[Sussex] RFID cards security

Nico Kadel-Garcia nkadel at gmail.com
Sat Mar 15 01:57:13 UTC 2008


Andrew Guard wrote:
> RFID cards security dosn't work. Yet again same old tricks, they will
> never learn.
> I just hope they do not put one of these RFID on my Debit/Credit Cards.
>
> http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
>   
Heh. I worked for an RFID middleware company for a while, until they got 
bought. (They'd been a Linux shop, the new owners weren't, I spent a lot 
of time straightening out their LDAP issues by actually reading the darn 
code and sanitizing the input to it.)

RFID has serious tradeoffs between cost, security, and ease of detecting 
it. As long as the chips themselves remain inexpensive and in so many 
varieties that it's impossible to standardize on a robust interface to 
them, there's no way to provide good security with them.




More information about the Sussex mailing list