Wednesday, 21 April 2010

RFID chips for smart cards, e-voting - more security flaws

The problems with RFID continue. Prof. Avishai Wool of Tel Aviv University's School of Electrical Engineering has found

"serious security drawbacks in similar chips that are being embedded in credit, debit and "smart" cards. The vulnerabilities of this electronic approach - and the vulnerability of the private information contained in the chips - are becoming more acute.

Using simple devices constructed from $20 disposable cameras and copper cooking-gas pipes, Prof. Wool and his students Yossi Oren and Dvir Schirman have demonstrated how easily the cards' radio frequency (RF) signals can be disrupted."

But some small steps can make smart cards more secure, he says. The easiest: shield the card with something as simple as aluminium foil to insulate the e-transmission. For e-voting, make the ballot box frm conductive materials. "The US State Department has already taken Prof. Wool's advice: since 2007, they've also added conductive fibres to the back of every American passport."

See the press release for more info including on the risks of the e-voting technology being implemented in Israel based on RFID chips -

"It allows hackers who are not much more than amateurs to break the system," Prof. Wool explains. He constructed an attack mechanism — an RFID "zapper" — from a disposable camera. Replacing the camera's bulb with an RFID antenna, he showed how the EMP (electro-magnetic pulse) signal produced by the camera could destroy the data on nearby RFID chips such as ballots, credit cards or passports. "In a voting system, this would be the equivalent of burning ballots — but without the fire and smoke," he says.

Another attack involves jamming the radio frequencies that read the card. Though the card's transmissions are designed to be read by antennae no more than two feet distant, they demonstrated jamming transmissions via a battery-powered transmitter 20 yards away. So an attacker can disable an entire voting station from across the street. Similarly, a terror group could "jam" passport systems at U.S. border controls relatively easily.

A "relay attack" is also possible where the voting station thinks it's communicating with an RFID ballot nearby but a hacker or terrorist can easily make equipment to trick it and transfer votes from party to party or nullify votes to undesired parties. A relay attack may also be used to allow a terrorist to cross a border using someone else's e-passport.

I wonder what they'd make of the supposed next generation PACS (physical access control system)?

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.