Introduction

As with any system, Radio Frequency Identification (RFID) is vulnerable to attack. People that work in information security know that any system, including a RFID, can be compromised given enough time and effort. The Exxon-Mobil SpeedPass is a great example of a system that, given enough time and interest from researchers, became a target for research on many fronts.

Case Study: John Hopkins vs. SpeedPass

In 1997, Mobil Oil launched a new payment system for their gas stations and convenience stores called SpeedPass, which is based on the Texas Instruments DST (Digital Signal Transponder) RFID tag technology. In 2001, Exxon purchased Mobil Oil and adopted the same system for their gas stations and convenience stores. Since that time, over 6 million tags have been deployed and are actively being used in the US, which is arguably one of the largest and most public uses of RFID technology to date. Because it is ubiquitous, many people do not realize that they use RFID technology on a daily basis.

A tag is given to the consumer on a key-chain fob and then linked to their credit card or checking account. Passing the tag past a reader automatically charges the credit card or checking account for that purchase amount. It is convenient for the consumer, and subsequently has led to a marked increase in purchases and brand loyalty.

It works like many RFID implementations. To make a purchase, the consumer passes the tag in front of the reader at the pump or...