Information Age: News, analysis & insight for IT & business leaders

First it was mobile phones, then Instant Messaging (IM) systems and now RFID (Radio Frequency Identification) tags. In the last few months, experts have found security flaws in almost every electronically programmable device they look at.

In some cases, the worries have been exaggerated. But these warnings are likely to put retailers and manufacturers on alert.

According to a US expert, hackers could use a recently launched software tool to reprogram RFID tags out in the field. This is particularly worrying, since these devices will be widely used to track the whereabouts of physical objects. Reprogramming the tag will be as good as stealing the object.

The software tool, called RFDump, means that retailers who use RFID to tag their goods could be vulnerable to attack from hackers and technologically adept shoplifters.

The warning was given at a security briefing in Las Vegas by Lukas Grunwald, a senior consultant at RFID software supplier DN-Systems Enterprise Solutions GmbH. The company had just announced the release of RFDump, which allows users to read, modify and display data held by an RFID tag.

Grunwald admitted: "This is a huge risk for companies. It opens a whole new area for shoplifting as well as chaos attacks." For example, a thief could mark down the price of an expensive piece of jewellery before paying for it; or an underage hacker could illegally buy an adult movie by switching the RFID tags.

The crux of the problem, says Grunwald, is that the retailers who will be using the technology don't understand how it works.

Solving the security problem will not be easy, according to Grunwald. While encryption could be used to hide data from unauthorised snoopers, he says, not many RFID chips can handle the task of crunching cryptographic keys. RFID tags that can handle encryption are much more expensive - and cost is already an issue preventing the more widespread adoption of RFID.