He was able to order an official RFID passport reader right from the manufacturer in Germany to sniff data from his own passport and embed it on a sample blank passport.

To make matters worse, the same researcher claimed he could have built the same device on his own for about $200 by attaching an antenna to any commercial RFID reader.

Schneier has commented that such tricks would allow criminals to steal identities, forge digital data onto other documents or even clone entire bogus passports. One solution, which Schneier suggested in response to a report about cloning of UK passports in November 2006, would be to send an email or SMS message to a user every time their passport is being used, which would block a criminal from using someone else's passport.

Unfortunately, there isn't much that can be done besides shielding your passport and keeping it as far away as possible from prying eyes and suspicious devices.

For more information: