This article can also be found in the Premium Editorial Download "Information Security magazine: Keep today's threats close and tomorrow's closer."
Download it now to read this article plus other related content.
|The reported attacks of
RFID tags--such as RSA Security's 2005 hacks of the tag used in the Exxon Mobile Speedpass, and the
fall 2006 hack of RFID credit cards--have been by computer scientists tinkering in laboratories.
Since some of these scientists are among the world's leading cryptographers, the industry is taking
Here are two well-documented developments in EPC hacking:
As it has been with the RFID credit cards, demo attacks by researchers such as Fu will be the first we will see against EPC. "Now is the time to start worrying about this," says Ashton. Backers of the EPC standard want to eventually go beyond shipping containers and palettes and replace all of the barcode labels on individual store items with EPC RFID tags. That way, companies will be able to track an item from the assembly line to the register, and even into a consumer's home.
But EPC Gen 2 tags can be cloned and spoofed by counterfeiters and thieves targeting the supply chain, says Ashton. (See "RFID Attacks") For example, crooks could clone tags from authentic Louis Vuitton handbags and place them on fake items. In a spoofing scenario, a laptop emitting RF signals could tell a warehouse reader that a shipment of video game consoles is accounted for, long after thieves have made off with the units. Or, criminals lurking outside a retail store could intercept transmissions between EPC tags and checkout readers--called a side-channel attack--to snag the details of a transaction, such as potentially sensitive drug purchase information.
Eventually, more sophisticated attacks against RFID tags will take place within stores, says Novak. For example, early retail store hackers might be able write new item descriptions and prices to RFID-tagged items. Rather than paying $2,500 for a flat screen HDTV, for example, "an RFID hacker could program the tag to ring up as a less expensive product."
U.S. Department of Homeland Security is planning to use the EPC Gen 2 tags in its PASS Card border ID system. The PASS Cards will be an accepted substitute for passports at some U.S. border checkpoints.
That's not a good idea, says Ari Juels, principal research scientist and manager at RSA Security's RSA Labs.
"Using EPC tags for border control--that's worrisome," says Juels, who is among the coauthors of the RFID credit card hacking study with Fu. Unlike the RFID technology used in credit cards, EPC Gen 2 tags "have very few explicit security features," he says.
Juels says that someone could possibly scan the EPC tag on a PASS Card border ID several feet away and create a makeshift radio device, if not a cloned tag, which emits the same uniquely identifiable data as that tag.
This was first published in January 2007