RFID chips snooped from 66 metres
US military could maybe read the thing at 80 miles. By gum!
RFID tags can be read at a surprising range, a researcher has found.
When he's not listening in to GSM phone calls, Chris Paget has been busy seeing at what distance an RFID tag can be read, managing a respectable 217 feet.
Paget also reckons the US military could read an EPC Gen2 tag from 80 miles off, though the connection would likely time out before any data was retrieved. Which is a shame as his calculations put the theoretical maximum read range at 317 miles, if you've got a big enough dish.
The Arecibo Dish, which Mr Paget reckons could read a tag at 317 miles if you could get it pointed the right way
Generation 2 tags aren't what we use in credit cards, or NFC-equipped phones, at least not yet. EPC Gen2 tags don't rely on magnetic induction for power and can thus be read at a much greater distance making them ideal for packaging and product labels, and the US Passport Card, among other things.
As Paget explains in his report (pdf) Gen2 readers are more akin to radar in that they send out a radio signal (around 900MHz) and listen to the reflection which comes encoded with the tag's identification code, which is created using the power of the radio signal. So increase the power of the signal and you can increase the read range, though signals that don't make it back within 100 microseconds get discarded: providing a theoretical cap of about 10 miles.
Paget was working within the limits of a radio ham licence so couldn't up the power hugely, but still managed a respectable distance and suggests that such a capability could be exploited by criminals in a variety of ways – especially if said criminals are less respectful of ham licensing restrictions.
A residential block, for example, could be swept for tags attached to high-value items worth stealing, or a crowd could be scanned for non-local passports belonging to tourists (who might make better mugging targets), not to mention the joy of tracking on individual from miles away.
The report also suggests that mall customers could be tracked by logging them as they enter the mall, but as some malls are already tracking us through the radio transmitters we're already carrying (our phones), that seems redundant.
Whatever the risks, the real joy is in seeing what can be achieved and pushing the technology to its limits, for no reason beyond seeing if it can be done. ®
Sponsored: Becoming a Pragmatic Security Leader