Securing RFID information
Industry standards are being strengthened to protect information stored on RFID chips
Computerworld - Industry standards are being strengthened to protect information stored on RFID chips and to prevent hackers from using sensitive data stored there in nefarious exploits.
Radio frequency identification data is vulnerable when stored on the chip itself and also when it is written to, or read from, the chip. A much-publicized new exploit exhibited in August by Lukas Grunwald at the Black Hat 2004 conference in Las Vegas, RFDump, exposes the vulnerability. Anybody with a card reader plugged into a laptop can use RFDump to read data from within 3 feet of a passive RFID chip.
"[Grunwald] is doing what RFID is supposed to do," said security author and Counterpane Internet Security Inc. Chief Technology Officer Bruce Schneier. "This is serious. He didn't hack anything. RFID technology originally was designed to be completely open; that's its problem. He went to the spec, read it and followed it. If you query the chip, you will get this info. If there were security countermeasures on the chip that were thwarted, then we could talk about hacking."
RFDump is a threat to data stored on passive RFID chips used today. According to industry sources, the vulnerability has been known for some time, and a new standard was approved in June to shield RFID data. The lack of security isn't expected to constrain the growth of the RFID marketplace, which is expected to grow from $91.5 million to $1.3 billion in 2008, according to market research company IDC in Framingham, Mass.
Sue Hutchinson, director of product management at EPCglobal U.S., a Lawrenceville, N.J.-based industry trade association that supports the use of electronic product codes, says most of this growth will be fueled by supply chain applications, such as tracking goods from manufacturers, through shippers and warehouses, to the retailer or final consumer destination.
"Our end users provided a detailed set of requirements, and our users provided us with some good security requirements" for supply chain applications, when work began on the second-generation RFID standard last year, Hutchinson said.
"Part of our standards development was a second-generation UHF [ultra high frequency] air interface protocol, the protocols that manage data moving between the tags and readers. It includes some protections for data on the chip," she said. The new standard will secure passive tags, such as those exploited by RFDump and found in most supply chain applications, with "a secured forward link."
"When data is written to the tag, the data is masked going over the air interface. All of the data coming from the reader to the tag is masked, so parts
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- The Value of IBM InfoSphere BigInsights The IBM® InfoSphere® BigInsights™ software platform helps firms discover and analyze business insights hidden in large volumes of a diverse range of data....
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Unified Communications 101 What's the best way to implement a unified communications solution for your organization? Join independent networking expert, Ed Tittel, as he weighs the... All Business Intelligence/Analytics White Papers | Webcasts