[Sussex] RFID cards security
Nico Kadel-Garcia
nkadel at gmail.com
Sat Mar 15 01:57:13 UTC 2008
Andrew Guard wrote:
> RFID cards security dosn't work. Yet again same old tricks, they will
> never learn.
> I just hope they do not put one of these RFID on my Debit/Credit Cards.
>
> http://www.engadget.com/2008/03/14/oyster-cards-vulnerable-to-rfid-hack-lots-of-other-systems-too/
>
Heh. I worked for an RFID middleware company for a while, until they got
bought. (They'd been a Linux shop, the new owners weren't, I spent a lot
of time straightening out their LDAP issues by actually reading the darn
code and sanitizing the input to it.)
RFID has serious tradeoffs between cost, security, and ease of detecting
it. As long as the chips themselves remain inexpensive and in so many
varieties that it's impossible to standardize on a robust interface to
them, there's no way to provide good security with them.
More information about the Sussex
mailing list