Experts are divided on the scale of the security risk posed by radio frequency identification (RFID) wireless tag technology after a computer expert demonstrated that data held on the tags could be easily cloned.


At the Defcon security conference in Las Vegas, Lukas Grunwald of German security company DN-Systems demonstrated a way to copy information between RFID tags, including those used in new e-passports and corporate access cards.


Grunwald said the technique had taken just "two weeks and $5,000 in legal fees to develop" using inexpensive RFID hardware and scanners and homegrown software.


While Grunwald was not able to manipulate or change data held on the tags - limiting its usefulness for forging e-passports holding biometric data - the approach did quickly copy data onto new tags, posing a potential security risk for firms using the technology in corporate access cards or to authenticate products such as medicines or manufacturing components.


Nigel Montgomery of analyst firm AMR Research branded the demonstration as " sensationalist", and said the security threat posed by RFID tags was still " minimal", but admitted it was likely to hamper adoption of RFID technologies.

"RFID tags are not 100 percent secure, but what is?" Montgomery asked. " People could copy data held on tags, but it is far easier for them to copy a label and a barcode [on counterfeit medicines, for example] than find the radio frequency, copy the tag and decrypt it so they can understand what's on it."

Read more »