Radio-frequency identification tags are supposed to make life easier for retailers–improving supply chain management, simplifying inventory tracking, and reducing theft. But RFID could actually make life easier for in-store thieves, says a German information security consultant.
Forbes.com reports on Lukas Grunwald’s claims, which he made last week at the Black Hat Security Briefings conference in Las Vegas. Grunwald created software that allows him to change the information stored on the RFID tag and proposes the following scenario: a thief could go into a store where all the products have RFID tags on them. He thinks $7 is too much for a bottle of shampoo; he’d rather pay $3. So he uses a PDA equipped with an RFID reader to scan the tag on the shampoo, and he uses software like Grunwald’s to replace that information with data from the tag on a $3 carton of milk. When he reaches the checkout stand–which is automated, of course, saving money on labor–he’s charged $3 instead of $7, with the store’s computer systems none the wiser.
Grunwald is releasing his program, called RFDump, for free to prove his point and let others learn about RFID security.