Opportunities to eavesdrop on communications between reader devices and transponders based on the example of an ISO 14443 system

The possibility of communications being intercepted between a reader device and an RFID tag is one of the most specific threats to this contactless technology. Since commercially available tags often communicate in the 125 kHz or 13.56 MHz range, they are generally susceptible to simple methods of eavesdropping. The argument one frequently hears in this regard is that norm-compliant RFID systems only support operating distances from 10 to 15 centimetres (ISO 14443) up to a maximum of 1.5 metres (ISO 15693). This, however, only pertains to active communications. Based on the field strengths used by systems that meet the aforementioned norms, there is reason to believe that passive eavesdropping on RFID communications may be possible at distances of several metres.
The measurement setup described in this article was used to verify this suspicion.