What is RFID?
RFID is technology which works on radio frequency and it is used for the auto-identification for the different object.
The RFID system mainly consists of two parts. 1) RFID Reader or Interrogator 2) RFID Tags
In this RFID system, this RFID reader continuously sends radio waves of a particular frequency. If the object, on which this RFID tag is attached is within the range of this radio waves then it sends the feedback back to this RFID reader. And based on this feedback, RFID reader identifies the object.
RFID tags: Now, three different kinds of RFID tags are commercially available.
1) Passive tags
2) Active tags
3) Semi-passive tags
These passive tags do not have any power supply. They used to get their power from the incoming radio waves from the Readers. While active tags have a power source for their internal circuitries. And for sending the response to the reader also, it uses its own power supply.
In the case of semi-passive tags, they have a power supply for internal circuitries, but for sending the response it relies on the radio waves received from the Reader.
Operating Frequency: This RFID system is mainly operated in three frequency bands.
1) LF: Low-Frequency band
2) HF: High-Frequency band
3) UHF: Ultra High-Frequency band
The exact frequency of operation varies from country to country.
Operating Principles: Most of the RFID systems operate on any of this two principles.
1) Load Modulation
2) Backscattered Modulations
Applications of RFID:
1. Institutions: Library, Hospitals, Schools, and Colleges
2. Transportation and Logistics 3. Access Control 4. Sports 5. Animal Tracking
What is RFID?
We explain what Radio Frequency Identification (RFID) is and give examples of what industries and applications are currently utilizing RFID.
R-F-I-D stands for Radio Frequency Identification. Radio Frequency Identification is a technology that allows almost any object to be wirelessly identified using data transmitted via radio waves.
RFID technology is similar to barcodes, but with a few major differences:
1. Line-of-sight is NOT needed to read RFID tags
2. Hundreds of tags can be read in seconds
3. RFID Tags can be very durable
4. RFID Tags can hold more data than other types of tags and labels
5. Read range for an RFID system can be controlled as needed – from less than 1m, up to 150 meters
6. Tags can be encrypted or locked for security
7. Tag memory can be rewritten and reused If you have ever:
• Used an access card or fob to get into a building
• Passed through an automated toll collection system on a highway
• Used a remote control to open a garage door
• Or, used a reusable or phone-based transit pass you have used RFID.
RFID is used in a wide range of applications, including building access control, vehicle tolling, timing for races like marathons and triathlons, tracking high-value assets, checking media in/out at libraries, tracking attendees at tradeshows, concerts, and events, and tracking inventory in industries like retail, healthcare, and construction.
Security
Many RFID tags have weaknesses, but the security level of different tags varies widely.
Using the Mifare Classic cards as an example, we illustrate the complexity of RFID systems and discuss different attack vectors. To empower further analysis of RFID cards, we release an open-source, software-controlled, and extensible RFID reader with support for most common standards.
RFID tags and contact-less smart cards are regularly criticized for their lack of security. While many RFID tags have weaknesses, the security level of different tags varies widely.
Using the Mifare Classic cards as an example, we illustrate the complexity of RFID systems and discuss different attack vectors. To empower further analysis of RFID cards, we release an open-source, software-controlled, and extensible RFID reader with support for most common standards.
7 Types of Security Attacks on RFID Systems
Published by Suzanne Smiley on 14th Jun 2016
Introduction
RFID systems, like most electronics and networks, are susceptible to both physical and electronic attacks. As the technology matures and becomes more widespread, so do hackers who aim to gain private information, entrance to secure areas, or take a system down for personal gain. Below are 7 known security attacks hackers can perform on an RFID system.
1. Reverse Engineering
Like most products, RFID tags and readers can be reverse engineered; however, it would take a lot of knowledge about the protocols and features to be successful. Hackers would take apart the chip in order to find out how it works in order to receive the data from the IC.
Purpose: Steal Information and/or Gain Access
2. Power Analysis
This attack requires nothing more than the brain of a hacker and a cell phone. According to leading experts1, power analysis attacks can be mounted on RFID systems by monitoring the power consumption levels of RFID tags. Researchers stumbled upon this hacking technique when studying the power emission levels in smart cards, especially in the difference in power levels between a correct passcode and an incorrect passcode
Purpose: Steal Information and/or Gain Access
3. Eavesdropping & Replay
Eavesdropping, like it sounds, occurs when an unauthorized RFID reader listens to conversations between a tag and reader then obtains important data. It is still necessary for the hacker to know the specific protocols and tag and reader information for this technique to work.
Replay attacks builds on eavesdropping and specifically occur when one part of communication in an RFID system is recorded and then ‘replayed’ at a later time to the receiving device in order to steal information or gain access.
Purpose: Steal Information and/or Gain Access
4. Man-in-the-Middle Attack or Sniffing
A man-in-the-middle attack happens during the transmission of a signal. Like eavesdropping, the hacker listens for communication between a tag and reader and then intercepts and manipulates the information. The hacker diverts the original signal and then sends false data while pretending to be a normal component in the RFID system.
Purpose: Take Down System
5. Denial of Service
A Denial of Service attack is the broad concept of an RFID system failure that is associated with an attack. These attacks are usually physical attacks like jamming the system with noise interference, blocking radio signals, or even removing or disabling RFID tags.
Purpose: Take Down System
6. Cloning & Spoofing
Technically two specific events, cloning and spoofing are usually done back to back. Cloning is duplicating data from a pre-existing tag, and spoofing is then using the cloned tag to gain access to a secured area or item. Because the hacker has to know the data on the tag to clone it, this type of attack is mainly seen in access or asset management operations.
Purpose: Gain Access
7. Viruses
According to some sources1, RFID tags currently do not have enough memory capacity to store a virus; but in the future, viruses could be a serious threat to an RFID system. A virus programmed on an RFID tag by an unknown source could cripple an RFID system when the tagged item is read at a facility. When read, the virus would transfer from tag to reader and then to a company’s network and software – bringing down connected computers, RFID components, and networks.
Purpose: Take Down System
What Does This Mean for Me?
While this article confirms that there are quite a few ways for a hacker to perform an attack on an RFID system, none of these methods are easy. Many require expansive RFID knowledge and complex devices. Another important piece of information to keep in mind is that UHF Gen 2 RFID tags are different from EMV chips on credit cards. EMV chips were made for security purposes and contain complex encryption technology, meaning they do not apply to any part of this article.
Future attacks like these can be mitigated by using encryption methods (when available), chip coatings, filtering methods, and authentication methods. If Gen 2 tags are being used in a secure location, remember to take the necessary precautions to lock any memory banks containing private information, and, if available, use software or middleware as an additional protective layer. Once G2V2 is available with its advanced security and privacy features, hopefully some of the above attacks will dissipate.
Amazing RFID article
Nice Job.
RFID is technology which works on radio frequency and it is used for the auto-identification for the different object.
7 Types of Security Attacks on RFID Systems