Tuesday, May 22, 2007

RFID Security In The News Again

Since I took so much time with my EMT class, I'm just now catching up on some news items I bookmarked during the semester. Here are a couple regarding RFID technology, which I regard as a potential security nightmare if not implemented right.

Larry Seltzer has a very good item which was posted to eWeek.com back in March: Uncle Sam's Got an RFID Jones.

Larry hits some very good points both for and against RFID technology using the new, voluntary test program in Washington State where drivers licenses are offered with RFID technology. In the Washington test, the license's RFID chip would only store a unique code which would be linked to the user's personal information stored in a central database. Although using RFID in this way may be safer for those who use it, it's still not a fool proof way to safeguard a persons information. Better implementation? Yes. Totally secure? No way.

I am a realist about computer security. Any data stored anywhere can be exploited given the proper circumstances. Still, I hold my opinion that RFID opens up a security hole big enough to drive a truck through. I agree with Larry on one point: bar codes on licenses can do pretty much the same things RFID can do. Bar codes are not as convenient, but they are a lot easier to safeguard.

Another item I found, also on eWeek.com, was RFID Feared as Possible Terrorist Target by Lisa Vaas. She brings up information on a study by the British Royal Academy which points out that RFID technology could be used to aid terrorists who want to target a particular person or group. In this scenario, the terrorists would plant a bomb somewhere they knew their target would be, set the RFID reader to react when the targeted person came within range of the reader and set off the bomb. In this instance, even if the person's personal data were stored elsewhere and the RFID tag in his/her identification were only encoded with a unique identifier, that unique identifier could be the thing which would set off the bomb.

For now, I'm going to hang on to my opinion that RFID can be useful, but that incorporating it into a system for identification is not a good use for it.

No comments:

Post a Comment