Barcodes are bare swimmers at low tide and there is no safety at all. RFID technology uses electromagnetic waves to communicate, and can store large amounts of data. It has relevant value for hackers, so its security risks are more. Here are some common RFID security risks.
Eavesdropping. Because electromagnetic waves are used for data transmission between the RFID tag and the RFID reader/writer, an attacker may “eclipse” the transmitted content by eavesdropping on the electromagnetic wave signal. The low-frequency RFID tags are susceptible to direct eavesdropping due to the long communication distance. The low-cost UHF RFID tags generally have short communication distances. Direct eavesdropping is not easy to achieve. Attackers can use the "middleman" - illegal RFID readers to attack and Message eavesdropping.
Man-in-the-middle attack. RFID tags in passive RFID systems respond to signals received from RFID readers and send "connector" signals. Therefore, the attacker disguises itself as a reader next to the tag, and reads the tag information without the tag carrier knowing it; then the information “splitter” stolen from the tag is sent to the legitimate RFID reader. And then to achieve the various purposes of the attacker.
Deception, replay, cloning. Spoofing means that an attacker sends fraudulent RFID readers by sending acquired tag data to the reader. Replay records the tag's connector number and then plays it when the RFID reader asks for a secret number to trick the RFID reader. Cloning refers primarily to copying the contents of an RFID tag to another illegal tag to form a copy of the original tag.
For example, the attacker first records an ordinary toothbrush (EPC code) and then buys an electric toothbrush. When the payment is scanned, the RFID reader is deceived by means of replay or cloning, so that it thinks that it is an ordinary toothbrush, and the purpose of purchasing a high-priced item at a low price is achieved.
Physical cracking. Because RFID systems usually contain a large number of legitimate tags within the system, an attacker can easily obtain the security mechanisms and all private information, especially those inexpensive tags that do not have anti-cracking mechanisms.
Tamper information. Data tampering is an unauthorized modification or erasure of data on RFID tags. The attacker can let the RFID tag carried by the item convey the information they want. For example, the electric toothbrush electronic tag is 500 yuan / only through the data altered to 50 yuan / only, hackers took the tampered data after the toothbrush to clear, only need to pay 50 yuan, for unattended self-service RFID settlement system and It's hard to find flaws.
RFID virus. The RFID tag itself cannot detect whether the stored data is a virus or a worm, so the attacker can write the virus code into the RFID tag and then let the legitimate RFID reader read the data. In this way, the virus may be injected into the system, quickly spread and destroy the entire system and important information.
Inactivated. The principle of the deactivation tagging mechanism is to kill the RFID tag and cause it to lose communication, so that the tag will not respond to the scan of an attacker (illegal RFID reader). For example, after purchasing an item in a supermarket, the RFID tag on the purchased product may be killed to protect the consumer's privacy. However, it has a shortcoming that it is impossible for consumers to continue to enjoy the RFID-based Internet of Things (food supply chain traceability system) service.
Faraday net cover. A mesh cover formed of a metal mesh or a metal foil is placed on the label to shield the electromagnetic waves, so as to achieve the effect of shielding the RFID reader from communicating with the RFID label. For example, if a bank card is made with RFID tags, it can be stored in a Faraday cage daily to prevent hackers from illegally reading information.
Active interference. Users can actively transmit electromagnetic signals to prevent or break the reading of illegal RFID readers. Its disadvantage is that it will produce illegal interference, making other nearby RFID systems unable to work properly, and even affect the normal operation of other wireless systems.
Block the tag. This method is mainly to prevent unauthorized RFID readers from reading the protected RFID tag information through a special tag collision algorithm.
RFID is an old invention. When applying a new system, RFID is not used on a large scale. One of the important factors is that its security performance is too low! How to improve the security of RFID systems is still a long-term challenge!