Cellphone could crack RFID tags, says cryptographer
SAN JOSE — A well known cryptographer has applied power analysis techniques to crack passwords for the most popular brand of RFID tags.
Adi Shamir, professor of computer science at the Weizmann Institute, reported his work in a high-profile panel discussion at the RSA Conference here. Separately, Ron Rivest, who co-developed the RSA algorithms with Shamir, used the stage of the annual panel to call for an industry effort to create a next-generation hashing algorithm to replace today’s SHA-1.
In recent weeks, Shamir used a directional antenna and digital oscilloscope to monitor power use by RFID tags while they were being read. Patterns in power use could be analyzed to determine when the tag received correct and incorrect password bits, he said.
"The reflected signals contain a lot of information," Shamir said. "We can see the point where the chip is unhappy if a wrong bit is sent and consumes more power from the environment…to write a note to RAM that it has received a bad bit and to ignore the rest of the string," he added.
"I haven’t tested all RFID tags, but we did test the biggest brand and it is totally unprotected," Shamir said. Using this approach, "a cellphone has all the ingredients you need to conduct an attack and compromise all the RFID tags in the vicinity," he added.
Full Article