Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

RFID Journal Blog

BlogsRFID Journal BlogThe Weak Link in RFID Security Systems

The Weak Link in RFID Security Systems

An informative article published by Wired shows that people are often to blame when RFID security systems—like other security systems—fail.
Posted By Mark Roberti, 08.02.2006
Wired ran an excellent article on the use of radio frequency identification in car immobilization systems (see Pinch My Ride). The article says that insurance companies have so much faith in RFID immobilizers that they deny theft claims based on the fact that the car couldn’t have been stolen if the owner has all the keys. That’s because the key is embedded with an RFID tag. When you turn the key to start the car, a reader in the steering column pings the RFID transponder in the key. If the transponder doesn’t reflect back the correct serial number, the car won’t start.

The reporter, Brad Stone, did some investigating after his own car was stolen and found that locksmiths have tools to clone RFID tags in keys so that they can create a new key when someone loses one of theirs. Of course, thieves can also use the tools to steal cars.

The reporter also reveals that some cars have a “cheat code,” which is similar to a trap door that lets IT folks get into their systems even if someone changes the password on them. Tricking someone at a car dealership into giving you the cheat code for your vehicle lets you start the car without the RFID-enabled key.

The article is entertaining and informative, but what I love about it is it shows that over-reliance on technology is dangerous. It causes companies to get complacent about dealing with the human element of security. Sure, a criminal can go out and buy computers and high-tech equipment to crack the security algorithm on any RFID tag. Or they can figure out high-tech ways to clone or spoof tags. The media has picked up on researchers proving this is possible. But it’s far more likely that a criminal will trick someone into providing—or even pay for—the information that enables them to hack an RFID (or other) security system. That’s what should be keeping you up at night—not the thought of a guy driving around with a Cray Supercomputer in the trunk trying to decrypt your tags.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Next Post
Two Views of the Alien IPO
Previous Post
It’s All RFID to Me
PREMIUM CONTENT
Case Studies Features Best Practices How-Tos
RFID JOURNAL EVENTS
Live Events Virtual Events Webinars
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL
JOIN THE CONVERSATION ON TWITTER
Loading
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations
© Copyright 2002-2016 RFID Journal LLC.
Powered By: Haycco