New tech to make credit cards, mobile transactions hack proof!
Scientists are developing better ways to prevent everyday radio-frequency identification (RFID) technology used in passports, credit cards and mobile transactions from being hacked.
The technology, which allows fast, automated identification of physical objects, is also a staple for many industries – factories and warehouses use it to track inventory and manage supply chains, pharmaceutical companies deploy it to track drugs, and courier services use it to tag deliveries.
“A security breach in RFID applications would leak valuable information about physical objects to unauthorised parties,” said Li Yingjiu, associate professor at the Singapore Management University (SMU).
Since RFID tags work by broadcasting information to electronic RFID readers, security breaches can occur if hackers eavesdrop on this conversation, and manage to gain access to or tamper with information.
To protect communications between tags and readers, researchers are designing and testing new RFID protocols with enhanced security features.
These strategies include making the protocol’s output unpredictable, making two tags indistinguishable to the hacker, and preventing hackers from obtaining useful information even if they manage to interact with the tags.
In addition, there are many instances where sharing of RFID information – between suppliers and retailers, for example, or between various components of an Internet of Things – would have obvious benefits, said Li.
However, without appropriate security controls, most companies would be reluctant to make valuable data readily available.
To address this problem, researchers are also designing improved access control mechanisms that protect RFID information when it is shared on the internet.
We in fact carry RFID around in our pockets – mobile payment systems use a specialised form of the technology. Given our increasing reliance on smartphones for everyday functions – banking transactions and contactless payments, for example – mobile security has become an area of critical importance.