“Encryption protects the password transmission. But renowned cryptographer Adi Shamir of Weizmann University claims to have found a way to bypass the encryption scheme and obtain the self-destruct password using technology no more sophisticated than that in a common cell phone.

Shamir announced the discovery this morning at the 2006 RSA Conference, a large computer security meeting opening today in San Jose, Calif. “Everyone expects that there will soon be billions of these tags in circulation,” Shamir noted. “We bought one of the major-brand RFID tags and tried to break into it by power analysis,” he said.

RFID tags have no battery or internal power source; they obtain the energy they need to operate by sucking it out of the radio signals they absorb. But in doing so, every computation of the RFID circuit modifes the radio environment. Shamir and his coworkers used a simple directional antenna to monitor the power consumption of an RFID tag as they transmitted correct and incorrect passwords to the device slowly, one bit at a time.”

---

Related articles:

A History of the EPC Understanding RFID part 4: The black art of RFID antennas Understanding RFID Part 5: RF Characteristics