Wednesday, March 23, 2005

RSA Finds More Flaws in RFID

Flaws in RFID RSA Finds More according to this story from eWeek. Texas Instruments radio frequency ID tags used in car keys to allow users to unlock cars and to start them, and Exxon/Mobil's Speedpass to allow gasoline purchases attached to consumer credit cards to authenticate the bearer of those tags - both have been cracked.

It is very funny to see this situation crop up that could cause financial losses to companies who were not previously concerned about security of those tags when the only thing at stake was user privacy. Now their profits and consumer confidence are at stake and there will certainly be quick remediation of the problem.

These Texas Instruments made RFID tags can apparently be read by crude equipment that is within 10 feet of users, meaning consumers with this particular TI tag embedded in keys who simply unlock their cars and start them and those purchasing gasoline with Mobil "Speedpass" are vulnerable to theft of their RFID encoded data.

This will not only put the consumer at risk of loss, but now the auto manufacturers and Exxon/Mobil could lose substantially if this easy crack is replicated by bad guys. Right now it's the good guys in white hats at RSA Security doing the cracking, but it will certainly be exploited by increasingly technologically sophisticated bad guys.

Now that corporations have been proven at risk of loss, they will likely fix the security issues quickly on new products. It gives RFID tag manufacturers an excuse to charge more for "secure" tags and there is hope that they'll incorporate privacy protection into the mix.

Save To    Digg! Digg This!
posted by RealitySEO at 4:50 PM


Post a Comment

<< Home