Chat with our sales team
Whole Network Most Recent TOP10 Market Size RFID Basics Tags and Readers

 

It Turns Out Those RFID Passports are Not So Insecure After All

Filed in archive Privacy and Security by Anita Campbell on August 11, 2006

hackerdance.gif
RFID is the technology that privacy advocates love to hate. As a result, some have taken on the challenge of trying to hack RFID.

A German security consultant, Lukas Grunwald, was the latest challenger. He threw down the gauntlet at the 2006 DefCon conference last week. He cloned an RFID tag.

Note that he did not clone a passport -- just the information on the tag.

Note also that he could not figure out a way to change the data, such as by adding a fictitious name or modifying personal details. He simply copied existing data.

Of course, from reading some of the media reports, you'd never know that his actions were limited to simply copying an existing electronic piece of information. Most of the initial news and blog reports were selective and disingenuously unclear in what they reported. They gave the erroneous impression that he had managed to cook up an utterly fake passport -- faster and easier than whippin' up a Betty Crocker cake mix.

As I reported last week, you had to read the full Wired.com news report to understand exactly what did -- and did NOT -- occur.

As usual with these kinds of demonstrations, we go through a dance-like ritual:

Step 1: Someone comes out with a hacking demonstration or an announcement supposedly showing how insecure RFID is.

Step 2: Wildly sensational and incorrect media reports come out right away, blowing it out of proportion.

Step 3: Calmer heads come along and take the time to debunk and refute the claims or put them into proper perspective.

The sad part is, there is usually a grain of truth and probably some valuable lessons that could be learned from the hacking demonstration.

But instead, the announcements are sensationalized, leading business and governmental organizations to feel under attack and that they must defend against the claim. Naturally all their attention goes toward debunking the original claim, instead of studying what really happened and what could be learned from it. And they come off as appearing defensive -- never a good thing where the public is concerned.

And, of course, the later debunking of the initial claims never gets the same level of media and blogger attention (I wonder why?). So the public is left with the erroneous impression that the technology is insecure.

And so it goes.

We had this familiar hacking/debunking dance once again with the Grunwald DefCon demonstration.

A week's time has passed since the initial claims, and now the latest news is that several industry experts, including industry association The Smart Card Alliance, have come out and put the claims into perspective.

The RFID Journal has a thorough story of the industry response to the Grunwald demonstration. Read the whole RFID Journal article for the details.

Sheesh.


Advertisement


Permalink: It Turns Out Those RFID Passports are Not So Insecure After All
Tags: rfid  passport  passports  insecure  after  rfid+passports  insecure+after  passports+insecure 

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/31685



Advertisement


Advertisement
Match.com


CW ToolbarInstall
RSSrss   | See all blog subscribe options
Googlegoogle   |   What is RSS?
Yahoo!yahoo
AddthisAddThis Feed Button
BloglinesBloglines
Newsletter
Advertisement - Book yours here.
Match.com

Use our search feature to look for other interesting posts

Just this blog Whole network
Apple iTunes
 
  • Would you like to see your text link here? Let us know!
Advertisement
Book yours here.

Match.com


  • Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..






Advertisement - Book yours here..
 
Tagcloud: Case Studies Companies Contactless Payment Systems contest EPC Standards Healthcare Implementation Interviews Libraries Market Size Near Field Communication Patents Privacy and Security Report Retail RFID Basics RFID Employment Software Applications Special Events Sponsored Posts Sports Stocks Supply Chain Tags and Readers Ubiquitous Computing Wireless