Personal RFID Security/Privacy Threats

A relatively new security/privacy threat has arrived in the last decade and it’s due to a chip that can be as small as a grain of sand. They are called RFID chips and are a form of microchips fitted with antennas. They have information stored on them which can be transmitted to an RFID reader. The RFID reader can send out a query causing the RFID tag to return any data it contains. Obviously this brings up big security concerns. The RFID tags are being put in passport cards and enhanced driver licenses that are available in a growing amount of states. Some of these RFID tags have even been found to be readable from a max of about 150 feet away.

When you get an enhance driver license they provide you with a privacy sleeve to keep it in which helps to block the radio signal from the chip getting out, but many people have been found to not use them and if the paper had been crumpled at all it may not even work.

What do you all think of this technology? Are we going to far and potentially exposing ourselves in ways we could have never imagined was possible?

http://www.technologyreview.com/computing/21842/

Advertisements

7 thoughts on “Personal RFID Security/Privacy Threats

  1. RFID is a fantastic technology, however I think more steps needs to be taken to protect consumers; for instance, all new wallets should have RFID blocking material inside them to protect credit cards, enhanced driver’s licences and other similar RFID based cards.

    • Agreed, if all new wallets had that material then it wouldn’t really be much of a problem. The technology has a lot of potential. I work in retail and could only imagine how nice it would be for a store to be able to track every product it carries by having these RFID tags embedded in everything.

    • I agree new wallets would help…but do we expect everyone to go out and buy a new wallet? I doubt it will happen…mostly because the overall problem is awareness and a lack of concern. Plus those wallets would cost more to make, therefore be more expensive to purchase which as we know will create the usual “it will never happen to me” response. I do think the wallet idea is a good one, but that’s a long term solution. I feel the authorities that issue the cards with RFID chips need to educate each consumer better and also provide better protective sleeves. When I received my enhanced license I had no clue why they were giving me a protective sleeve…not a soul at the DMV mentioned anything about security. It didn’t fit into my wallet well at all, so I was tempted to just toss the sleeve, but I kept it anyhow. It wasn’t until a few months later that I found out by chance what the sleeve was actually for. Makes me wonder how many people actually got rid of the sleeve as soon as they left the DMV?

  2. I think the security needed for RFID goes way beyond wallet material. They have RFID chip in key fobs and other devices outside of your wallet. Some gasoline stations used to (maybe still do) use RFID key fobs that you wave in front on the pump and it automatically charges your account. What most people don’t know is that those things are constantly broadcasting that data wherever you go. The ability to control when your device broadcasts would go a long way in protecting that data – assuming the user actually remembers to turn it off.

  3. The problem I see with RFID is that it’s very easy to take advantage of. The technology would need to have some sort of managing software where I can dictate where and why it broadcasts for me to feel comfortable using it. I don’t trust corporations or government enough to give them free communication with something essentially attached to me.

    Pretty scary to think that they can broadcast up to 150 feet. A standard which I’m certain will will be superseded with time.

  4. I think the idea behind the chip is a great idea. They make it so simple for me to park in my work parking lot and also gain access to work building at any time. I don’t think that the security is all that great. It would be very easy to pick one up that is find on the floor and gain entry to anywhere the card holder was able to. I think this is only the beginning to a great data transmission idea but for security I think this should be a secondary device just to confirm information of the holder.

  5. I agree that RFID is an amazingly useful technology. There is little in terms of security in place with these systems. Just yesterday I found somebody in a different class with a RFID tags reader. He was able to read the information on a tag that I owned that granted me access to fire departments in Onondaga county. All somebody would need is a write-able tag and the information on my tag to get themselves access.

    RFID alone shouldn’t be trusted for authentication. I think that if we combine RFID with a passcode or another form of authentication, that we would be much better off. Naturally all forms of multi-factor authentication are more secure, but by combining something we have (and RFID tag) with something we know (a passcode), the threat for passive RFID card scanning or duplicating could be cut down.

Comments are closed.