More RFID Insecurity

Posted on Tuesday 24 October 2006

The New York Times has a good article on how easy it is to hack some of the new “touchless” RFID-based credit cards. My favorite quote from the article:

And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. “Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?” Mr. Heydt-Benjamin, a graduate student, asked.

The credit card companies dispute the results due to the relatively small sample size of cards used in the experiments. However, in my opinion, if even one card can be found to be transmitting important information, like the owner’s name in the clear, it is a serious security issue.

Previously, there have been problems reported with the new RFID-equipped passports that the Bush regime has made mandatory. Again, this seems to be a case of the technology being implemented before there is any real understanding of the risks and problems involved in doing so.

No comments have been added to this post yet.

Leave a comment



Information for comment users
Line and paragraph breaks are implemented automatically. Your e-mail address is never displayed. Please consider what you're posting.

All comments are subject to review and approval
before being posted on this site.

Use the buttons below to customise your comment.

RSS feed for comments on this post | TrackBack URI