RFID uses radio waves to identify things. Shows much of a promise for breaking (?) into things. Next low-end of computing.
You have to bring virtual attacks into the physical domain, when it comes to RFID.
Some security problems:
– Unauthorized tag reading
– tag cloning
– denial of service
Wardriving for passports. Skimming credit cards from a distance.
Low-level misuse of improperly formatted RFID tag data.
Three main kinds of RFID Malware:
– RFID exploits
– RFID worms
– RFID viruses
“Is your cat infected with a computer virus?” (pet tagging *steph-note: Bagha has one!*)
Google trends for RFID: biggest peak just after Melanie published her paper.
2 bio public transportation system was hacked in and 8-week project by students. Amsterdam.
Issues: same company designing and auditing the back-end security of the system. *steph-booth: gosh, what do people imagine?*
People in charge don’t listen about these issues until they’re demonstrated.
Melanie has worked on a device that does penetration tests and acts as a firewall for RFID.
Can spoof and jam RFID tags.
Listens to the first part of the query trying to figure out what it wants to do, and if it’s something not allowed, it sends out random noise (selective jamming). Filter inbound and outbound queries.
Security: RFID fuzzing.
All the hard work for cloning public transport passes has been done. Just needs to be put together.
The RFID Guardian is being commercialised now (so it’s not just students who are dangerous now).
Companies and governments assume that these attacks are going to stay in labs. They need to wake up. Why put the tools into the hands of the bad guys? The bad guys are going to have the tools any way, it’s time for the good guys to have access (full disclosure). If computer scientists have the right tools they might be able to prevent lots of these attacks. We need an RFID security industry.
The whole project is open source. Hardware and software.