RFID (Radio Frequency Identification) is a method of remotely storing and receiving data using devices called RFID tags. RFID tags can be small adhesive stickers containing antennas that allow them to receive and respond to transmissions from RFID transmitters. RFID tags are used to identify and track everything from Exxon EZ passes to dogs to beer kegs to library books. RFID tags use a standard that has already been hacked by several researchers. There are several motives for someone wanting to hack an RFID system:
- For monetary gain. Hacking a store's RFID system would allow a hacker to lower the pricing on any product(s). One could also steal cars (Prius or Lexus already have RFID keys) with RFID-encoded keys.
- Wreak havoc with someone's supply chain. Malicous/mischievous hackers can delete/alter/modify all identifying information for an entire shipment of products.
- Protect personal privacy. Privacy advocates fear that RFID tags embedded in products (which continue to transmit information after leaving a store) will be used to track consumer habits. RFID tags are also being tested as a means for identifying individuals on passports, driver's licenses, etc. This also has the ACLU types up in arms because, just like RFID tags in consumer products, these tags would be "always on" and broadcasting your personal information wherever you are.
RFID is about devices and technology that use radio signals to exchange identifying data. In the usual context, this implies a small tag or label that identifies a specific object.The action receives a radio signal, interprets it, and then returns a number or other identifying information. (e.g.,“What are you?” answered with “I am Inventory Item Number 12345”). Alternatively, it can be as complex as a series of cryptographically encoded challenges and responses, which are then interpreted through a database, sent to a global satellite communications system, and ultimately influence a
backend payment system.
RFID Security is focused on the technical security aspects of using RFID—specifically the security of the physical and data layers (i.e., Layer 1 and Layer 2).The multitude of questions regarding RFID applications are influenced by the policy decisions of implementing certain applications, and by the philosophical and religious outlook of the parties involved. Generally, those matters are not discussed, except where a security decision directly influences a privacy policy. (See “United States Passports” in Chapter xx.)