McAfee: RFID chips exposing users to danger
As use expands, the technology becomes a very tempting target for hackers
The current generation of radio frequency identification (RFID) technology is vulnerable to eavesdropping, cloning and forging.
That's according to an April security trends report (download PDF) from security software vendor McAfee Inc. The Sage report is issued semiannually by McAfee Avert Labs based on its research into high-tech threats.
The report warns that as RFID technology becomes more pervasive, the risk for users increases dramatically. The study notes that the technology is increasingly embedded in clothing, food and health care products and that some companies are even embedding RFID chips into the bodies of employees. Some states have already passed laws to prohibit forced implantation of the chips.
The report found that the rapid spread of RFID technology is making it very attractive to hackers, who can clone chips and steal authentication information to gain access to a users' personal information. Some researchers have warned that a virus placed on an RFID chip can infect other networked chips, and ultimately assault vulnerable databases.
Government agencies and large retail firms are playing a key role in the spread of the technology -- and adding to the growing list of vulnerabilities, the report said.
For example, the U.S. Department of State last year began issuing passports embedded with and RFID chip containing the holder's date of birth and biometric information, such as a digital photo or a copy of their fingerprints. Critics claim that the e-passport could allow hackers to read the chip embedded inside and that the biometric data could be stolen for the purpose of identity theft. It could also allow Americans on foreign soil be tracked by enemies, critics say.
In the retail industry, the report predicted, RFID chips will soon replace bar codes as the tracking technology of choice. It cited retailer Wal-Mart Stores Inc.'s highly publicized efforts to use RFID to track pallets and cases from its suppliers to the store. The Sage report noted that many retail executives expect that RFID technology will save their companies time and money performing inventory counts and doing restocks.
Consumer advocates, on the other hand, "claim the privacy implications are too dangerous to ignore. Imagine a world in which every item you purchase has an embedded RFID tag," the report said. "When you buy the item, your entire inventory of purchases can be stored in a central database. Advertisers could track your spending habits. When you wear the tagged clothing, you can be tracked and profiled as you travel through strategically placed scanners," it said.
Some experts contended that the dangers of RFID chips are overstated in the report. "There is nothing inherently insecure about RFID," said Michael Shamos, a computer science professor at Carnegie Mellon University who specializes in security issues. "There are some bad protocol implementations around that have security vulnerabilities. I'm all in favor of trashing specific bad implementations, but this is not a generic defect in RFID technology."
He said that government agencies and businesses should use chips that are encrypted to prevent hackers from replicating their data. Shamos also contended that RFID chips are not susceptible to viruses.
Also, he said, it is very difficult -- and expensive -- to track the movements of embedded RFID chips. "If you want to track someone, it's much easier and more effective to point a video camera at their face from 100 yards away than to plant RFID readers every 10 centimeters throughout your country," said Shamos.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!