This blog is intended for individuals with a technical background eager to explore Radio Frequency IDentification (RFID) technology and its implementation. Whether you are interested in the basics of RFID or looking to enhance the security of your current RFID system, this blog is your go-to resource. Join us as we unravel the intricacies of RFID technology, discover the diverse types of RFID cards and their vulnerabilities, explore common attack vectors, and unveil essential best practices for establishing a robust and secure RFID infrastructure. We will bridge the gap where knowledge meets practicality, empowering you to harness the full potential of RFID while safeguarding your valuable data. Stay tuned for an immersive exploration that will revolutionize your understanding of RFID technology.
Most people would not think much about how common RFID technology impacts our everyday lives, other than the typical access badge from work.
Figure 1: NS (Nederlandse Spoorwegen) chipcard (Source: Reizen met een OV-chipkaart | Reisinformatie | NS )
You can find it in public transport cards, debit and credit cards, hotel keys, car keys, passports and even chips implanted in animals. Even fewer people know that such badges and cards have tiny computer chips that work with the power passively collected from a reader.
Figure 2: RFID in the form of a sticker with a barcode on the opposite side (Source: Bestand:RFID Chip 001.JPG - Wikipedia)
This type of technology has existed for decades, as the first ‘presumed’ RFID device was given by the Soviet Union to the United States ambassador of the Soviet Union in 1945 and was later termed ‘The Thing’ (or ‘The Great Seal’) (see Figure 3). It was a wooden seal with a bug (covert microphone) behind it that was powered by receiving a specific radio signal sent out by the Soviets and sent its audio back by modulating that signal according to the sound waves received by its microphone. This ‘bug’ in disguise was hung inside the ambassador’s study and remained undiscovered there for seven years.
Figure 3: The back side of The Thing, where the bug (silver object) was hidden in. Image source: The Great Seal | International Spy Museum
Although modern RFID works by sending a digital signal back to the receiver, it still works on the same principle of modulating a signal as ‘The Thing’ did. RFID chips are powered by radio waves sent out by a reader (such as a Near Field Communication (NFC) device), enabled by a payment terminal in a store. These waves are collected by long copper wires hidden inside their medium (such as a badge) that work like an antenna (see Figure 4). This technique is also known as induction.
Once the chip has processed this information and wants to send a signal back, this technique is called ‘load modulation’ and uses modulation of the voltage of the inductive field. The communication protocol between the reader and the chip depends on the frequency at which a certain type of RFID chip operates. There are different ISO standards for each frequency, such as ISO-14443, 15693 and 18000-1-7 (see: RRFID Standards – ISO IEC EPCglobal » Electronics Notes (electronics-notes.com)). In general, there are three types of frequencies at which RFID can operate. Low frequency (based on technology from the 70s), which operates between 30 KHz and 300 KHz and is still sometimes used for access badges and animal identification, high frequency (between 3 MHz and 30 MHz), which is also known as NFC (Near Field Communication, see: What is the difference between RFID and NFC – RFID Card) and is also used for access badges. Finally, there is ultra-high frequency (between 300 MHz and 3 GHz), which is used to track large objects (containers) from a long distance (up to 10 meters).