August 02, 2004
German security consultant Lukas Grunwald has released a tool he names RFDump, that can be used to read, and apparently in some contexts, change the contents of an RFID tag. Handy for discounting your purchases, you'd think, but as far as I can see, this would only apply to read/writable tags (and here possibly actually containing the price information), as opposed to read-only "serial number"-style tags. Serial number / product code tags would generally be used by a business to identify the item; the price would then be looked up from a pricing database; changing this price would require more traditional hacking, unrelated to RFID. Furthermore, generally one would also assume full scale consumer implementations to have a certain level of encryption in place.
Still, his point is proven, and businesses implementing RFID in their supply chain should not ignore the abilities of black hat hackers.
- Slashdot: RFID More Hackable Than Retailers Think?
- Forbes.com: A Hacker's Guide To RFID
- Tom's Hardware: The world's first RFID hacking tool released at Black Hat
- Some blogs: The Future Blog: RFID and store security & RFID Gazette: RFDump & Hugh's Sour Grapes: Hacking RFID & Claire Wolfe: RFDump
- CNET News: RFID tags become hacker target
- BlackHat.Com & DefCon(via Tech Goes Boom)
- Additional links: ITVibe.com, Techimo.com
Posted by andersja