RFID tags become hacker target

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Under-the-skin ID chips move toward U.S. hospitals
July 27, 2004; Portuguese pooches to get radio-tagged
July 23, 2004; Radio tags dress up RFID concept store
July 14, 2004

LAS VEGAS--Privacy advocates may not be the only people taking issue with the current crop of radio-frequency identification tags--merchants will likely have problems with a lack of security as well, a German technology consultant said Wednesday.

Low-cost RFID tags--many of which are smaller than a nickel and cost less too--are already being added to packaging by retailers to keep track of inventory, but could be abused by hackers and tech-savvy shoplifters, said Lukas Grunwald, a senior consultant with DN-Systems Enterprise Solutions GmbH. While the technology mostly threatens consumer privacy, the it could allow thieves to fool merchants by changing the identity of goods, he said.

"This is a huge risk for companies," Grunwald said during a discussion at the Black Hat Security Briefings here. "It opens a whole new area for shoplifting as well as chaos attacks."

While expensive RFID reader hardware and hard-to-use software have hindered security research in the area, Grunwald said that's no longer a hurdle. The security expert announced during the session a new software tool he helped create that can be used to read and reprogram radio tags.

When such tools become widely available, hackers and those with less pure motives could use a handheld device and the software to mark expensive goods as cheaper items and walk out through self checkout. Underage hackers could attempt to bypass age restrictions on alcoholic drinks and adult movies, and pranksters could create confusion by randomly swapping tags, requiring that a store do manual inventory.

Grunwald's software program, RFDump, makes rewriting RFIDs easy. While there are significant malicious uses of the program, consumers could also use it to protect themselves, he said.

"Everyone should have the right, once they leave the store, to erase the RFID tags," he said. Deleting information on the tags would allow people to stop RFID checkpoints in stores and other places from tracking which products they are carrying, or which have been inserted under their skin.

Solving the business security issues may not be easy. While encryption could be used to hide data from unauthorized snoopers, not many RFID chips can handle the more-involved task of crunching cryptographic keys. Moreover, the RFID tags that can handle those tasks are among the most expensive on the market and not something you would stick on a cream cheese box at the grocery store, Grunwald said.

Store owners could have a database server that they program to track their goods using the unchangeable serial number on the RFID tag, however that adds a lot more complexity to the adoption of such technology, Grunwald added.

"The people who will be using this (shopkeepers) don't know much about technology," he said.

See more CNET content tagged:
RFID, RFID tag, business security, hacker, goods

Add a Comment (Log in or register) 12 comments

They're rewritable? Whose idea was that?
by July 29, 2004 2:42 AM PDT: It never occurred to me that the RFID tags used for marking
goods would even have an erase capability... they're
replacing tags that are inhenetly hard to erase or modify,
they need to retain that characteristic: either writes would
have to be incremental (the protocol would allw you to
append information, but not change anything before the
'write mark'), or they'd have to use a physically permanent
write (eg, a fusible link PROM). Depending on security by
obscurity or the kind of crypto the cheap processors you
could put in a tag could handle... that's just inconceivable.

The people who design commercial security systems don't
seem NEARLY paranoid enough.; Reply to this comment

store RFID tags aren't rewriteable
by July 29, 2004 3:30 AM PDT: This is FUD. The kind of RFIDs Grunwald talks about aren't those that will be used in stores. Stores will use the cheaper RFID variant that can't be rewritten and is more like a "serial number" for each label.

Grunwald says: "Store owners could have a database server that they program to track their goods using the unchangeable serial number on the RFID tag, however that adds a lot more complexity to the adoption of such technology,"

It seems he doesn't know what he is talking about, since that's the way they do it. Furthermore the store doesn't need to know the serial number for each single tag, since the beginning of each RFID-number identifies the product and only the last numbers are the serial number.

The thread of exchanging labels or creating your own is real, though minimal. It should be obvious that something is wrong when the expensive watch shows up as candy bar on the scanner. If RFIDs ever become the sole mean for determining how much you have to pay, tin-foil coated bags will be the way to go shoplifting.; Reply to this comment View reply
Processing

It is easier than that.
by swwg69 July 29, 2004 6:21 AM PDT: Just carry an rfid tag from a product you already
bought into the store. It is easier to fool an
rfid reader than a UPC reader.
If the tags are set to truly unique,
then just swap one out on product in the store.
That will be faster than re-programming it.
Geez - thieves are lazy, think lazy.; Reply to this comment

Yes, I agree. This idea is horrible
by July 29, 2004 8:27 AM PDT: To the author: you are an idiot.; Reply to this comment View reply
Processing

Nothing new here
by mardunba July 29, 2004 9:21 AM PDT: Where is the big story about "hackers" printing out their own UPC labels containing numbers for a pack of bubble gum, slapping it on a new DVD player and heading to the checkout? It is much easier to print a UPC label on a $60 ink jet printer than hack an RFID tag and it doesn't seem to be a big problem for stores.; Reply to this comment View reply
Processing

Uninformed
by FoxFord October 17, 2005 1:50 PM PDT: As an electrical engineer, I'm rather annoyed at this article. It is clear that no research was done for this article. Correct me if I'm wrong, but EPCGlobal Standards (which Wal-Mart, Target, and most likely the rest will use) are read only, save the Kill bit. Now, if he had argued that havoc could be created by utilizing the kill bit, you would still have to know the password.; Reply to this comment

Latest tech news headlines

IBM invests in business partners' training
Posted in News - Business Tech by Colin Barker

October 11, 2008 5:01 PM PDT
Navy charters kite-powered cargo ship to deliver equipment
Posted in Military Tech by Mark Rutherford

October 11, 2008 11:03 AM PDT
FCC report negates free Internet interference claims
Posted in News - Wireless by Michelle Meyers

October 11, 2008 10:41 AM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
IBM invests in business partners' training
A business development fund aims to encourage its largest partners to take up more skills training around data centers.
Gallery
Photos: Top 10 reviews of the week
Military Tech
Navy charters kite-powered cargo ship to deliver equipment
The use of this new breed of sailing ship could reduce fuel costs by 20 to 30 percent, according to the ship's owners.
Coop's Corner
Ellison's mantra: Spend, baby, spend
It may be hell out there, but Oracle's chief tells shareholders the company still intends to shop for more acquisitions.
Video
Sprint launches Xohm WiMax
News - Wireless
FCC report negates free Internet interference claims
Report from commission engineers boosts plan to auction spectrum for free wireless Internet by dismissing concerns it would interfere with existing providers' signals.
Video
Talking with Newt Gingrich on tech, bailout
News - Politics and Law
President signs broadband data collection bill
The Broadband Data Act encourages wider collection of information regarding nationwide access to broadband.
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
Crossfade
The Streets, 'The Escapist': Free MP3 of the Day
Download a free MP3 of "The Escapist" courtesy of CNET Download Music.
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."