RFID tags attackable by your cellphone
By Ryan Block 
posted Feb 15th 2006 9:24AM
posted Feb 15th 2006 9:24AM
So Adi Shamir, co-author of the
SHA-1 hashing standard with Ron Rivest, announced at the RSA Conference that after spending some time with an antenna
and digital oscilloscope he was able to quickly familiarize himself with even the bit-for-bit transactions made between
readers and RFID tags. Using these scanning techniques for cracking
the crypto wasn't expressly mentioned, but Shamir did announce that a modified cellphone would have more than enough
power to attack and compromise all RFID tags in the vicinity. So, is it time to panic on RFID? No, we don't think so,
not yet, but we certainly do think these guys proved their point: the powers that be pushing RFID should probably start
consulting the industry's top security analysts before, not after, shipping product (or implanting tags into
their employees).[Via Slashdot]
WHEE!! Yes, please, let's force everybody to start using an inherently insecure ID technology!
I've said it before, and I'll say it again, RFID needs to stay in the stockroom.
I want the instructions!
I still haven't heard a compelling reason to use RFID for anything except inventory control. How is this better than a magnetic strip for credit card or drivers license/photo ID/passport? What is better than biometric security for access control, like the aforementioned implantees? If its high-security, a combination of cross-matched biometric features can be used. If a fingerprint doesn't match a retina scan, then you don't get access. It amazes me that these government securty agencies who want to use this aren't more critical.
Well, maybe I'm not so amazed. Richard Feynman described in a book of his how many of our nuclear secrets were kept locked in file cabinets that were trival to open, so I guess we haven't learned anything in 60 years