+5 votes
95 views
RFID chips - a security risk?

in Security by (552k points)
reopened | 95 views

1 Answer

+3 votes
Best answer

What is rfid
driven
Protective measures

Not everyone knows it, but everyone comes into contact with it: RFID chips spark off ID cards, cheese packs and jeans. But is that dangerous?

image image

RFID technology is guaranteed to get in your way here and there in everyday life. You probably even have the sparkling chips in your closet. We will show you the possible dangers and possible protective measures.

What is rfid

RFID stands for radio-frequenc identification , so identification by radio waves. This is basically a very simple system made up of two components: a transponder and a reader. The transponder is usually called an RFID tag or radio tag. "Label" already indicates that it is a question of quite small devices and also the possible use is implied. In practice, for example, RFID tags are often small stickers with an edge length of less than one centimeter that are attached to goods. Or they are sewn into garments by the manufacturer. The main reason is quite trivial: you want to know, for example, whether a pair of pants that has been produced has left the factory or not.With a sewn-in RFID tag, trousers can simply be brought from the production hall to the shipping department and a reader on the door records this process. And what works with a pair of pants is of course also possible with a whole container full of pants. It is precisely there in the logistics industry that there is also the greatest interest in RFID technology. RFID has been a bigger topic for maybe 10 to 15 years, but the first applications were already in the 1940s!

However, RFID tags can also be significantly smaller and shrink to the size of a grain of rice and below. A well-known example from the tabloid media was its use in people a few years ago: In some scene clubs, regular customers could have RFID chips implanted under their skin to simplify entry and drinks purchases. And at this point, at the latest, it was probably also the average Otto who felt queasy. The slightly paranoid techie can look forward to "RFID powder": The smallest RFID chips are just 0.02286 millimeters in size. Of course, horror scenarios are spreading. From planting such chips in human cells to "dusting" crowds with a type of RFID dust..

image
RFID transmitters and receivers for craft projects.

As always, a first step against any worries is to understand the technology. Most RFID tags, especially the small ones, are passive devices that consist of a little antenna and analog circuitry to respond and transmit, and digital circuitry to store information (such as a part number). They receive electricity for operation from the readers or their radio signals. Usually they can only be written on once and then basically act exactly like a normal barcode, except that they are recorded via radio instead of a camera. The range is usually a few centimeters. A big advantage of such passive tags: They are cheap enough to even use them on cheap products.

However, RFID tags can also reach the size of a book, be writable several times, have an active energy supply and a range of kilometers. In this respect, RFID is basically a framework for general transmitter-receiver applications. In the case of large shipping containers, for example, RFID can ensure that containers are not lost and can be found at all. On the one hand, the labels could be enriched with GPS data, on the other hand, of course, the locations of the readers are known - and thus also the tagged containers or products at a certain point in time.

However, the small, passive tags from your jeans or sausage packs in the supermarket are more relevant for everyday life..

driven

The benefits for a supermarket or logistics in general should be clear: Goods with RFID tags can be tracked. Theft protection is also possible: Labels that can be rewritten can be rewritten accordingly at the checkout, while labels that can be written on easily can be physically destroyed. And as a matter of principle, for us as customers in the supermarket, the level could one day be reached where products are packed, left the store and the products are automatically scanned and billed without cash. But that should still take a while. Or how about tagged screws? Your car loses a screw and the on-board computer knows immediately which screw needs to be replaced and where - not bad either. There are still dozens of useful application scenarios, such as access controls or key finders.

The danger for each individual is also obvious: You too can be tracked! With RFID tags in license plates and a corresponding landscape of reading devices, extremely precise movement profiles can be created. Radio tags in pants could - theoretically - still be tracked after the purchase. Imagine buying a pair of jeans with an RFID tag in a large department store that is actually / officially only intended for the manufacturer's logistics. But who can tell you that the whole department store isn't equipped with reading devices and that you will be followed down to the last centimeter the next time you visit? The routes you cover in the sales area are extremely interesting information for dealers

The danger can also be understood in a much more general way: with RFID, almost everything can be tracked - with low costs, tiny components, minimal transmission power and, above all, completely inconspicuous. In addition, you simply never know exactly where such a label is being hyped to you, let alone what it does in detail. For example, there are also tags that do not encrypt information, but simply reveal it - that is even the basic idea!

The most prominent example of an RFID threat is probably the new identity card: the chip contained on it should be readable from a distance of around two meters. The information is of course encrypted. Nevertheless: Anyone can read the information first - if the encryption is cracked at some point, it looks bleak. By the way: contactless payment with EC or credit cards works with NFC technology, which is at least based on RFID. And if small amounts can be paid here without entering a PIN or the like, a thief can of course steal such amounts literally in passing. All he has to do is hold the counterpart close to your card.

Protective measures

You certainly do not have to panic at the moment, for technical reasons alone it is not possible, for example, to shower crowds with RFID dust and then track them individually. And the infrastructure of reading devices would first have to exist. In general, tracking scenarios are associated with considerable effort and hardly anyone is still storing sensitive information unencrypted on RFID tags. But who knows what the future will bring. There are three things you can do to protect yourself :

First , you can buy wallets with appropriate protection for ID cards and other RFID cards: The weak, passive transmitters can be quickly disarmed with a little metal. For a few euros you can also get jammers in card format that protect an entire wallet

Second , you can simply pay attention: if you see tags on goods, remove or destroy them. Most of the time you will recognize the helical antenna somewhere and it is sufficient to cut it through at one point.

Third you can - this is really only recommended as a hobby or in the case of slight paranoia - tinker with your own jamming devices or destroy existing chips. RFID readers have a problem with processing a large number of tags at the same time. So if you put a few hundred tags in an MP3 player case, for example, it will confuse readers to the point of uselessness. Or a quick cure in the microwave: This has the potential to destroy the tags themselves. It may be worth trying with a sock, but with a customer card with RFID you could lose the entire card ....


by (3.5m points)

Related questions

+3 votes
1 answer
asked Oct 19, 2021 in Lifehacks and secrets of TikTok by backtothefuture (552k points) | 115 views
+3 votes
1 answer
asked Jan 3, 2022 in Security by backtothefuture (552k points) | 128 views
+3 votes
1 answer
asked Nov 16, 2021 in Security by backtothefuture (552k points) | 241 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users