Unprotected RFID could lead to corporate espionage

Share this article:

Companies who dismiss the privacy concerns of RFID radio tags may be opening themselves up to unexpected security risks.

According to Burt Kaliski, chief scientist at RSA, companies using RFID tags to track goods in the supply chain risk having their data leaked to rivals.

Speaking the RSA Conference in Barcelona, Spain, Kaliski said a rival company could plant RFID readers to monitor the movement of products, thereby gaining valuable data on the target's business.

"Sure, you could also bribe someone to get the data, or hack their systems, but using RFID makes it a lot more covert, and a lot more detailed," he said. And tags could be imitated or manipulated to cause havoc and disrupt a victim's processes.

RFID tags have been gaining popularity as tools to track the movement and management of goods in the supply chain. Lobbyists oppose RFID on privacy grounds, claiming it will allow consumers' buying habits and movements to be tracked.

Other concerns with RFID technology include the security of the readers used to scan tags. An attack was discovered (and fixed) recently which could interrogate a reader to gain data about the tags within its range. And the backend processes to deal with the large volumes of data generated by an RFID environment will also need to be carefully structured for security, Kaliski said. "Some people are saying that RFID could be a killer app for web services, because you have so much data to move and you need a standard way to exchange and secure it."

"The real security challenge is one of timing," Kaliski said. Although the problems are being resolved, "if security is left out until the second version of a standard, it gets a bad rap for being a 'new feature' which adds cost. Security needs to be built in from the start."

www.rsasecurity.com

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.