RFID Hacking Tools

Posted: August 4, 2008 in 2007, Articles
Tags: ,

Radio Frequency ID, or RFID as it is more commonly known, is being developed without security in mind.

RFID will be used by retailers and stock controllers to improve inventory control and make it easier to track sales. RFID tags have commonly been used to inject into dogs, should they become lost, the tags could contain the owners address or contact details.

Manufacturers are also experimenting with “fabric tags” that can actually be woven into clothes.

There are a number of privacy issues already surrounding RFID however, with some people claiming retailers could “track” customers and the products they bought, even by people simply walking past their shops.

Well today, those fears might become almost a reality.

During the popular Black Hat Briefings security conference today, a new open-source product called RFDump was demonstrated.

RFDump is a tool that allows you to not only read RFID tags within range, but more worringly, you can actually change and alter all the data stored in the RFID tag.

The RFDump project is sponsored by German based DN-Systems.

Lukas Grunwald, CTO of DN-Systems said,

“It is only a matter of time before smart tags replace the good old bar code. It is only a matter of time until everybody will wear at least one RFID tag. But you can exploit nearly all of these benefits.”

As RFID can only store 128 bytes of information, the tags have no room for encryption. This means tags can be read by anyone with a suitable RFID tag reader and easily modified using RFDump.

Retailers could easily edit your RFID tags to add or edit any information they see fit and even track your shopping habits or locations.

On the bright however, you could always just overwrite the data on your RFID tags with some random numbers.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s