A software tool that allows anyone to read and manipulate data on an RFID tag has been developed by German security consultant Lukas Grunwald of DN-Systems Enterprise Internet Solutions.
The development increases speculation that hackers and fraudsters could tamper with RFID data.
Grunwald demonstrated the tool at the Blackhat Conference in Las Vegas using a hand-held computer and RFID reader.
He said the software, known as RFDump, could be used maliciously by hackers or fraudsters to alter prices before taking products through self-checkout.
Children could also use the software to remove age restrictions on alcoholic drinks or adult material.
David Lyon, head of EPC global marketing at e.centre, the association that promotes use of RFID in the supply chain, was adamant that security was not compromised. 'We use passive tags in the supply chain - write once, read many times - so tags cannot be re-written. The drive is all about keeping the cost of tags low,' he said.
However, Bloor Research practice leader for security and enterprise solutions Fran Howarth said the tool throws up important issues. 'This could be a problem, but it's already a feature of the technology, particularly for re-useable items.
'It is something that will have to be sorted out by encryption, access controls and ID management. However, the truth is there are too many other big issues to sort out at the moment, such as standards and frequency use,' she said.
Co-developer of RFDump Boris Wolf denied that developing the software was a green light to fraudsters. 'Our aim is to help stimulate a development community so that people can collaborate on aspects of RFID security,' he said. The software is now available on the Internet.
'The idea is to show what can happen and that more security is needed,' said Wolf. 'There are RFID devices that offer more security, but they are not being used widely because they are too expensive.'
Wolf said rather than aid hackers and fraudsters, the software is more likely to help towards the development of tools that allow consumers to ensure their privacy. 'People are concerned that tags in clothing will be used to measure their movement. A tool like this could stop that happening,' he said.
No comments yet