The Security of RFID Cards
Interesting paper on the security of contactless smartcards:
Interestingly, the outcome of this investigation shows that contactless smartcards are not fundamentally less secure than contact cards. However, some attacks are inherently facilitated. Therefore both the user and the issuer should be aware of these threats and take them into account when building or using the systems based on contactless smartcards.
MathFox • June 11, 2006 7:34 AM
I can agree with the author of the article that side-channel attacks make it “just as easy” to obtain secret keys from contact cards as from contactless cards. She didn’t sufficiently address the privacy and other issues related to evesdropping and “rogue access” to the contactless card. (What is her/Gemplus’s agenda?)
I value physical security highly; it can be explained easily: “Don’t put your bank card in a dubious ATM.” How can the average consumer prevent access to a contactless card? Yes, tinfoil wallets help; but even then you’ll have to take out your card once in a while and criminals can use that window of opportunity by placing their rogue readers near ATMs or POS terminals.