Radio frequency identification (RFID) chips allow organizations to achieve a wide variety of business benefits. In this video, Mike Chapple explains how RFID works and the associated security risks.
- [Lecturer] Radio Frequency Identification, or RFID chips, allow organizations to achieve a wide variety of business benefits. RFID works by embedding small chips in a wide variety of devices. You can see an example of an RFID chip here on the screen. When an RFID chip comes in proximity of an RFID scanner, the chip activates and sends information to the scanner. There are many applications of RFID technology in use today and RFID is widely used by both businesses and consumers.
In fact, you're probably using some of this technology yourself. Passports issued by many countries now contain RFID chips that allow border agents to access digital information about the passport holder. You can tell if you have an RFID-enabled passport because it will have this logo on the front cover. Transit cards used by many cities use RFID technology, as do many credit cards. This speeds up transactions in busy environments. You'll notice this symbol on RFID-enabled cards.
It indicates that the card contains an RFID chip and may be used with contactless readers. Electronic tolling systems also use RFID allowing cars to proceed through toll plazas without stopping or interacting with a toll taker. Businesses use RFID in their supply chains to track the movement of merchandise through warehouses, shipping mechanisms, and stores. This RFID technology is very useful, but it also introduces security and privacy concerns among both businesses and consumers.
Businesses must ensure that the RFID technology they deploy uses adequate encryption and authentication technology to prevent an attacker from faking an RFID device. For example, if someone could generate a fake toll pass, they would be able to travel through toll booths and charge their travel to someone else's account. Consumers want to not only be confident that nobody else can access their account, but they also want to be confident that their privacy is protected. For example, an attacker might scan for RFID chips that the consumer is carrying to detect that person's presence in an area without the consumer's permission.
This becomes even more troublesome if the attacker is scanning RFID chips that the consumer isn't even aware they are carrying, such as a tag that was embedded in an item of clothing during the supply chain process, or a book that includes an RFID chip inserted by the store as a security device. RFID is still an emerging area of concern and security professionals should ensure that they address security and privacy issues and remain abreast of new technical and regulatory developments in this field.
Looking for study partners?Join the CompTIA Security+ SY0-501 Exam study group
The CompTIA Security+ exam is an excellent entry point for a career in information security. The latest version, SY0-501, expands coverage of cloud security, virtualization, and mobile security. This course prepares exam candidates for the critical Threats, Attacks, and Vulnerabilities domain of the exam. By learning about malware, networking and application security exploitations, and social engineering, you'll be prepared to answer questions from the exam—and strengthen your own organization's systems and defenses. Author Mike Chapple, an IT leader with over 15 years of experience, also covers the processes for discovering and mitigating threats and attacks, and conducting penetration testing and scanning for vulnerabilities. Visit certmike.com to join one of his free study groups.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities