Researchers Find Rfid Vulnerability

In the study, researchers were able to crack the RFID chip in less than 15 minutes, making it possible for them to fool tag readers in cars and gas stations. It is unclear what this means for security applications that utilize RFID tags, especially access control. The research, co-sponsored by RSA Security Inc., tested RFID tags using Digital Signature Transponder (DST) technology, which is distinct from the Electronic Product Code (EPC) technology used in other RFID tags — especially those used by retailers and pharmacies for inventory control. “We’ve found that the security measures built into these devices are inadequate,” Avi Rubin, technical director of the Johns Hopkins Information Security Institute, said “Millions of tags that are currently in use by consumers have an encryption function that can be cracked without requiring direct contact.” Researchers say the big problem is that the mathematical code used in EPC is too short. They bought a commercial microchip costing less than $200 and programmed it to find the key for a gasoline-purchase tag. They linked 16 such chips together and cracked the key in about 15 minutes. The solution, the researchers say, is to wrap a metal sheath around the chip.