Last week the BBC ran a story about how an RFID security system was defeated by pigs. Granted, as livestock goes, pigs are reasonably bright. But this has some pretty obvious implications for building security. The most common security systems for modern office buildings are key fobs or proximity cards. And if a pig can figure out how to get around RFID systems, humans certainly can.

The pigs in question were fitted with an RFID collar. When they entered the feeding chute, the RFID triggered the feeder, but only on their first visit of the day. It's supposed to keep them from overeating.

The trick is not all pigs are amenable to wearing a collar. They'll push it off and leave it on the ground in their pen area. Pigs are prone to picking things up and carrying them around, much like a dog. And when one of them carried a dropped collar into the feeding chute, he quickly worked out that a dropped collar was good for a free meal. If you don't live with an animal, let me fill in a couple of details for you: first, anything that gets an animal extra food will be quickly learned. Second, any animal who sees another animal get extra food will quickly learn the same behavior if it also gets them food. So what we have here is a farmer with an expensive feed control system that pretty much completely fails to perform as desired.

If your game involves industrial espionage, most likely any physical assets are going to be secured by some kind of RFID system. RFID systems give corporate security folks a warm fuzzy feeling because it uses Technology, and looks a bit like magic. Magical thinking, of course, doesn't generate real security, but usually does create huge gaping holes.

The most common implementation of a proximity card system is a photo ID badge. Everybody wears it on a lanyard or clipped to their clothes. Those are trivially easy to pick up by any competent pick-pocket. A forger will be needed to alter the photo, which should take half an hour tops with modern equipment. If you nick the card while somebody is standing in line at the local fast food establishment on their lunch, you've probably got a clear hour or more before they even notice the loss. Even if they do notice the loss, they're unlikely to report it until they get back to the office, because it's probably sitting on their desk or in their car. In fact, if you want to cover up your duplicity, you leave it on their desk when you're done.

Keyfobs are slightly harder, because they are typically kept on keychains in pockets. Not everyone does though. A large number of women keep them on their wrist with a sort of springy strap. Those are trivially easy for a pick pocket to nick as well, and no problems with modifying a picture. The other feature of key fobs is that people who don't keep them on their keychain are prone to forgetting them. Employees who don't normally work in the office are also inclined to forget them. What you wind up with then is sad looking folks rattling doors until somebody takes pity and lets them in.

The key is that somebody always lets them in. Key fobs are a bureaucratic annoyance imposed by The Man, and nobody really wants to see someone get into trouble for being late, just because they didn't jump through one of The Man's hoops. Employees tend to be of the opinion that The Man can take his hoops and shove them where the sun don't shine.

Using the door-rattling trick takes a bit of social engineering to pull off. Smokers are your best bet. They're relegated to smoking outside, huddling in a corner of the building trying to stay out of the wind. Any fellow smoker is a comrade in arms, and they'll let you in the building. Once you're inside the building, you can probably get into bigger departments, provided you're dressed appropriately for the area you're trying to get in. Really big departments can't know everybody, and you can always play the "I'm new" gambit.

You can also play the "I'm a consultant" card. You come dressed in a suit, carry a notepad planner, and ask middle-managers to give you the information you need, under the guise of efficiency planning or ISO-9002 compliance. Both things inspire fear in middle managers, and they'll jump to comply before they question your reasons or your credentials.

Eavesdropping is another very effective method for bypassing RFID systems. The RFID chips transmit in response to a signal from a receiver. Carry a transmitted in a briefcase, hooked up to a laptop, and you'll pick up the signals from the key fob or id badge if you get close enough. Then you only need to program the ID number into your own keyfob and you've got your very own key into the building and the area you need. In game terms, this should require a pretty simple electronic forgery roll.

Part of the reason such a porous security system gets put into place is because the security system was probably put in by somebody who was fulfilling a checklist item. They don't care that much about it, and don't have a lot of time to think about it. For regulatory, insurance or contractual reasons they are required to have physical security on the building, and if they show an RFID system they can check off "Physical Security" on their checklist. Real physical security doesn't involve automated systems alone, but live humans monitoring who comes and goes.

So the question to ask yourself is "Are you smarter than breakfast?" If you are, you can defeat an RFID based security system. The only potential problem you have is if the head of security is also smarter than breakfast. Fortunately, in most cases, he won't be.