RFID (in)security

The first time I encountered RFID, was when I spotted a Pet Tag reader at the Vet.
They inject a tiny “chip” into your pet, and then register the Radio ID of the chip in a Database. If your beloved fluffy ever goes missing without its collar, the pound should be able to detect the chip in your pet, and then use the ID to find the owner.

Then some clever people decided to start putting them in pretty much everything
My access card for work is an RFID tag. My Student card from UJ is an RFID tag. My LUAS card is an RFID tag.

The UK government has started putting RFID tags in new Passports. This raised a huge number of privacy concerns. Imagine walking into a room, and instantly knowing exactely who is in it, simply by reading all the RFID tags of all the Passports in the room. There was even talk of fitting them to Vehicle number plates.

Large supermarkets are looking into using RFID instead of barcodes on products, for full supply chain tracking.

And now the fun part..
It didn’t take very long for this “new” technology to be ripped apart.
RFID IO Tools have put together all the tools you’ll need to read and write RFID tags.
It seems relatively easy now to Clone someone elses ID. Thats not cool.

So much for security… And despite all these flaws, all the major players in the industry are still going ahead and deploying it.