RFID has recently been integrated into passports, allowing a traveler to move more quickly through security checks.
Like a tin-foil hat, it blocks the signal from the reader, rendering the chip unresponsive until the passport is opened. This is a good first step, but studies have shown that it only needs to be opened slightly to be readable. Furthermore, when the passport is slightly open, the mesh protection becomes an amplifier, making the chip readable from further distances.
The solution? The best security solution for this implementation is encryption. The payment card industry uses RFID technology in the new contactless payment technology (i.e., PayPass by MasterCard). This technology takes advantage of encryption capabilities in some RFID systems to ensure that a rogue reader cannot compromise the information sent from the card to the reader.
Some of the risks with RFID are more easily solved than others. There are implementations in use today which prove that some of these solutions are possible. Part of the problem is that the RFID chips capable of these advanced security features are more expensive, and thus less desirable, for massive rollout, such as for tracking products in stores.
Do risks outweigh rewards? Certainly, RFID and its uses are innovative and can simplify daily life for people. However, its critical that the industry implements this technology mindful of the abundant threats that RFID inherently introduces. Considering the risks and threats early in the implementation and adoption stages will eliminate many of the security problems.
John Carmichael leverages his strong lab development, programming and security process skills to deliver secure software development training courses to some of the worlds largest organizations including Adobe, EMC and MassMutual. Prior to joining Security Innovation, John was a systems analyst who led various Web development labs and product training for both technical and non-technical audiences.