RFID Robbery in the Parking Lot (and 4 other RFID hackings)

Filed in archive Privacy and Security on May 10, 2006

Wired magazine has an article about the hackers who are hacking RFID chips in order to make a point about security:

"James Van Bokkelen is about to be robbed. A wealthy software entrepreneur, Van Bokkelen will be the latest victim of some punk with a laptop. But this won't be an email scam or bank account hack. A skinny 23-year-old named Jonathan Westhues plans to use a cheap, homemade USB device to swipe the office key out of Van Bokkelen's back pocket. * * *

As Van Bokkelen approaches from the parking lot, Westhues brushes past him. A coil of copper wire flashes briefly in Westhues' palm, then disappears. * * *

The coil in Westhues' hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen's card for processing."

Read about the five scenarios involving RFID hacking. The point about most of these hackings is that the business or organization using RFID can be at risk, too. Up to now much of the media attention has focused on consumer privacy concerns. But businesses also must be cognizant of the security of their data and systems, and not inadvertently leave them vulnerable to attack.

For instance, the general business community dealing with RFID is just beginning to catch on to the vulnerabilities posed by read/write tags. For a number of business reasons, the tags can essentially be left "open" meaning they are vulnerable to being overwritten by someone or some organization with nefarious purposes.

Hat tip to Skip Reardon of Be Excellent blog for the link.