The main security risks and preventive measures of RFID technology

2019-07-19 16:49:39 2

The bar code is a nude swimmer at low tide and there is no safety. RFID technology, because it uses electromagnetic waves to communicate and can store a large amount of data, has relevant value for hackers, so its security risks are many. Here are some common RFID security risks.

  Security risks

  tapping. Since electromagnetic waves are transmitted between the RFID tag and the RFID reader, it is possible for an attacker to "eaves" to transmit content by eavesdropping on the electromagnetic wave signal. Low-frequency RFID tags are easy to be directly eavesdropped due to long communication distances; cheap UHF RFID tags generally have short communication distances, and direct eavesdropping is not easy to implement. Attackers can attack through "intermediaries"-illegal RFID readers. Message eavesdropping.

  The middleman attacked. The RFID tag in the passive RFID system will respond positively after receiving the signal from the RFID reader and send a "connector" signal. Therefore, the attacker first pretends to be a reader close to the tag, and reads the tag information without the tag carrier being unaware; then the information stolen from the tag, the "joint" tag, is sent to the legitimate RFID reader. In turn, the various purposes of the attacker are achieved.

  Deception, replay, cloning. Deception means that the attacker sends the acquired tag data to the reader to fool the RFID reader. Replay is to record the connector's connector number and then play it when the RFID reader asks for a password to trick the RFID reader. Cloning mainly refers to copying the contents of one RFID tag into another illegal tag to form a copy of the original tag.

  For example, an attacker first records an ordinary toothbrush information (EPC code) and then purchases an electric toothbrush. When scanning for payment, the RFID reader is deceived by means of replay or cloning, so that it thinks that the ordinary toothbrush is purchased, thereby achieving the purpose of purchasing high-priced items at a low price.

  Physical cracking. Because RFID systems typically contain a large number of legitimate tags within the system, attackers can easily access the security mechanisms and all private information, especially those that do not have anti-hacking mechanisms.

  Tamper with the information. Data tampering is an unauthorized modification or erasure of data on an RFID tag. The attacker can let the RFID tags carried by the item convey the information they want. For example, the electronic label of the electric toothbrush is 500 yuan/only, and the data is tampered to 50 yuan/only. The hacker only needs to pay 50 yuan for the toothbrush after the tampering data, for the unattended self-service RFID settlement system. It is difficult to find flaws.

  RFID virus. The RFID tag itself cannot detect whether the data it stores is a virus or worm, so an attacker can write the virus code into the RFID tag and then have the legitimate RFID reader read the data. In this way, the virus may be injected into the system, rapidly spreading and destroying the entire system and important data.

  Prevention measures

  Inactivated. The principle of the inactivation labeling mechanism is to kill the RFID tag and lose its communication function so that the tag does not respond to the attack of the attacker (illegal RFID reader). For example, after purchasing an item in a supermarket, the RFID tag on the purchased item can be killed to protect the privacy of the consumer. But it has the disadvantage of not allowing consumers to continue to enjoy the RFID tag-based Internet of Things (Food Supply Chain Traceability System) service.

  Faraday net cover. A mesh cover formed of a metal mesh or a metal foil is placed on the label to shield electromagnetic waves, thereby achieving the effect of shielding the RFID reader from communicating with the RFID tag. For example, if the bank card is made of RFID tags, it can be stored in the Faraday net cover to prevent illegal reading by hackers.

  Active interference. Users can actively emit electromagnetic wave signals to prevent or destroy the reading of illegal RFID readers. Its shortcoming is that it will cause illegal interference, making other nearby RFID systems unable to work properly, and even affect the normal operation of other wireless systems.

  Block the label. This method mainly prevents unauthorized RFID readers from reading protected RFID tag information through a special tag collision algorithm.


  RFID is an invention and application of new systems. One of the important factors that RFID is not used on a large scale is that its security performance is too low! How to improve the security of RFID systems is still a long-term challenge!


With the goal of creating world-class products, we will actively promote the development of diversification and globalization, and help the Internet of Things!