Opinion: RFID security worries need a reality check
Computerworld - Sometimes our anxieties about security make us lose sight of how a technology is used. Such is the case with radio frequency identification, a proven technology that delivers big efficiencies and has yet to experience a confirmed hacker attack in the wild.
But RFID has seen many tightly controlled "proof-of-concept" exploits, widely publicized by academic researchers to showcase RFID vulnerabilities that in reality pose less risk than an old flu virus. Don't look for criminals to unleash these exploits anytime soon. They understand that what little they could gain is simply is not worth the effort.
In April, academics at Edith Cowan University in Australia created an RFID denial-of-service exploit, and researchers at Vrije Universiteit Amsterdam publicized an RFID virus. Those two hacks question the integrity and availability of the first generation of Electronic Product Code RFID chips from EPC Global (www.epcglobalinc.org), an industry standards body working to streamline and secure supply chains.
These proof-of-concept EPC RFID attacks could make the drying time of paint seem quick. Information criminals operating behind the virtual anonymity of the Internet have shown scant interest in supply chain applications. There are no bragging rights on hacker Web sites for exploits launched against physical goods. Confusing handlers of pallets loaded with dog food or diapers, or even diverting containers filled with toys or consumer electronics, gets you flamed as a bottom feeder in the information underworld.
Trafficking in hard goods traditionally has been blue-collar street crime, the stuff of film noir gangsters, crooked dockworkers and teamsters with ready distribution channels for stolen goods. The Internet's promise of disintermediation (http://en.wikipedia.org/wiki/Disintermediation) is simply not as appealing to the stolen-goods underworld as it is to legitimate distributors.
Stolen goods are not easily converted to cash on the Internet. Information criminals constantly try to sell stolen goods via hijacked or bogus eBay accounts, other online sales channels, or through networks of unsuspecting surfers conned by offers too good to be true. The distribution of stolen physical goods on the Internet is risky and costly because lots must be broken into small pieces to escape notice and there is an audit trail to threaten prized anonymity.
Information criminals steal information that's readily convertible to cash, not meaningless EPC RFID inventory data. The people who design EPC standards know far more about the risk to supply chains than cloistered academics engineering these meaningless proof-of-concept exploits.
The EPC initiative is backed by companies that suffer billions of dollars in global supply chain losses every year. They have performed a rigorous risk analysis and concluded that the effect of a supply chain exploit targeting EPC chips is relatively low. They also have determined that the probability of seeing a wave of hacks on EPC chips is similarly low.


- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Mobile Middleware Strategies
- Learn why a mobile development platform is critical to be able to support today's complex enterprise mobility strategies. Learn what to look for...
- The Evolution of Enterprise Mobile App Development
- Driven by explosive growth in smartphone and tablet sales, enterprise mobility has become an essential part of business. Organizations across industries are developing...
- Native & HTML5 Mobile Apps: Not an either or, but a where and when
- Learn how developers are using HTML5 and native development methods to build mobile apps. Get practical insights on how these tools are being...
- Enabling Remote Employees with High Quality Video
- In this paper, we analyze the delivery of live and on-demand mobile video content. It focuses on specific ways in which organizations can...
- What to Look For in Solutions For Mobile Device Management
- Managing an increasingly mobile workforce has become one of the most challenging - and important - responsibilities for IT departments. This paper examines... All Mobile and Wireless White Papers
- The Office of Tomorrow with BlackBerry
- Curious about the office of the future and how to prepare with BlackBerry solutions? This session discusses the office needs of tomorrow and...
- The Changing Role of Tablets in the Enterprise
- Do you understand all the capabilities and potential of the BlackBerry PlayBook tablet? BlackBerry® PlayBook™ tablet can help enterprises do business differently.
This webcast... - Security Certifications 101 - BlackBerry and all those acronyms what do they mean and why they matter?
- FIPS, Common Criteria, CAPS, AISEP, NFC, NIST, Fraunhofer SIT, CESG, DSD - these are just some of the government and industry certifications which...
- PlayBook Video about two Grade 6 classrooms that are using PlayBook tablets
- RIM recently worked with Park Manor Public School in Elmira, ON to integrate BlackBerry PlayBook tablets in two Grade 6 classrooms. The project...
- McCain Canada deployed BlackBerry PlayBook tablets with a custom application to their salesforce
- McCain Foods Limited (McCain) has deployed BlackBerry® PlayBook™ tablets in order to enhance mobility within their sales force- along with a customized application... All Mobile and Wireless Webcasts
Prepaid service has started to transform from a source of cheap, bottom-of-the-barrel phones into a viable outlet for compelling smartphones. Read more...