RFID label technology hack to be published

I posted a blog thread a few days ago about our reservations about RFID as a practical techology at this point in time, and today it appears as if there is another serious flaw in the use of RFID in labelling.

The BBC are reporting that the encryption used in one of the biggest RFID rollouts in the UK has been hacked, that of the London Tube Oyster card scheme.

One of the exciting possibilities of RFID in security labelling is to hold secure information on a challenge-respond basis, and its cases such as this that severly dent the reputatrion of RFID as a reliable technology.

The obvious question to me is, why did they use such a weak encrytion system?  Surely something along the lines of 128 bit public key encryption could be used that takes an awful lot of processing time to crack.

I dont think we have heard the last of this, and demonstrates a fundamental weakness of RFID in labelling.  If you can remotely reprogramme an “encrypted” chip, you can change the price, destination or whatever ona an item wihtout anyone knowing. Watch this space.

Be Sociable, Share!