SciTech Watch: Introduction to RFID Tags
Published March 23, 2006
Radio Frequency Identification (RFID) tags are showing up a lot in the news lately, especially as sources of security risks and privacy invasion. What follows is an introduction to what RFID (or arphids as they are colloquially known) tags are, what they are used for, and what security and privacy risks they present.
Radio Frequency Identification tags are small pieces of semiconductors that have information stored on them. 
They come in three flavors: passive, semi-passive, and active. Passive arphids possess no active transmitter to broadcast the information they store. However, when exposed to a radio signal, they convert the received radio signal into current and the current powers a transmitter which transmits the information the arphid has stored. Semi-passive arphids have a battery-powered transmitter, but only transmit their data in response to a received signal. Active arphids transmit their data for the life of their batteries and are also known as beacons. Battery life of active arphids can be up to ten years and their range and memory capacity are typically larger than the other types of arphids. Passive arphids are the most common, because they are the least expensive to produce and can be printed on labels in much the same manner as bar-codes.
In function arphids are very similar to the ubiquitous bar-codes we see on products. Both the bar-codes (commonly a UPC code) and arphid tags store data, usually an 8 to 10 digit number. In bar-codes this number can be read by aiming a bar-code scanner at the bar-code. For a bar-code to be read, the printed bar-code must be legible to the reader and the bar-code must pass within less than a foot of the reader. Once the number is read, it is matched up to a list entry which contains a longer identifier associated with the number read from the bar-code. Arphids work much the same way, but because they use radio-frequency energy rather than light, there are fewer constraints on reading the arphid. The arphid makes warehousing and other handling and tracking operations simpler because the arphid can be read from a greater distance and with fewer physical constraints. Additionally, arphids can hold more data than a bar-code, so besides UPC-scanner types of operations, more detailed information about the arphid-labeled product can be returned by the arphid reader.
Because arphids can be read from greater distances, they can be used for additional purposes, where bar-codes cannot. For instance reading bar-codes of products stacked on a shelf would be a very-labor intensive operation, however reading arphid data from a similarly stacked shelf would be much easier since each item would transmit its own data when queried. This long distance reading capability also presents a security risk if the data stored on the arphid is of a sensitive nature. The arphid has no authentication mechanism so anyone with a proper reader can query and arphid. Unless the data stored on the arphid is encrypted then it will be available to anyone. Products labeled with arphids will be trackable to a far greater degree than a bar-coded product and this means even after you purchase a product and take it home the data on it could still be read. This greater availability of product data is seen as a loss of privacy by some. 
- SciTech Watch: Introduction to RFID Tags
- Published: March 23, 2006
- Type: News
- Section: Sci/Tech
- Filed Under: Sci/Tech: Personal Tech, Sci/Tech: Computers, Politics: Law and Rights, Culture: Society
- Part of a feature: SciTech Watch
- Writer: John Vaccaro
- John Vaccaro's BC Writer page
- John Vaccaro's personal site
- Spread the Word
- Like this article?
- Email this
Save to del.icio.us
Comments on this articleComments
Turns out that the virus was information stored on the chip which when fed into a vulnerable backend system caused a problem. If the vulnerable system had been patched and/or the backend properly designed whetever is stored on the arphid would not negatively impact the system as a whole.
I agree with the posts above. RFID does not receive as much attention as it should be. The above link provides a valid find about vulnerabilities. In addition RFID tags pose a huge privacy issue as it would not only be used in commercial areas but also for tracking purposes.
Does everyone have their tin-foil hat on?
I recently started up a company that sells RFID blocking wallets and passport cases. Take back control of your privacy. gizmodo post
wow thats crazy, in the bible it states that "thou shall not wear the mark of the beast, which in this case is the RFID chips soon to be implanted into everyone
DIFRWear, I guess when you open your wallet you are screwed, hopefully she's blond and cheap.
Nice invention!
Lex
Just FYI, "RFID for Dummies" is not the definitive work on RFID...it has more than a few factual errors in it (this from some of the people who contributed to it). [And please, it's "RFID" (Radio Frequency ID) not "arfids."] But, the more you learn about the various forms of RFID (and the underlying physics), the less scary it becomes (in fact, its performance is pretty wretched in many applications). Yes, some types of RFID tags can be "hacked" (but it's much harder when security and good database design are really employed) but you're more in danger of having the computer you use corrupted by worms, trojans and viruses.
Add your comment, speak your mind
(Or ping: http://blogcritics.org/mt/tb/45413)
It was in the news recently that RFID chips could get infected by some new kind of viruses.. for those that are interested in this subject, you might want to have a look at this site that explains the process in detail.
Cheers!
Kiltak
[Geeks Are Sexy] Tech. News