a) it's a radio signal. However low power it is, it gets transmitted huge distances while still being detectable (especially if you capture it multiple times to read through noise). I'd love to take a massive dish (say, 20 foot diameter) & see how many can be captured from inside a neighboring building.
b) I have yet to hear of a single RFID card which has a switch on it to address this. It's a big security problem. I saw one hobbyist hook up an OLED pixel, but that's it.
e) I've heard of a couple, very expensive, challenge-response and public-key RFID systems. That is acceptable for authentication, but I've never heard of them actually being used, and one or two were only proofs-of-concept, IIRC. Many (I'd say easily most in use, from what I gather) simply transmit a unique ID, that never changes, which is used to perform X, which is ridiculously insecure.
> I'd love to take a massive dish (say, 20 foot
> diameter) & see how many can be captured from
> inside a neighboring building.
Are you talking about active or passive RFID? I was under the impression that most RFID in use is passive. In that case, you'd have to transmit something to get a response, unless you're talking about camping out in an area where lots of cards are going be activated by various things other than yourself (e.g. entrance to the transit system). But even then the transmitting power of the RFID chip is proportional (?) to the power used to activate it, so something that only expects to read it from 2 feet away isn't going to blast it with enough power to be reliably read from 100 feet away, unless I'm misunderstanding how people do those long distance RFID reading records...
So say a 5-foot range. Find a group of employees out for lunch together and I walk past the table with a backpack on. Hardly suspicious, and I've probably got most of their building access cards.
I was responding to someone to someone talking about a 20-foot dish though. That's not something you stuff in a backpack. I was commenting on his desire to listen with a huge dish at a distance.
I vaguely remember an article from around the time RFID passports were a hot issue, in which researchers used multiple capturing devices and were able to square the reading distance. I don't know whether that was specific to the distance they used, the type of RFID, or even an upper limit, but it was an unbelievable improvement.
Most applications of RFID by authentication (think door locks) use only unique ID (address) of the card and nothing else. And the communication protocol used by reader works like this: Is there anyone with address starting with 0? ... Starting with 1? Yes. Starting with 10? ... Starting with 11? Yes. ..... So you only have to listen to reader side of communication and guess the last bit.
Passively camping out. Lots of (questionable) RFID uses I've seen are to unlock doors, often external ones. And if it's in a business park, it could easily be closer to 50 feet or less between buildings.
When I first heard of this attack I'm pretty sure the solution to that is a high-gain antenna. I don't know how often that actually works, but it's theoretically supposed to.
An important note on the 69-foot record in 2005 you linked: they've just got two antennas, no focusing dish at all.
If someone comes along with a powerful rig, say using some of the techniques astronomers have had for many years to detect far weaker signals, what sort of distance might we be talking? It's not too far-fetched if you include possible corporate / governmental espionage attempts.
b) I have yet to hear of a single RFID card which has a switch on it to address this. It's a big security problem. I saw one hobbyist hook up an OLED pixel, but that's it.
e) I've heard of a couple, very expensive, challenge-response and public-key RFID systems. That is acceptable for authentication, but I've never heard of them actually being used, and one or two were only proofs-of-concept, IIRC. Many (I'd say easily most in use, from what I gather) simply transmit a unique ID, that never changes, which is used to perform X, which is ridiculously insecure.