Blog

RFID: it's harder to get right than you think, folks...

by Guy J Kewney | posted on 28 March 2006


The "wireless tag" business isn't just for tracking prisoners out on probation: it's also for tagging holidaymakers and train travellers.

So the news that you can hack a computer system by embedding a virus into an RFID tag wasn't welcome in RFID circles, and the news that people at Great Wolf Resorts are tagging themselves on purpose, was, very welcome, indeed.

The problem with RFID tags is unlikely to be hacking. The exploit, unveiled by Dutch researchers, worked. Researchers at the science faculty of the Free University of Amsterdam put unexpected data into a tag, which caused a buffer over-run when the system read it.

The RFID industry responded with some optimistic explanations of why it won't work in real life, including the suggestion that "some tags aren't rewriteable, so it can't happen" and (more impressively) "a well designed system would trap that hack."

The idea that an RFID scanning system would be safe if it expected only permanent tags, is exactly the problem that the Dutch researchers were exposing, of course. The true tag may be read-only; but there's nothing to stop a hacker producing a phoney tag that matches the signature of the real one. And the problem is exactly the expectation of the system designer. A complacent designer says: "There's no way these tags can compromise the system, therefore we don't have to set checks" while the competent designer says: "Who knows what random data might get in? - let's design this system to be secure!"

 Now that the theoretical insecurity is exposed, says AIM Global (the industry body that promotes RFID), systems will be secure. That sounds right.

But the problem with RFID isn't what most people think. All sorts of scare stories have been printed, based on the idea that if you have an RFID tag, someone can track you as you move around the city.

This story comes from the way the tags work. They have no power, these tags; instead, they are activated by a coil, picking up power from the activator. Most people in London will be familiar with these: the entrance to every Tube station now has the yellow Oyster "touch in, touch out" sensor, which activates the tag in your card, and updates it.

The theory is that the tag will only get enough power to start transmitting if it is within a couple of centimetres of the activator. However, it's been shown that you can use a focused beam to trigger the tag from a considerable distance - several metres, for sure, and perhaps several dozen metres.

Equally, you can read them from further away than the spec suggests. All you need is a particularly sensitive receiver.

 The risk to civil liberties may be imaginary, as you can quickly see from the trouble prison officials are having with tagging of criminals. Putting a tag on someone's wrist or ankle is easy enough, but reading it requires two essential steps. First, the tag has to be there (people have been merrily removing their tags so as to go out to the pub after curfew!) and next, it has to be unshielded. A simple aluminium foil shield around the tag, and it becomes invisible.

The Grand Wolf tags work on the assumption that people want to be tagged in and out of the holiday centre, so that they don't have to be searched. Try using the same technology for tracking a prisoner on probation, and the system quickly falls apart.

 What would work, would be a system which constantly monitored where the tag was, and was embedded into the skin (as with Professor Kevin "Cyborg" Warwick of Reading University, who wore a dog tag for a week) or into a tooth - so that if the user shielded it, it would instantly vanish from the map, causing an alarm. It would work - but it would require thousands and thousands of activators, all working at long distance, everywhere the user was likely to go.

 The Oyster system for London Underground is to be extended so that it works on UK railways generally. That will show where the real problems are - and as any Oyster user will tell you, they are already baffling Transport For London. Travellers find that their cards beep at them as they go through the gates, saying "Seek Assistance!" - but when they present them at the ticket office, the staff say "Nothing wrong, go away."

Clearly, there is something wrong. Clearly, the complexity of the system is too great for unskilled staff to diagnose faults. That's where RFID opponents ought to focus their concerns - not on imaginary Sci-Fi scenarios with Big Brother spies and dog-tags under the skin, but on simple systems management.

Usability is far harder to get right than people think.