Radio Frequency Identification (RFID) allows to identify and authenticate objects or subjects without any physical nor optical contact, using transponders - micro-circuits with an antenna - queried by readers through a radio frequency channel. This technology is one of the most promising of this decade and is already widely used in applications such as access cards, public transportation, payment cards, and passports. This success is partly due to the steadily decrease in both size and cost of passive transponders called tags.

The shared enthusiasm for RFID makes people think that everything is do-able with any kind of RFID, especially with low-cost tags. Reality is a bit different. In particular, the characteristics of this technology - ubiquity, low-resource, wireless - open a security breach that should be seriously considered.

After a brief introduction about the technology, we will focus in this talk on the security threats. We will propose a classification and show that victims are not only the end-users but they can also be the systems' owners. We will see what is possible today in terms of security and what are the challenges we have to address. Among others, we will consider the following topics: impersonation, privacy, denial of service.