Sunday, February 25, 2007

RFID data leak

I just read from PC World an article on how new credit cards with embedded RFID could leak your personal information. The article quoted its source from a research paper to be released by the RFID Consortium for Security and Privacy (RFID-CUSP) which is a partnership between academic and industrial scientists specializing in RFID security and privacy. Its mission is to make RFID safe for consumers by conducting open research and educating the next generation work force that will develop, deploy and maintain secure RFID infrastructures. The research paper highlighted the vulnerabilities of the first generation RFID-enabled credit cards.

Name and credit card number are printed on the credit card. More credit information are embedded in the RFID chip to be read by the legitimate credit card terminals used by merchants. What the RFID-CUSP report highlights most significantly is the new physical dimension of vulnerability that RFID credit cards introduce. Without even removing their cards from wallets or pockets, the privacy and security of consumers can be compromised. A scanner in a crowded subway station might surreptitiously harvest credit-card data from passersby. The RFID-CUSP research team dubbed it a “Johnny Carson” attack, which in one of his acts, he revealed the contents of sealed envelopes held against his forehead. Likewise, an attacker can quickly skim data from RFID credit cards in sealed envelopes while they are in transit or sitting in mailboxes.

Credit card companies responded by upgrading second generation RFID-enabled credit cards and excluding names from the data stored in the chip. Thanks to the effort of the scientists who could balance technology and personal privacy, we could have an advanced technological tool which is safe to use.

More sci-fi-like news. Hitachi has invented RFID chip as small as a dust. An article from Wired News reported that tiny computer chips used for tracking food, tickets and other items are getting even smaller. It said "Hitachi Ltd., a Japanese electronics maker, recently showed off radio frequency identification, or RFID, chips that are just 0.002 inches by 0.002 inches and look like bits of powder. They're thin enough to be embedded in a piece of paper, company spokesman Masayuki Takeuchi said Thursday."

This picture shows the new RFID chips placed around a sugar crystal in the middle. The comment is on the scary side, that invisible tracking brings to mind science-fiction-inspired uses, or even abuses, such as unknowingly getting sprinkled with smart-tag powder for Big Brother-like monitoring.

No comments:

Post a Comment