NEWS

Pro Hackers Take On RFID Down Under

An Australian firm has begun using its information-security consultancy to perform RFID system audits, which include probing vulnerabilities.


	Email Article
	Create PDF
	Print Article
	Digg This



	Increase Text Size
	Decrease Text Size
	Turn Definitions Off

By Mary Catherine O'Connor

Aug. 29, 2006—Companies pay Joshua Perrymon and Robert McAdam for performing ruinous acts on their infrastructures. The pair's firm, Pure Hacking, does what is known as ethical hacking, or penetration testing, and serves it up with a consultation service, detailing the holes in the companies' existing security measures and providing steps they can take to protect their data better.

Pure Hacking has, in the past, focused on corporate firewalls and security protections for onsite servers and applications, both in wired and wireless networks. Now, they've begun testing the vulnerabilities of RFID systems and are performing security audits for companies deploying RFID technology.

Robert McAdam

Perrymon says Pure Hacking is focusing on both the operational and technological risks associated with insecurities in an RFID system, and that the company uses a structured auditing process similar to those performed by the National Institute of Standards and Technology (NIST) the International Standards Organization (ISO). He says that aside from enabling its clients to improve information security, Pure Hacking can also save them significant amounts of money by "identifying security risks early, instead of down the road of when an attack comes."

Perrymon and McAdam interview executives and key employees at the firm being audited and perform surveys in order to understand how its RFID system is deployed. From this information, they ascertain the operational risks linked to its operation. "We ask about policies and procedures, and recommend new ones," says McAdam.

The client's technological risks are assessed through hands-on penetration testing. "We'll identify possible attack areas, and then go in with a rogue reader and simulate an attack," says McAdam. This consists of trying to read one of the firm's deployed tags with an unauthorized interrogator, trying to clone or change data encoded to the tag, or using an interrogator to manipulate the tag to identify the configuration of the data encoded to its chip.

| 1 | 2

Next Page >>

Print Article Email Article Reprints and Permissions

RFID Journal LIVE! Middle East, Jan. 5-7, 2009, Dubai

RFID Journal’s first annual event in the Middle East will be held at the InterContinental Hotel Festival City in Dubai, United Arab Emirates. This premier RFID event will help companies across the Middle East get up to speed on RFID and begin to leverage the unparalleled benefits that the technology can deliver. Attendees will learn about how RFID can be used in their operations and meet the vendors that can help them deploy a successful solution.

RFID in Health Care • Jan. 22, 2009 • Rio All-Suite Hotel • Las Vegas, Nev.

RFID Journal will host its second-annual RFID in Health Care event, co-located with the 3rd Annual Leadership Summit on Healthcare Supply Chain Management. RFID in Health Care is the one event where you can hear from health care providers and leading early adopters share real-world case studies that reveal the business benefits of RFID technology. Learn how to cut costs and improve patient outcomes. Plus, meet the leading providers of RFID systems for health care.

RFID Home RFID Buyer's Guide Post a Resume Request a Quote

Retail/CPG	Health Care/Pharma	Chemical	Manufacturing
Transport/Logistics	Defense/Aerospace	Packaging/Labeling	Apparel & Footwear