Tuesday, March 25, 2008

RFID-Hack Hits 1 Billion Digital Access Cards Worldwide

I'm back from my mini-vacation (hence no posts here since Thursday)...just in time to post this article in PC World detailing just how vulnerable RFID technology can be to would be hackers (at least this specific model anyway) and identity thieves.

PC World Reports:

NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes, said ter Horst. One billion passes with the technology have been distributed worldwide, making the security risk a global problem. A spokesperson for the ministry told Webwereld, an IDG affiliate, that it had not yet notified other countries.

The warning comes in a week when two research teams independently demonstrated hacks of the chip's security algorithm.


Criminals can use the hack to clone cards that use the Mifare Classic chip, allowing them to create copies of building access keys or commit identity theft. The chip is used in payment systems worldwide, such as the Oyster Card in the U.K. and the CharlieCard that is used in Boston. Both offer payment systems that allow for wireless transactions.

Our position on this technology is pretty simple: as a society, before we jump head first into the full fledged implementation of any technology that raises these kinds of questions we should take a step back and do the kind of thorough review of the pros and cons first. Then, based on what we find, put in place common sense regulations and safeguards...using the Constitution and our right to privacy as the most important factors in formulating public policy...rather than factors like so called "consumer convenience" and corporate profit.

Click here to read the article in its entirety.

No comments: