RFID: How Big is the Security Risk?

Critics of radio frequency identification technologies are just making noise, and technology executives shouldn’t fear RFID’s capabilities, a Symbol Technologies executive said late last week.

Responding to concerns over RFID’s security and potential for privacy invasions, Joe White, Symbol’s vice president for product management and tag engineering, said that newer products—and even the older ones—are more secure than most people think.

“When you look at all the things you carry that can expose your privacy, there’s a lot of control over RFID tags,” he said after briefing Baseline on the Holtsville, N.Y.-based company’s release of Generation 2 RFID transponders and metal mount tags, which are designed to handle rugged environments.

In March, a group of programmers from Vrije Universiteit in Amsterdam presented a paper titled “Is Your Cat Infected with a Computer Virus?” on how data from RFID tags—which can be used to help keep track of animals—can be used to infect a company’s back-end computers with worms and viruses.

Stateside, as Wal-Mart and other big-box retailers ramp up their demands on suppliers’ RFID capabilities, some have complained that corporations and government organizations could track buyers’ whereabouts after purchasing items with embedded tags.

But those concerns are overblown, according to White. Passive tags, which don’t have an internal power source, can only be read within 30 feet, he said, limiting their prospect for intrusion. He also said that frequently used 96-bit tags don’t have enough capacity to handle executable code, so they pose little threat to a company’s internal systems.

As technology advances, however, tags will be able to process executable code, which could lead to problems for an enterprise, White said. But he believes those advances are “still several years away.”