Select Page

How RFID Technology is Eroding your Security and Privacy

 

 


 

Click to View Today’s Show Notes

Transcript

TTWCP-DAILY-64_2017-04-14_How-RFID-Technology-is-Eroding-your-Security-and-Privacy

Below is a rush transcript of this segment, it might contain errors.

Airing date: 04/14/2017

How RFID Technology is Eroding your Security and Privacy

 

Craig Peterson: Hi Craig Peterson here and it’s time for another TechSanity check. We’re going to talk right now about RFID. Now you might have heard of this before. You might think oh, we’re fine. It’s safe. Hey listen, RFID is being used for absolutely everything nowadays including your passport, including some of your credit cards. If you’re in a hotel have you ever thought about what might happen? Can someone hack your card? How about for your business? Getting into your business after hours? That’s exactly what we‘re going to be talking about right now. What the risks are and what you can do about it with America’s Technology Expert, Craig Peterson. Stick around. Here we go.

(TTWCP EARWORM)

Well, you know, there’s a lot to talk about here. I’ve been worried about this myself for a very, very long time. D id you realize that we have RFID. These of the radiofrequency IDs in use everywhere today. They’re used from our pets. You know if you’ve ever had your pet chipped, that’s what we’re talking about. These chips, these RFID chips were created by the Soviet Union to spy on us. Well at least the predecessor for these chips where they had made a little device that had a diaphragm in it that when they beamed a microwave signal at it would use that microwave signal to power itself basically and the modulation that was caused by the sounds by people speaking, for instance, in the room that modulation they could pick up and they now had a bug in the room. How’s that for pretty easy? Well now when we talk about our pets, you put it in the back of their neck, typically, and if your pet gets found, they just have a little reader. They scan it with that reader and that reader now comes up with an ID that’s tied into a database so they know who owns that pet. It’s been used for warehouse, for instance, Walmart. This is just incredible technology for them. Everything in the warehouse, at least every pallet, has an RFID tag on it. So they can ping the warehouse, the whole warehouse. So they send signals out throughout the warehouse, all of these little RFID tags will respond telling Walmart what’s sitting there in the warehouse. How’s that for simple? How’s that for automated? Really, really cool stuff. Even our shoes and our clothing now come with RFID tags. So if you buy a pair of shoes from a big retailer it probably has an RFID tag in it. That RFID tag was used to track those shoes here over the days, over the years, right, that you have that that shoe or the retailer does and then know when they have the older inventory, which ones they have to get rid of very easily. They can ping the room with all of inventory. And it’s just crazy what they are able to do. And by the way some retailers don’t get rid of that RFID tag. It’s built into the running shoe. It’s right inside the shoe. So you have to burn it out in order to get rid of it. So when you walk back into that retail establishment, it pings you, your shoe responds and now it knows who you are. It can track you, our sports, our cars. Our cars, oh this is just incredible.

Sports, they’re using RFID tags to identify where people are, who came in first, second, third in a race etc. They’re u sing them in our cars with E-ZPass. Who doesn’t use that in the Northeast? It’s called many things in many different parts of the country. But you know we just drive through that fast lane. You have the little device on your windshield. It’s even being used, as I mentioned, in credit cards and in passports. And that’s the part that really started getting me worried. About the passports stuff. How about our hotels? You go and visit a major hotel nowadays and you’ll find out that a instead of having the magstripe readers many of them, most of them, I think you been moving over to the contact us opening the door were you just have to hold up this little card that they give you near the door. The door reads it and then unlocks the door. That’s RFID.

Well I did a quick visit here to http://RFIDHotel.com. You might want have a look at it as well. This is showing that there are RFID cards available for all major hotel chains. You can go online. You can go to http://RFIDHotel.com and you can get Holiday Inn cards etc. etc. Now they may have some basic controls in place to make sure that you are, in fact, a franchisee of whatever brand you’re trying to buy the cards for. But bottom line, you can buy blank cards. I just did. I just went online. I bought 10 blank RFID cards for seven bucks. They’re coming in from China. If I wanted to make a card to look like any business I wanted to look like or make a card that look like any hotel chain that I wanted, all I have to do is print it, right? It’s simple enough. Get someone to scree n print it if I want it to look really, really fancy. But these cards are available for all major hotel chains and blanks are available as well. And that gets me very concerned.

So in a couple of minutes, we’re going to talk about what can be done by the bad guys when comes RFID hotels. But I would remised if I didn’t talk a little bit more here about credit cards and passports. Credit cards are now coming with RFID chips built-in. Now, the credit card industry’s telling us don’t worry about it. Those credit cards have encryption built in to the RFID chips so it doesn’t matter if someone reads it. Now I’m not quite sure what that means because an RFID chip is typically, basically a passive device. It isn’t a smart computer. There’s no real challenge and response and so I don’t see how that works. So in order to figure that out a little bit better, as well as the passports, because passports supposedly have some built in security. I also ordered a reader that I can use to read RFID cards and a writer. So for a total of $28, I should be able to clone any RFID card. Now does that scare you? It scares me and we’ll tell you why in a minute here because it gets even scarier as to how easy it is to do some of this cloning here. It’s wow, wow, wow, wow.

Now I mentioned credit cards that got this encryption that’s supposedly going to protect you. Well, US passports since 19, no actually, 2007, have had built into them RFID. So when I have my passport with me particularly when I’m overseas, I protect myself and we’ll talk about how some ways you can protect yourself. It can be inexpensive. But the US passport agency when asked said that those passports only are active, that RFID chip, will only respond if the passport is open. That’s not true of the little credit card passports. I have one of those as well that you can keep in your wallet and that concerns me too right? Hey, everything concerns me. I guess that’s the word of the day today. Concerned. Because we’re giving our information potentially to absolute strangers. So let’s get into that part right now.

The whole idea behind RFID is you have short range access control. Let’s call it that. It can be used for more than that. We mention pets already, and clothes and things. But what I’m concerned about is the access control and how is it secure, and how is it secured? So if you’re using it for access control, you know it right? You’ve done this before. You’ve been in a hotel room. You’ve worked in an office building and has RFID. You stick your card up to the door reader or you keep it in the outside your wallet, right? And you stick your butt up to the reader and the door unlocks, it opens. And the whole idea here is that the RFID reader sends out a signal which is then used by the RFID chip to respond back. It basically uses that juice that was sent to it and it comes back with a serial number. And that’s all it is. It’s pretty darn basic. Well you can go like I did and buy for 20 bucks online from China, an RFID reader, RFID writer and RFID cards. And what the hackers are doing is they’re using a little Arduinio box. Now this is a very inexpensive computer. Very small. It’ll fit basically inside an Altoids can. You know how small those things are. It’s designed to be able to read and write. It uses software typically people use something called prox mark which is available for free online. You put an antenna on it. Usually you use a little USB antenna. Well actually it’s fairly big. It’s about the size of the palm of your hand and you can now read RFID cards. And you can, by the way, use that exact same hardware to write RFID cards. But right now let’s talk about reading.

So all you have to do, remember how big I said it was? An Altoids can, right? So all you have to do is get that antenna and Altoids can close to a legitimate card. So how about you strike up a conversation with someone that works at company X. So you strike up a conversation. You put your bag down on the table or your purse by their purse, by their bag and presto magico, you can now clone their RFID card. You can now gain access to everything they have access to in the building. How about you get in an elevator with a whole bunch of employees from company X and guess what you have in your bag? Yes indeed. You have your RFID reader, your cloner. So you’re now passively picking up all of the RFID card numbers from the people that are around you. Yeah, you get that? You like that? Just walked next to someone down the street down, down the hallway in the business. You can pick it up and then you can clone it.

Now if you want to get fancier, if you want to be able to do it from a distance, look no further than your garage. A garage door reader that has RFID built-in. Now these are more expensive. This isn’t something that’s going to cost you hundred bucks, soup to nuts. This is going to cost you just $700, which is still well within the range of a hacker right? If you’re going after some business. So for 700 bucks you get this reader that’s going to work from 6 feet away. So now you can sit in the parking lot and read the RFID cards of everyone that walks by. And then to clone them, it just takes a couple of seconds and now you have a cloned card. So you can walk in in the middle of the night when hardly anyone’s there. You’ve got a legitimate card and you’re off and running right? Because what are you using in RFID cards? It’s for the back door, the side door. The employee entrance. There’s not necessarily a security guard that’s going to check any sort of ID.

So this is bad this is scary this is dangerous this is something I’m going to be looking more into as I said I have ordered some hardware. It’s going to take a little while to get here from China but after it gets here I’m going to do a little bit of test. I’m going to test some of my credit cards, my driver’s license, my passport, my little passport card and also some of the hotel cards that I have that I’ve had for a while. So this should be really kind of interesting here. Protection. I said that I would get to this. It’s important, important, important. Basically what you want is what’s called an RFID blocking wallet or a sleeve. If you have one of those little credit card size passports, when it was shipped to you it came in a little aluminum lined pouch, right? Do you member that? That will block the RFID from being read on that card. I also have a passport holder that I brought my passport into. It’s a nice little book. Of course I have to take it out of the book anytime someone wants to use the passport, but at any rate the book has RFID blocking, which you can get. And frankly if you have credit cards in your wallet, you probably want to get an RFID blocking wallet because some of those credit cards are going to have RFID chips that can be read and then can be used for nefarious purposes to help up the bad guys get your credit card stuff. But as I said, both the US passport agency and the credit card company say they’re perfectly safe. We’ll see. I’ll let you know. If you subscribe to my podcast, of course, you’ll get the podcast on my actual tests when those are done. But just go to http://CraigPeterson.com/itunes and you will be able to get all of that information.

So have a great day. I hope I didn’t scare you too much but informed you here. A little sanity check on technology because again double edge sword and in this I don’t know. I think it might not be worth it. I think this time that this RFID technology when it comes to identifying us might not be the best trick in the book. Have a great day and we’ll talk more tomorrow. Bye bye.

Show Notes:

RFID (radio frequency identification) is a technology that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency (RF) portion of the electromagnetic spectrum to uniquely identify an object, animal, or person.

RFID is being used for absolutely everything nowadays including your passport, including some of your credit cards. If you’re in a hotel have you ever thought about what might happen? Can someone hack your card? How about for your business? Getting into your business after hours?

This and more on TechSanity Check with America’s Technology Expert, Craig Peterson.

For tech and security related questions, send them over to me@craigpeterson.com.

Related articles:

More stories and tech updates at:

Don’t miss an episode from Craig. Subscribe and give us a rating:

Follow me on Twitter for the latest in tech at:

For questions, call or text:

  • 855-385-5553

 

Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!

Download your "Special Report on Passwords and Password Security"

You have Successfully Subscribed!

The Next Masterclass is Coming Soon!

Fill out the form below and be notified as soon as the registration for the next Masterclass opens.

Thank you, we'll notify you as soon as the Masterclass registration opens!