In mid-March news broke about a pair of researchers who had cracked the 48-bit encryption in one of the most widely used RFID chips in the world. These chips are used in more than 2 billion bank cards, door access cards, and transportation passes worldwide. Initially it was thought they would be secure for at least two years due to the complex nature of the hack (the researchers separated the chip into over 10,000 layers). New cryptographic techniques were applied and that quickly dropped to minutes, and now it's a matter of seconds. With no physical access to the card. From up to 10 meters away.
So why should you care? Well, you don't know if your bank card, door access card, passport or transportation pass has one of these. One European government has deployed soldiers at certain sites that use RFID badges. That oughta tell you something. If that doesn't concern you, how does it feel knowing that someone with a laptop could be sitting in an airport, a hotel lobby, or even a coffee shop you pass by and grab all your information? Within minutes your credit and bank accounts get wiped out, or your building security card could be duplicated so it looks like you're the one who accessed the computer room, stole the backup tapes, and sold them to a competitor.
In case you're wondering why such low-level encryption was released for such high-value purposes, the chipset involved was introduced in 1994 when cracking 48-bit encryption took months. It has been superseded by chips with stronger security, but it requires both the cards and readers to be upgraded. That's an expensive proposition. The lower-security chip is an entry level one, so it's popular from a cost perspective. I can't blame the manufacturer for offering it, I just wish it hadn't been adopted for such sensitive purposes. Library cards, sure. Shipment or inventory tracking, not a problem. Banking, building security, or personally identifiable information? What the hell are those people thinking?!
RFID is being deployed as a convenience with little thought to the security behind it. Until now it was assumed the need for special equipment was enough of an impediment. That has proven false, and I have no clue how you stop someone from stealing your identity from 30 feet away.