IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

RFID open to criminal abuse

From triggering bombs to faking passports, report exposes the flaws in this emerging technology.

Terrorists could potentially use RFID technology in electronic passports to set off a bomb when a particular target comes within reach, warns a leading electrical engineering expert.

Nigel Gilbert of the Royal Academy of Engineering suggests a number of ways in which RFID technology could be abused by both criminals and governments in his report entitled 'Dilemmas of Privacy and Surveillance: Challenges of Technological Change', published this week.

In particular he is concerned that that unencrypted data stored on an RFID chip in an e-passport, such as those currently being implemented by the UK Government, can be read by anybody passing near the document holder with the right equipment.

"Not only could a passport holder be revealing identifying and personal information to passport control, but they could also be unwittingly revealing their personal data to 'spies' who had equipped themselves with readers," says Gilbert in the report.

These eavesdroppers, he says, could use the resulting data for fraud of various kinds, for example stealing biometric details and accessing other services that use biometrics like pay-by-touch systems.

"With sensitive personal details readable over a distance, it could even become possible, with appropriate antennas and amplification, to construct a bomb that would only detonate in the presence of a particular nationality or even a particular individual," suggests Gilbert.

Clive Longbottom, an analyst with consultancy Quocirca, believes the terror risk is remote.

"The possibility of using RFID in passports to set off a bomb is rather an outside chance, as the chip reader would need to be with a few centimetres of the person involved, as there is no active component to the passport," he told IT PRO.

The terrorists, he says, would also need to have hacked the passport database to gain the details of the passport signature, and then would have had to replicate the passport reader technology to fully recognise that signature: "If they can do that, then they probably don't need to be so clever in placing a bomb - why not just use standard blunt weapon approaches, or a sniper?"

Longbottom believes that RFID does, nevertheless, represent a serious security challenge, open to official or unofficial misuse.

"RFID can be misused, and doubtless will be by the powers that be," he says. "We can put in place safeguards for technological approaches. We can also use technology to stop wilful abuse - for example, creating the need for dual biometric security credentials to access certain information means that you have to have at least two people involved in the abuse. I don't think that RFID is the problem, it's far more down to how it's used."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022