From Yahoo! Tech (7/20/09)
By Christopher Null
There has certainly been no shortage of warnings over the growing prevalence of RFID, the short-range wireless technology that’s being used for everything from automatically paying for bridge tolls to encoding personal information in new U.S. passports. The problem: RFID security is notoriously weak, and equipment letting anyone scan and read RFID information is commonplace and inexpensive.
And now the hackers are taking interest. Using less than $200 in equipment and his car, one tinkerer figured thought he’d see what he could uncover by simply driving around San Francisco, scanning for passport-embedded RFID tags. The result? In about an hour of driving around tourist-heavy parts of town, Chris Paget skimmed a total of six RFID passports, with a minimum of effort involved on his end and his victims none the wiser.
The stunt was an eye-opening demonstration of RFID’s inherent flaws, but tracking capabilities like this are on the rise. RFID-embedded ID cards are growing in popularity worldwide, and it’s likely that the amount of information embedded within them will only increase.
And, as the ability to scan RFID tags from a distance increases, the possibility of long-range snooping becomes more and more real — and all you need to do “wrong” is have your passport or another RFID-enabled ID card in your back pocket.
Meanwhile, RFID’s rollout continues to be contentious. The Department of Homeland Security is a rabid proponent of the technology despite the concerns of its own internal advisory committee on data integrity and privacy, which has warned that it increases privacy risks and offers little to no national security benefit and “should be disfavored for identifying and tracking human beings.”
The real problem may come when RFID tags begin to be used as unique identifiers in, say, a financial setting — potentially as a replacement for the good-old SSN. As one concerned observer says, “There’s a reason you don’t wear your Social Security number across your T-shirt, and beaming out your new, national RFID number in a 30-foot radius would be far worse.”