What is RFID?

RFID stands for Radio Frequency Identification. This technology allows a small transmitter to communicate with a reader or receiver near it. The transmitter may  transmit simple identification information or one-time-use codes. Either of these transmissions may or may not be encrypted.

RFID enables many tap-and-go payment methods. It can also be used to grant access to a hotel room, apartment common area, or organization office space. Further, RFID technology aids in starting cars that rely on a button and a nearby fob instead of using a traditional key.

Two main concerns:

1. Cloning. Cloning requires a bad guy near the RFID transmitter (card/fob/etc) with a comparable blank on which to copy it. This is more of a concern when RFID is used to grant access to spaces, as these systems may choose not to encrypt their RFID transmissions due to cost. Most credit cards use a unique code for each purchase, which makes cloning much less of an issue.
2. Man in the middle attacks. Man in the middle attacks rely on a separate piece of hardware that is often placed over the intended RFID reader. For example, the ATM or gas card reader that appears surprisingly bulky because of hardware placed over the original face plate. The hardware either saves the info it harvests for later or transmits it to the bad guy directly. The hardware almost always transmits the information to the intended card reader as well so the transaction completes and the crime goes undetected.

What you can do:

• Limit exposure. Try to keep your RFID enabled cards and fobs out of the public. Most attacks depend on being close to the device and a bad guy cannot compromise what they cannot access.
• RFID shields. These take many forms. They can be as small as slim cards to sandwich your credit cards between or as large as entire wallets/purses meant to contain more valuables. RFID shields do not eliminate the threat, but they do make it harder for your RFID items to be compromised. If you are concerned, wrapping your items in foil will achieve similar results.
• Keep an eye out. Man in the middle attacks rely on a physical device. Check that the face plate of your ATM or payment dock is firmly secured and similar in size to those around it.
• Ask questions. Considering leasing an apartment that uses RFID? Wondering about getting your organization into a building with RFID accessibility? Ask whether it the RFID transmissions are encrypted. It makes a big difference as to physical security.

Should I be concerned?

Not in the way most people think. When most people think of RFID attacks, they think of their credit cards. Bad guys can usually buy a credit card number off the Dark Web for much less effort than compromising your RFID. Most credit card issuers do not hold you liable for fraudulent transactions. A little foil and vigilance can usually keep your credit card number safe, and regularly checking your statements will give you enough time to flag a purchase you never made.

Building security is a bigger concern, however. Ask your landlord or property manager about whether any cards or fobs they issue are encrypted if you are leasing. Look into your office security and consider investing in an upgraded system if you run an organization. If you are looking into installing your own smart lock, check with the manufacturer to make sure the transmissions are encrypted.