Unprotected RFID could lead to corporate espionage

Share this article:

Companies who dismiss the privacy concerns of RFID radio tags may be opening themselves up to unexpected security risks.

According to Burt Kaliski, chief scientist at RSA, companies using RFID tags to track goods in the supply chain risk having their data leaked to rivals.

Speaking the RSA Conference in Barcelona, Spain, Kaliski said a rival company could plant RFID readers to monitor the movement of products, thereby gaining valuable data on the target's business.

"Sure, you could also bribe someone to get the data, or hack their systems, but using RFID makes it a lot more covert, and a lot more detailed," he said. And tags could be imitated or manipulated to cause havoc and disrupt a victim's processes.

RFID tags have been gaining popularity as tools to track the movement and management of goods in the supply chain. Lobbyists oppose RFID on privacy grounds, claiming it will allow consumers' buying habits and movements to be tracked.

Other concerns with RFID technology include the security of the readers used to scan tags. An attack was discovered (and fixed) recently which could interrogate a reader to gain data about the tags within its range. And the backend processes to deal with the large volumes of data generated by an RFID environment will also need to be carefully structured for security, Kaliski said. "Some people are saying that RFID could be a killer app for web services, because you have so much data to move and you need a standard way to exchange and secure it."

"The real security challenge is one of timing," Kaliski said. Although the problems are being resolved, "if security is left out until the second version of a standard, it gets a bad rap for being a 'new feature' which adds cost. Security needs to be built in from the start."


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.