Page 838 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 838

There is some concern that RFID can be a privacy-violating
               technology. If you are in possession of a device with an RFID chip,

               then anyone with an RFID reader can take note of the signal from your
               chip. When an RFID chip is awakened or responds to being near a
               reader, the chip (also called the RFID tag) transmits a unique code or
               serial number. That unique number is meaningless without the
               corresponding database that associates the number with the specific
               object (or person). However, if you are noted or recorded as the only
               one around while a reader detects your RFID chip code, then they can

               associate you and/or your device with that code for all future
               detections of the same code.


               NFC

               Near-field communication (NFC) is a standard that establishes radio
               communications between devices in close proximity (like a few inches
               versus feet for passive RFID). It lets you perform a type of automatic
               synchronization and association between devices by touching them

               together or bringing them within inches of each other. NFC is a
               derivative technology from RFID and is itself a form of field-powered
               or triggered device.

               NFC is commonly found on smartphones and many mobile device
               accessories. It’s often used to perform device-to-device data
               exchanges, set up direct communications, or access more complex
               services such as WPA2 encrypted wireless networks by linking with

               the wireless access point via NFC. Because NFC is a radio-based
               technology, it isn’t without its vulnerabilities. NFC attacks can include
               man-in-the-middle, eavesdropping, data manipulation, and replay
               attacks.


               Cordless Phones

               Cordless phones represent an often-overlooked security issue.
               Cordless phones are designed to use any one of the unlicensed
               frequencies, in other words, 900 MHz, 2.4 GHz, or 5 GHz. These three

               unlicensed frequency ranges are employed by many different types of
               devices, from cordless phones and baby monitors to Bluetooth and
               wireless networking devices. The issue that is often overlooked is that
   833   834   835   836   837   838   839   840   841   842   843