One of the busiest areas at IFSEC was the RFID Secure stand on which the company showed the ease in which access control RFID cards and bankcards can be cloned. The ID card carried by staff, visitors or contractors will reportedly give up its code to any reader operating on that radio frequency. This means that a third party with an easily concealed scanner could walk through a crowd, ride on public transport, a lift or escalator, or in any other crowded area and scan targeted RFID enabled access cards and then write that scan to a blank card. All without the data owner/card holder ever knowing it happened.
The third party then can produce an exact clone of the key with the same level of access that the owner has. The scanner doesn’t care if the codes are encrypted – all it sees is a string of data which it copies exactly. In turn the security system will only record that the employee is ‘in the building’, even though they may be in a different country.
Another major problem at the moment involves the use of contactless payments such as those made by Oyster cards used by Transport for London to track and charge commuters on its trains. If the commuter presents the Oyster card inside a wallet to the barrier reader it is possible for the scanner to actually take note of a contactless bank card instead. This can lead to confusion over payments and is known as ‘card clash’. It is down to the card owner to prove this error to receive any money back from being overcharged.
“Our products give protection against this very real risk of electronic invasion known as electronic pickpocketing,” said Robin Rager, Director at RFID Secure. “They protect against identity theft and provide security for corporate or personal information. Our products include RFID blocking sleeves, wallets and purses, passport cases, badge holders and more, so any item has a safe and secure RFID blocking solution.”
PSI will put the solutions to the test in a future edition of the magazine.