RFID vulnerable to attacks, researchers say

In tests, standard "Generation 1" RFID tags and readers were unable to function after they were overloaded with data, researchers at Edith Cowan University in Perth, Australia, said in a report published this month.

"Vulnerabilities in the newer UHF style of RFID tags have been found and are of concern for anyone trying to implement an RFID system that would have 'mission critical' or human life issues involved in it," warned academics in the SCISSEC research group at the university.

Although many companies are testing RFID tagging in their supply chain, the tags are not commonly used in life-critical situations. However, the tags are used by the U.S. military to track supplies.

"Generation 2" standard RFID tags could also be disrupted, according to the researchers. Generation 2 tags are more sophisticated than Generation 1 tags, and can operate at four different speeds.

RFID relies on tags being identified by readers when they are within range. Readers communicate with the tags by hopping between a number of channels within an allocated band of frequencies. It was thought this provided security because the reader could hop between frequencies when encountering interference.

In the tests, the Australian researchers saturated the frequency range used by the tags, which prevented the tags from talking to the readers. The Australian researchers said in their report that the use of frequency hopping would not stop denial-of-service attacks, as the tags themselves could not hop frequencies.

They demonstrated that from a range of about 3 feet, they could disrupt communications between tags and readers, putting the tag into a "communication fault state."

While the readers can hop frequencies in the allocated band range if they encounter interference, RFID tags cannot, as they regard the entire band as one channel.

Last month, Dutch researchers announced the successful creation of a virus capable of infecting RFID tags.

Tom Espiner of ZDNet UK reported from London.