IDG News Service reports that researchers from Rutgers University and University of South Carolina have found that radio frequency identification (RFID) systems that transmit data between new cars’ electronic control units and their tires can be  forged or intercepted, which could identify the location of the car and driver. (RFID systems transmit data wirelessly from a chip or tag to a reader.) The report (pdf), “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study,” was released in February but will be presented at this week’s Usenix Security Symposium in Washington, D.C.

IDG interviews Wenyuan Xu, a computer science assistant professor at the University of South Carolina, who was a co-lead on the study.

The system that the researchers tested monitors the air pressure of each tire on an automobile. The U.S. has required such systems in new automobiles since 2008, thanks to legislation passed after controversy erupted over possible defective Firestone tires in 2000. The European Union will require new automobiles to have similar monitoring systems in place by 2012.

As computerized systems are being increasingly used in automobiles, critics such as Xu are asking what safeguards system makers are putting in place to prevent vulnerabilities in such systems, knowing that bugs and security holes invariably sneak into all software. [...] Read more »

The Wall Street Journal reports that Wal-Mart will use radio frequency identification (RFID) technology to track the clothing sold in its stores. RFID systems transmit data wirelessly from a chip or tag to a reader. It has been proven time and again that unsecured RFID tags can be scanned and the data gathered with cheap, off-the-shelf technology.

Starting next month, the retailer will place removable “smart tags” on individual garments that can be read by a hand-held scanner. Wal-Mart workers will be able to quickly learn, for instance, which size of Wrangler jeans is missing, with the aim of ensuring shelves are optimally stocked and inventory tightly watched. If successful, the radio-frequency ID tags will be rolled out on other products at Wal-Mart’s more than 3,750 U.S. stores. [...]

Wal-Mart’s broad adoption would be the largest in the world, and proponents predict it would lead other retailers to start using the electronic product codes, which remain costly. Wal-Mart has climbed to the top of the retailing world by continuously squeezing costs out of its operations and then passing on the savings to shoppers at the checkout counter. Its methods are widely adopted by its suppliers and in turn become standard practice at other retail chains. [...] Read more »

CBC News reports on security questions surrounding credit cards that are “contactless,” meaning they use radio frequency identification (RFID) technology. (RFID transmits data wirelessly from a chip or tag to a reader).

It has been proven time and again that unsecured RFID tags can be scanned with cheap, off-the-shelf technology, but people remain shocked when confronted with the evidence. Some states have laws that would protect such data. For example, Washington state has a law to prevent “skimming” (unauthorized gathering of data from RFID tags).

CBC News reports:

Most newly issued credit cards pose major fraud and privacy concerns because of how they’re designed to be scanned through the air, some cyber-security experts warn. [...] Read more »

The Arizona Republic reports that Northern Arizona University will soon begin using wireless ID card reader technology (likely RFID, but the article doesn’t say) to track student attendance in classes.

This fall, the university plans to begin equipping classrooms on the Flagstaff campus with technology that will “read” a student’s ID when he or she enters the classroom. The readers are so sensitive that students won’t even have to take their IDs out of their pockets, said David Bousquet, NAU’s vice president of enrollment management and student affairs.

The card readers, estimated to cost a total of $75,000 and paid for by federal stimulus funds, will be phased in. Eventually, Bousquet wants to install card readers in all classrooms that seat 50 or more students. Each faculty member could decide whether to use the system.

NAU President John Haeger said he wants to improve student retention. Read more »

IDG News Service reports on new research concerning radio frequency identification (RFID) technology and privacy.

“We are building our own RFID cards and adding features to them to make it visible and noticeable when someone is accessing the information,” Nicolai Marquardt, a Ph.D. student at the University of Calgary said during the Computer Human Interaction conference in Atlanta Wednesday. [...]

With RFID being embedded into everyday items like passports, credit cards and transit passes, security becomes a concern with the always-on technology.

Marquardt is working with Microsoft Research in the U.K. on the project and has four distinct types of RFID controllers. Read more »

National Public Radio reports on state efforts to restrict the use of a radio frequency identification (RFID) chip to track or “mark” individuals. Previously, I noted that in 2008, Missouri passed HB 2041, which makes it a misdemeanor for any employer to “require an employee to have personal identification microchip technology implanted into the employee for any reason.” The states of California, North Dakota (pdf) and Wisconsin (pdf) also have passed legislation forbidding the compelled implantation of RFID chips in humans. I’ve discussed how the use of RFID technology in ID cards can raise privacy and security questions.

NPR reports:

A [Georgia] state House committee approved a measure this week that makes it a misdemeanor to implant microchips, sensors, transmitters or any other manner of tracking devices into individuals against their will. The state Senate has already passed the bill. Read more »