McAfee: RFID chips exposing users to danger
As use expands, the technology becomes a very tempting target for hackers
The current generation of radio frequency identification (RFID) technology is vulnerable to eavesdropping, cloning and forging.
That's according to an April security trends report (download PDF) from security software vendor McAfee Inc. The Sage report is issued semiannually by McAfee Avert Labs based on its research into high-tech threats.
The report warns that as RFID technology becomes more pervasive, the risk for users increases dramatically. The study notes that the technology is increasingly embedded in clothing, food and health care products and that some companies are even embedding RFID chips into the bodies of employees. Some states have already passed laws to prohibit forced implantation of the chips.
The report found that the rapid spread of RFID technology is making it very attractive to hackers, who can clone chips and steal authentication information to gain access to a users' personal information. Some researchers have warned that a virus placed on an RFID chip can infect other networked chips, and ultimately assault vulnerable databases.
Government agencies and large retail firms are playing a key role in the spread of the technology -- and adding to the growing list of vulnerabilities, the report said.
For example, the U.S. Department of State last year began issuing passports embedded with and RFID chip containing the holder's date of birth and biometric information, such as a digital photo or a copy of their fingerprints. Critics claim that the e-passport could allow hackers to read the chip embedded inside and that the biometric data could be stolen for the purpose of identity theft. It could also allow Americans on foreign soil be tracked by enemies, critics say.
In the retail industry, the report predicted, RFID chips will soon replace bar codes as the tracking technology of choice. It cited retailer Wal-Mart Stores Inc.'s highly publicized efforts to use RFID to track pallets and cases from its suppliers to the store. The Sage report noted that many retail executives expect that RFID technology will save their companies time and money performing inventory counts and doing restocks.
Consumer advocates, on the other hand, "claim the privacy implications are too dangerous to ignore. Imagine a world in which every item you purchase has an embedded RFID tag," the report said. "When you buy the item, your entire inventory of purchases can be stored in a central database. Advertisers could track your spending habits. When you wear the tagged clothing, you can be tracked and profiled as you travel through strategically placed scanners," it said.
Some experts contended that the dangers of RFID chips are overstated in the report. "There is nothing inherently insecure about RFID," said Michael Shamos, a computer science professor at Carnegie Mellon University who specializes in security issues. "There are some bad protocol implementations around that have security vulnerabilities. I'm all in favor of trashing specific bad implementations, but this is not a generic defect in RFID technology."
He said that government agencies and businesses should use chips that are encrypted to prevent hackers from replicating their data. Shamos also contended that RFID chips are not susceptible to viruses.
Also, he said, it is very difficult -- and expensive -- to track the movements of embedded RFID chips. "If you want to track someone, it's much easier and more effective to point a video camera at their face from 100 yards away than to plant RFID readers every 10 centimeters throughout your country," said Shamos.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts