Despite the increasing popularity of RFID technology, the electronic information it deals with may not be as secure as was once thought. At least that's the story that emerged from the recent Defcon 2006 network security conference. This three-day event is a Mecca of sorts for network security experts, programmers and hackers who congregate yearly to test their skills against one another, and to show corporations, consumers and government agencies how vulnerable their networks are, without the risk of criminal prosecution or financial liabilities.

This finding is the latest to raise concerns about the use of RFID, which allows everyday objects to beam electronic data to computers equipped with special antennas. It was brought to light when Lukas Grunwald, a German computer expert, successfully demonstrated that the electronic passports (e-passports) being introduced in the United States have a major vulnerability that could allow criminals to clone embedded secret code and enter countries illegally. For the demonstration, Grunwald copied personal information stored on an e-passport document and transferred it to another device. In the process, he contradicted assurances by officials in government and private industry that the electronic information stored in e-passports could not be duplicated.

This demonstration presents an especially tricky problem for the United States, as it is planning to embed RFID in passports beginning in early October. By 2007, the U.S. Department of State (DOS) plans to transfer all passport production to e-passports, with the goal that all American e-passports will include RFID chips containing personal information by 2017. Additionally, the U.S. Department of Homeland Security (DHS) recently completed a three-month trial to test the RFID technology underlying e-passports and has begun selecting interrogators and inlays for use in the eventual widespread deployment. The US-VISIT Program is also testing RFID tags embedded in I-94A forms issued to visitors with non-immigrant visas. The e-passports contain passive 64 kilobyte RFID tags supplied by Infineon Technologies' (www.infineon.com) San Jose, Calif., subsidiary and Amsterdam-based Gemalto (www.gemalto.com) and can be read approximately four inches from a scanner.

Will the recent security revelation throw the U.S. e-passport plan and use of RFID technology into limbo? Probably not, but it will bring greater awareness to a potentially troublesome issue: the need to properly secure electronic data. Companies like SkyeTek are now working to ensure that issue is adequately addressed. Its new M9 reader module, for example, features an array of security measures including privacy protection, anti-tampering and anti-counterfeiting. Other suppliers are following suit by embedding appropriate security features into their products.

Despite any security concerns, RFID doesn't appear to be running out of steam anytime soon. In fact, it's just the opposite. ABI Research (www.abiresearch.com) recently reported that the global market for RFID readers and reader modules grew to more than 35,500 unit shipments in 2005. Reader unit volumes grew nearly 14% in the first quarter of 2006 as compared to the first quarter of 2005. The IDC (www.idc.com) market research firm supports these findings, having found similar evidence of a booming RFID market in Malaysia. According to IDC, RFID spending in Malaysia is estimated to grow at a compound annual growth rate of 45.84% to almost U.S. $20.94 million in 2010 from $2.45 million in 2005.

New applications like RFID-enabled self-checkouts, contactless payment systems using credit and debit cards with embedded RFID tags, and payments systems based on finger scans or other biometrics are also sure to boast the appeal of RFID — assuming, of course, that the price of RFID tags goes down and that concerns regarding basic privacy and security can be adequately addressed. At least thanks to efforts of experts like Grunwald, some of RFID's inherent weaknesses, such as inadequate security precautions, may be found prior to widespread deployment — when they are sure to be easier and less costly to fix.

RSS    Save to Del.icio.us  Digg This