Comment by oneplane
2 years ago
RFID and NFC are the new Magstripe and Barcodes.
People think that they are mysterious things that are secure because they aren't able to see what they mean. But in reality, they are all still just a machine-readable number.
(even if a rolling key, challenge-response or pubkey authentication is supported, we're often still just using a single number, but my point is more about the perceived obscurity for the public)
It really depends. There are some contactless tags that really do nothing other than transmit a static identification number which is trivially spoofable, but many systems today use cryptography (again, some long cracked and horribly outdated, but others quite strong).
I have a contactless card that runs GPG as a Java Card applet and creates 4096-bit RSA signatures. That's pretty secure!
DESFire based systems, HID iClass SE (properly installed where the reader only accepts the SE credential) are generally pretty secure.