How to Kill RFID Tags with a Cell Phone
Scientific American | February 15 2006
Radio frequency identification (RFID) tags--tiny wireless circuits that derive their power from radio waves and cost just pennies to make--have quickly found their way into identification badges, shipping containers, even ordinary store products. Because, unlike barcodes, the tags can be read surreptitiously, a number of groups have raised privacy concerns. To address these concerns, leading RFID makers have created so-called "Gen 2" chips that will divulge their data only after a reader transmits the correct password. The new chips can also be triggered by a different password to silently self-destruct, for example as a customer leaves a store.
Encryption protects the password transmission. But renowned cryptographer Adi Shamir of Weizmann University claims to have found a way to bypass the encryption scheme and obtain the self-destruct password using technology no more sophisticated than that in a common cell phone.
Shamir announced the discovery this morning at the 2006 RSA Conference, a large computer security meeting opening today in San Jose, Calif. "Everyone expects that there will soon be billions of these tags in circulation," Shamir noted. "We bought one of the major-brand RFID tags and tried to break into it by power analysis," he said.
RFID tags have no battery or internal power source; they obtain the energy they need to operate by sucking it out of the radio signals they absorb. But in doing so, every computation of the RFID circuit modifes the radio environment. Shamir and his coworkers used a simple directional antenna to monitor the power consumption of an RFID tag as they transmitted correct and incorrect passwords to the device slowly, one bit at a time.
"We could easily notice a power spike after the first bit that the chip didn't like," Shamir recalls. By starting over and modifying the offensive bit, the researchers were able to derive quickly the kill password for the tag.
"We believe that a cell phone has all the ingredients needed to detect these passwords and disable all the RFIDs in the area," Shamir says.
If confirmed by others, the flaw would raise serious questions about the suitability of current RFIDs for use in theft prevention, employee idenfication and other applications.
For more about RFID tags, see "RFID: A Key to Automating Everything," by Roy Want. Scientific American Magazine, January 2004.
Last modified February 15, 2006