The security of RFID tags has taken another hit.
In the wake of an embarrassing two-hour dismantling of an RFID passport, a crytographer known for his success in the field has suggested that mobile phones could be used to crack RFID tag codings. It would have to be operated by someone who had training in advanced algorithms, of course, insisted Adi Shamir, professor of computer science at the Weizmann Institute.
Shamir made his presentation at the RSA Conference this week in San Jose, California. He detailed the actions he took and the calculations he made in order to break into RFID tag encryption.
Using a directional antenna and a digital oscilloscope, Shamir monitored patterns in power use, finding unique fluctuations that matched the successful and unsuccessful implementation of password bits.
“We can see the point where the chip is unhappy if a wrong bit is sent and consumes more power from the environment,” Shamir said.
And, Shamir said, it wasn’t too much of a leap to translate the chip’s “unhappiness” into a power fluctuation that could be read and exploited.
Why was it so easy? Why all the current dread about security of RFID tags? According to Shamir, the tags are the victims of their own success. In the crushing drive toward smaller and smaller products, chipmakers have eliminated stringent security safeguards along the way.
Yet another warning for future developers of RFID.