« Lunch - John Dunn, Consultant, Ambertec, P.E., P.C. | Main | Our May 4 Meeting - Dick LaRosa »

May 07, 2011

Comments

Ian White

I am a little confused as I had the understanding that the RFID in cards were semi active, i.e they had to receive the right intial information before they release the info on the chip, also the range of the RFID is severely limited such that they don't work more than a few millimeters away from the contact, hence security.

John Dunn

I had no idea that I would have stirred up as much of a tempest as I seem to have done with this RFID topic, but I have.

Some of the commentary offered on LinkedIn was the following:

"Not to mention that RFID's are being used in all US passports issued after 2006. And in probably less than 10 yrs there will be the implanted versions... That is concerning!"

"Yes this is a threat to having your credit card number, exp. date and name stolen. I have seen this demonstrated on a national TV news station. They just walked down the street with a briefcase and were reading people's credit cards. They even showed these people what was being scanned from their cards.
How is it that the credit card companies think this is not a big problem? The answer lies in the cost to add better security versus the current fraud losses. Losses are low yet to this type of theft. The underlying reason is that the total number of credit cards with RFID in circulation is still in the single digits by percentage of total cards out there. It is just getting started and could turn into an epidemic before our eyes."

There was more too, but this much of a sample will do to make the point which is that I very much believe this threat will eventually become a front-and-center public issue.

Until it does, I strongly suggest that everyone take this item as a caveat.

Bob Stephens

" I keep my credit card securely wrapped in foil and have instructed each of my family to do likewise."

The tinfoil hats weren't doing the trick?

*<);O

Peter House

A couple of years ago, I worked on a white hat operation to create a repeater briefcase. Using two people, one at the checkout counter and another with a briefcase, we could use someones card in the vicinity of the briefcase to complete a transaction at the checkout counter - many meters distant - without the users knowledge. These transactions, at the time, did not require a pin.

Every personal security transaction should require something only you know (PIN or password) and something only you should possess (card).

If I carried a card with RFID technology, I would make sure it is shielded.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)

Editor

  Learn about our  

 free engineering 

consulting referral 

      service at:

 

  IEEE Consultant's 

      Network of 

     Long Island

 

We have over forty 

electrical, electronic, 

mechanical and 

software engineers 

with expertise in more 

than sixty-five categories 

of technology and business. 

All are members of the 

IEEE and adhere to the 

IEEE professional codes 

of ethics. 

No fee is charged for the

referral service. 

Each member is an 

independent consultant 

and negotiates his/her 

own consulting agreement.

 

Editor: Jerry Brown

Contributors:

John Dunn

Marty Kanner

Murray Kleiner

Dick LaRosa

David Pinkowitz

Carl Schwab

Gerry Bodner

Larry Rachman

 

Unless otherwise noted, 

reprinting or republication 

of anarticle on this blog is 

authorized by crediting the 

author and prominently 

displaying the following 

sentence at the beginning 

or end of the article,

including the hyperlink to

IEEE Consultant's Network 

of Long Island


"This report is republished 

with permission of IEEE 

Consultant's Network of 

Long Island"

 

Pages

Blog powered by Typepad

Enter your email address:

Delivered by FeedBurner