Applying Internet Security To RFID
Written by Evan SchumanMay 14th, 2008
NeoCatena Networks has in the wings a product designed to stop fraudulent or bad tag data from getting into the system from the supply chain.
Applying Internet-level security to RFID is something that has not gone very far, according to this RFID Update story about the anticipated rollout. NeoCatena Networks is developing RF-Wall, an appliance to be installed between RFID readers or controllers and middleware servers, edge servers or host applications in networked RFID systems. The product acts as a firewall that authenticates RFID tags prior to allowing their data to pass into enterprise systems and also scans input to detect and block malware. RF-Wall works by using the unique tag ID to create a digital signature.
-Marc
May 16th, 2008 at 7:29 am
This is more important than most retailers (and system purveyors) realize. Hackers are already using their own barcodes and credit card magnetic stripes to perform attacks against various unattended kiosks and systems.
At the most recent Chaos Communication Congress in Berlin, one of the presenters gave a talk on implementing various attack methods, including SQL injection attacks, XPath injection attacks, and fuzzing attacks, all using custom barcodes against self-checkout DVD rental systems and other systems where the customer is providing the input data. The video is very much worth watching, and is available by torrent here: http://outpost.h3q.com/fnord/24c3-torrents/24c3-2273-en-toying_with_barcodes.mp4.torrent
RFID would be the safest of all machine readable technologies for a hacker to attack, since even a watchful human monitor could not tell the difference between which invisible tags are legitimate, and which ones are malicious.