The Journal of the American Medical Association published a report on Wednesday that showed certain RFID systems may induce hazardous incidents in nearby critical care medical equipment.  The study examined the effects of a 128 kHz active RFID system and a 868 MHz passive RFID system on 41 different types of medical devices.  Out of 123 tests, 34 led to electromagnetic interference incidents, 22 of which were classified as hazardous, 2 as significant, and 10 as light.

Though many consider the result of this study to be a serious and shocking failure in engineering, some RFID vendors claim that the problem could be avoided by lowering the power output of the RFID readers.  In any case, this study highlights a key obstacle for pervasive RFID systems: it will probably not be possible to deploy RFID readers in all locations of interest due to a variety of issues including electromagnetic interference, budgetary issues, or aesthetic concerns.  As such, a successful RFID system will have to infer when a tag enters a location which is not covered by an RFID reader.  This is one of the challenges which we designed Cascadia, the RFID Ecosystem’s event detection middleware, to address.  In particular, Cascadia allows an admin to define a graph that describes locations of interest (which may or may not be covered by an RFID reader – see image below).  Cascadia then tracks tags over this graph and can infer with some probability when a tag enters a location that is not covered by an RFID reader.  See our MobiSys 2008 paper for details!

The Guardian reports that London’s Oyster transit card may have been hacked by a group of Security researchers at Radboud University in Holland.  The hack allows an attacker to clone the Oyster card’s RFID chip after cracking its encryption in just a few seconds.  This is the latest in a series of Mifare smartcard hacks which have compromised European transit card systems in the last year.

It’s interesting to note that the authorities are not considering the hack to be a serious threat.  London Transport has claimed not only that they can detect fraudulent use within 24 hours using checks in software (a level of security often ignored by hardware hackers), but that a criminal could gain at most about £3 per cloned card.  As such, the incentive to clone Oyster cards probably isn’t that great.  One point which the article does not highlight and which is perhaps more concerning from a privacy standpoint, however, is that London Transport collects and can process data on 38 million journeys per week to identify individual instances of fraudulent use (and who knows what else?).