2015-02-16
Non-unique RFID Unique numbers
I recently learned that more than one Android mobile phone with NFC support has the same Unique ID: 01020304 (hex). If you want to use RFID tokens for authentication for certain tasks and let users bring their own tokens you need to block this specific not so unique ID. Together with the fact that there are cards on the market where you can change the UID this means depending on an RFID UID only for authentication needs a serious risk assessment. But gaining access to more information on an ISO/IEC 14443 RFID device means that you either have to set the rules for the card (and probably pay for it) or make a rule for every type of card you find and still have issues.