I think that the security issues have been pretty consistent for the past few years. They can be broken down into two major areas: securing data on a tag, and preventing eavesdropping on transmissions.
There are two issues with regard to securing tag data. The first is having someone overwrite information, which could allow that person to commit fraud. For instance, if a hacker were able to overwrite data on a tag, he or she could potentially change the identifier of an expensive product to that of a cheaper product before checking out at the front of a store. The second issue involves duplicating tag data. If a counterfeiter were able to duplicate tags, he or she might be able to distribute fake drugs as the real thing.
Another concern is that someone could gain valuable information by listening in on a transmission between a tag and a reader. This could be an issue for military applications, for instance—if an enemy were able to pick up data regarding what is stored within shipping containers by reading active tags on the outside of a container, it could possibly determine the size and location of military units. With passive tags, it might then be feasible for competitors to gain information about customer shipments.
The bigger concern with intercepting transmissions between a tag and a reader, I think, involves financial transactions. If you were able to intercept a signal between a transponder in a credit card and a point-of-sale terminal, you might be able to glean sufficient data to be able to use that credit card illegally for future purchases.
The RFID industry has been working to find solutions to these issues. There are better and more secure cryptography tools being used on tags, and new features that allow businesses to lock and hide data on a tag. As RFID becomes more prevalent, this issue will likely become more important, and a greater focus will need to be placed on protecting tag data and transmissions.
—Mark Roberti, Founder and Editor, RFID Journal
Where Can I Get Magazine Readership Research for Advertisers? »