Unfortunately, these days it’s essential to have a wallet with RFID protection.
Radio Frequency Identification (RFID) technology relies upon the interaction of the radio waves frequency from the electromagnetic wave spectrum. Using these radio waves, it makes it possible to track as well as identify anything that RFID tags have been attached to which includes assets, vehicles, and even people!
Superseding barcodes and magnetic swipe cards, RFID proved a pervasive technology since it was cheaper, easy to use and could be used without any human interaction. That means that it has become no longer necessary to manually scan barcodes or enter information in a computer to record and track the items. All you have to do is bring your RFID tag or card with an RFID chip close to the reader within a 15 cm distance and you’ll be able to proceed with your desired operation.
This owed to its success in airline baggage management, prescription management systems, toll and parking systems, automated payment systems, retail as well as in the supply chain management.
The next-generation RFID use is currently being implemented in the internet of things deployments. RFID enables sensor data such as movement, location and temperature to be wirelessly transmitted when it is connected with sensors and/or GPS technology.
However, no technology exists without its disadvantages and risks. The same has been true for RFID technologies as well. Thus, it is important to weigh the pros and cons of a technology before employing it.
We will be discussing some of the risks associated with the radio frequency identification technology over here so that organizations may benefit from it knowing its full potential and threats too.
What are the Disadvantages of RFID?
To understand the disadvantages of this technology, it is first imperative to know how the technology works. There are two main components: the RFID reader and the transponder, also commonly referred to as the RFID tag that incorporates it.
Radio waves transmit signals from the RFID card reader which can then activate the tag. The tag then sends a signal to the reader which can be translated into data by the reader.
Compared to barcodes, some of the disadvantages that are evident with the RFID technology is that it requires a constant power source; its signal can be impacted by metals and even liquids; they may not be as accurate sometimes as barcode scanners since radio waves block or cancel one another, thus causing a disruption in the final signal.
Moreover, RFID card readers are quite costly, being 10 times the cost of a barcode reader. It may be worthy to note here that although their initial cost is high, in the long term it becomes costly to employ a person to scan the bar code.
Additionally, there may be two main technical challenges while implementing this technology:
This occurs when signals from different RFID readers in the same vicinity interfere with each other hence distorting the signal.
This problem may be dealt with by enabling an anti-collision protocol so that the tags transmit to their readers iteratively.
In other instances, too many RFID tags can send signals to a single RFID reader simultaneously, hence confusing the reader.
To prevent this, it may be fruitful for organizations to invest in a reader that takes into account tag signals one at a time.
Is RFID Technology Safe?
Most people are concerned on how safe RFID cards are exactly. In large scale supply chain operations, for example, efficient security measures are a matter of high priority. In other applications where RFID technology is being employed in medical or military settings, the security concerns may also put the national security at stake or in medical related applications, play a catastrophic role in life and death matters.
A common security risk with the RFID technology is that anyone who owns a compatible reader may gain access to the RFID tag data, on purpose or by accident. Many tags have unique serial numbers and if unauthorized readers gain access to them, it is possible to associate them to a consumer through that unique serial number.
It would be common sense to employ encryption methods to solve a problem like this. However, due to the limited computational power of most RFID tags, this is not an appropriate solution.
There is one exception, however, that is the RFID tags used in passports. Known as Basic Access Control (BAC), the chip has sufficient power to be able to decode an encrypted token from the reader.
The United States State Department has successfully implemented encryption methods such as the BAC system coupled with an anti-skimming material on electronic passports so that the users’ personal information theft is no longer a major threat.
With the growth of this pervasive technology in many fields, the number of hackers and hacking methods, too, have increased so that they may access private information and infiltrate secure networks to enable their unlawful gains.
Some of the attacking mechanisms that are common today are as follows.
1. Reverse engineering
Hardware and software components from RFID systems are first extracted, and then analysed to reproduce them. This process is known as reverse engineering of the RFID technology.
In recent times, multiple researchers have emulated communication protocols and have also reverse engineered cryptographic algorithms by using cheap equipment thus proving the high possibility of such an attack.
2. Power analysis
Power analysis attacks involve the measuring of power consumption of the RFID tag over a period of time to extract its secret key.
This is exactly what the word implies. In an eavesdropping attack, an unauthorized RFID reader obtains data by listening to the data transmission between a tag and its compatible reader. The hacker must know the protocols, tag and reader information to be able to conduct this attack.
Also famously known as a Man in the Middle (MIM) attack, this attack is similar to eavesdropping. Herein, the hacker gains access to the communication between an RFID tag and its reader and manipulates it by diverting the original data and sending false data instead, thus impersonating a regular component in that communication channel.
Ung the compact size and low price factor of the radio frequency technology to its advantage, information is relayed back and forth in an MIM attack thus giving the impression of being the other end.
5. Denial of service
These are usually physical attacks whereby the system is jammed through noise interference, removal or disabling of RFID tags and blocking the radio signals.
In a cloning attack, data is duplicated from an existing RFID tag. This is usually followed by spoofing.
The catch with a cloning attack is that the hacker must know the data on the RFID tag that they want to clone. Hence, this kind of attack is specially popular in access or asset management systems.
In the spoofing attack, thereon, the cloned tag is used to gain access to important information.
Although RFID tags are short on memory as of now to be able to hold a virus. However, the next generation RFID tags may have a virus programmed into them. When data from this tag is read, the virus is transmitted to the reader and from there to the organization’s network and software thus crippling connected computers in an instant.
RFID Attacks in The News
Owing to an increasing number of digital pick pocketers who carry an RFID reader to pick up details of credit and debit cards, there have been an alarming number of such incidents all over the world.
More heavy duty attackers target point of sales (POS) systems to cause large scale security breaches. The Target Stores had to bear the brunt of such incidents in 2013 where hackers installed card readers and gained access to card details of more than 40 million customers who shopped at the store.
Another such fraud occurred in 2016 when millions became victim to a $16 billion fraud through RFID skimming.
For the sake of debate, one promising use of the RFID technology prevents security breaches and counterfeiting. This has been achieved by incorporating RFID chips in Euro notes above €20 which will allow them to be tracked easily. It is evident from this example that the extent of this technology’s permeation in our lives is rapidly becoming widespread.
Security from RFID attacks
On an individual level, to protect yourself against credit card theft, you may use a conductive metal such as an aluminium foil to wrap around your credit card strip while carrying it. Alternatively, RFID blocking wallets are also available in the market to shield against unwanted attacks.
Another temporary solution is to hold your card tightly in your fist. The saltwater in your fists will prevent signal transmission successfully. However, this is not very practical.
Many people also ask their banks to give them a card that does not have the RFID chip on it. However, if you do that you will have to forego the convenience of the contactless payment solution that the RFID technology has to offer.
IS RFID Harmful to Humans?
The electromagnetic fields that are generated by RFID devices are completely safe since their frequency falls within the radio wave portion of the spectrum.
Therefore, these devices are considered patient safe in hospitals where they have found to gain popularity in keeping track of supplies as well as medical samples and patients.
However, recent studies have shown that these devices may cause the malfunction of medical equipment. While these tracking supply chains have yet to gain their footing in hospitals in the United States, it is still imperative for hospitals to consider the risks of electromagnetic interference.
Other studies have shown that bringing the Ultrahigh frequency (UHF) RFID systems extremely close to your head can be specially risk factors for your eyes. This problem may be mitigated by keeping the readers atleast 0.5 m (1.6 ft) away from the head which is the conventional practice. Hence, on the whole, the medical risks of RFID systems are next to none.
RFID Risks – A Recap
The use of RFID has been touted as a cost effective and easy to use, contactless system in today’s fast paced world. It is increasingly being used in supply chain management operations among others in organizations.
However, like every technology, it comes with its own associated risk factors that need to be accounted for in order to avoid large scale data and security breaches that costs a fortune to the companies that have employed this system. If you ask us, an appropriate adage that suits the RFID risk factor is look before you leap.