Defense in Depth Subscribe to Defense in Depth
April 14, 2008 1:59 PM PDT

Researcher: Misunderstandings surround RFID in use today

Posted by Robert Vamosi

When asked how RFID worked, a group of novices responded to a recent academic survey with "witchcraft" and "magic."

In a talk Monday at USENIX Usability, Psyschology and Security Conference (UPSEC) 2008 in San Francisco, Andrew McDiarmid of the University of California, Berkeley, shed light on how ordinary people perceive RFID-enabled cards in their day to day life. He said while novices and intermediates were familiar with times when RFID-enabled smart cards such as work access cards or transit cards didn't work, they couldn't explain it. On the other hand, advanced users knew enough to keep their RFID-enhanced credit cards sheathed in a mini "Faraday cage" so the cards could not be read by others.

Speaking before a room of about 45 fellow researchers, McDiarmid reported on exploratory research conducted in 2007 with Jennifer King, also at U.C. Berkeley. Based on feedback from this initial sample group, the two hope to open the survey to a much larger audience of novice, intermediate, and advanced users during 2008. They will also narrow the focus to two specific RFID-enhanced items: e-passports and contact-less credit cards.

Perhaps most surprising among the data was the assumption of audio or visual feedback among all three groups. McDiarmid said that the use of contact-less credit cards is impersonal; often there is no confirmation of a transaction, such as you had when a clerk handed your card back at the end of the purchase. "Customers want feedback," he said.

Another misconception revealed by the survey is that cards can only be read by specific readers. That is not true, said McDiarmid. Thus, he wasn't too surprised that only two individuals in his survey group knew to sheath their contact-less credit cards.

In a paper released at the conference, McDiarmid and King expressed concern over how the government and commercial interests are assisting the typical end user with the new technology.

McDiarmid said on Monday that although the State Department provides a brochure describing the features of the ePassport, and companies like Visa offer videos describing the features of its PayWave contact-less credit cards, the general public still doesn't understand the basic concepts behind RFID, and therefore do not understand the inherent risks.

Recent posts from Defense in Depth
ZoneAlarm virtualizes the desktop Internet browser
Yahoo e-mail accounts compromised for spammers' use
Skeleton key unlocks Microsoft SQL servers in latest Web attack
Web browsers and other mistakes
Goodbye Storm, Hello Srizbi
Add a Comment (Log in or register) 4 comments (Page 1 of 1)
Stupid way to make a credit card
by Mergatroid Mania April 14, 2008 4:14 PM PDT
I will never own one of these cards. There would be no danger at all if these companies would just, plain and simple, not put RFID in credit cards to begin with. I mean, just how stupid can they be? Just because you CAN do something, doesn't mean you SHOULD. A credit card that is dangerous until you sheath it is just idiotic. Now they will have to come out with laws making sure the companies explain to John Q Public Idiot just how the cards work, how and why it's important to sheath them, and just how much trouble you can get into if you don't. Why not just come out with t-shirts with your credit card info printed on both sides? Then ANYONE LOOKING AT YOU could get your credit card info. That would be just about as safe as using RFID. In closing, if I ran an insurance company, I would tell the credit card companies and their customers that they will not be covered if the data from these RFID cards is stolen. Let the morons causing the problem pay for the consequences. DUH!
Reply to this comment View reply
Why not put an on-off switch
by califalcon April 17, 2008 12:10 PM PDT
Man, people never stop amazing me, just freaking allow the user to turn on/off their own RFID chip, that would solve alot of trouble. Did you know that you can even be targeted in foreign countries because of the chip in your passport? Someone could make a bomb that only goes off if it receives a signal from a US password RFID chip for example, 21st century smart bomb! Just sick, no way in hell I am carrying one of those, I rather be without documents.
Reply to this comment
Powered by Jive Software

  • About Defense in Depth

  • With over eight years at CNET covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews with the top security researchers making the news as well as offering the hands-on, non-technical advice you'll need to stay safe online.

Add this feed to your online news reader
Google
Yahoo
MSN

Defense in Depth topics

Latest blog posts from News.com

Featured blogs

Beyond Binary by Ina Fried A look at how technology is changing our lives and at the people behind all that life-changing stuff.

Coop's Corner by Charles Cooper Charles Cooper weighs in on Silicon Valley hijinks, and he doesn't suffer fools gladly.

Geek Gestalt by Daniel Terdiman At the tech culture nexus of video games, fire art, and virtual worlds.

Green Tech Fresh green tech news and commentary.

One More Thing by Tom Krazit Tom Krazit takes on the tech phenomenon that is Apple, and keeps a close watch on the chip industry.

Outside the Lines by Dan Farber When business and technology meet, that's when things get interesting.

The Iconoclast by Declan McCullagh Exploring the intersection of politics and technology.

The Social by Caroline McCarthy Exploring all facets of social media and tech culture.

Underexposed by Stephen Shankland Coverage of digital photography, science, and open-source software.

Resource center from News.com sponsors

advertisement
Click Here
Welcome (log out) |View profile
Log in | Sign up Why join?
On TV.com: HOUSE episode guide
Advanced
search
advertisementGet Microsoft Office Live Workspace>
Advanced
search
Visit other CNET Networks sites: