CNET news reports that privacy advocates may not be the only people taking issue with the current crop of radio-frequency identification tags – merchants will likely have problems with a lack of security as well, a German technology consultant said Wednesday.
Low-cost RFID tags – many which are smaller than a nickel and cost less too -are already being added to packaging by retailers to keep track of inventory but could be abused by hackers and tech-savvy shoplifters, said Lukas Grunwald, a senior consultant with DN-Systems Enterprise Solutions GmbH. While the technology mostly threatens consumer privacy, the new technology could allow thieves to fool merchants by changing the identity of goods, he said.
This is a huge risk for companies. It opens a whole new area for shoplifting as well as chaos attacks.
While expensive RFID reader hardware and hard-to-use software have hindered security research in the area, Grunwald said that’s no longer a hurdle. The security expert announced during the session a new software tool that he helped create that can be used to read and reprogram radio tags.
When such tools become widely available, hackers and those with less pure motives could use a handheld device and the software to mark expensive goods as cheaper items and walk out through self checkout. Underage hackers could attempt to bypass age restrictions on alcoholic drinks and adult movies, and pranksters could create confusion by randomly swapping tags, requiring that a store do manual inventory.
Grunwald’s software program, RFDump, makes rewriting RFIDs easy. While there are significant malicious uses of the program, consumers could also use it to protect themselves.
Everyone should have the right, once they leave the store, to erase the RFID tags. Deleting information on the tags would allow people to stop RFID checkpoints in stores and other places from tracking which products they are carrying, or which have been inserted under their skin.