If you have an account, please:
Log in

Spychips: How Major Corporations and Government Plan to Track Your Every Purchase and Watch Your Every Move

(See online!)

RFID technology is incredibly convenient. Imagine making it possible to make your clothes, your car keys, and even items in the fridge talk to sensors in your house. You'd always know where your socks are, never lose your keys, and be able to take inventory of your fridge with a quick scan from your phone. All of this is possible now with RFID, but it also assumes that no one is using it maliciously.

Spychips explains not only what is possible, but what is happening now where companies are testing and evaluating uses for RFID that are creepy, invasive, and downright wrong. Like many other advances in tech, we can't stop RFID and shouldn't either, but we do need to make sure it's used responsibly and that requires understanding the threat.

Tags: ,

RFID Chips in Hotel Towels

As anyone who reads much of my site knows, I'm not a fan of how RFID is being implemented. However, I'm not against the technology itself as it has many practical uses. For example, some hotels have begun putting washable RFID in the towels and bathrobes to keep people from stealing them.

Since the RFID towels have no privacy invading purpose at all and serve deter self-entitled punks who think it's ok to take hotel items, I will offer my tentative support for this. The main concern is feature creep meaning that depending how they implement this, they may also know which towels you used and when. I can't really see the hotels bothering to do so, but if they did, that would be crossing the line big time.

Source: http://intransit.blogs.nytimes.com/2011/04/11/gee-how-did-that-towel-end-up-in-my-suitcase/ (H/T to The Consumerist for the link)

Tags: , , ,

Researcher Points Out the Risk of Virus Infected RFID Implants

An RFID tag hidden under a label

One of the many problems of RFID technology is that they can be hacked and used to spread viruses.

The device, which enables him to pass through security doors and activate his mobile phone, is a sophisticated version of ID chips used to tag pets. In trials, Dr Gasson showed that the chip was able to pass on the computer virus to external control systems. If other implanted chips had then connected to the system they too would have been corrupted, he said.

Mostly, this hasn't received a lot of attention to date because the computing power of RFID has historically been very low. But as the technology progresses, the consequences of not securing them properly becomes higher and higher. Tags: ,

RFID – Radio Frequency IDentification

An RFID tag hidden under a label

An RFID tag is nothing more than a little chip attached to a paper-thin antenna. The chip's basic function is to store and transmit a small amount of information, usually just a unique identifier. What good is that? Well:


Though there hundreds of visionary and useful things you can do RFID, because they typically lack strong security controls there are serious risks that come with them too!


Don't underestimate how easy it would be to track and monitor people by the poorly-secured RFID tags they carry
(See online!)

Making RFID Safe

On the plus side again, RFID can help prevent infant abduction or hospital mixups.

RFID, like most technology, isn't something that can (or necessarily should) be stopped. Intstead, we need to harness and direct the technology to reduce the threat. To do this, we need to look at three risk aspects of RFID:

1. Poor authentication

One of the primary issues with RFID and the main thing that makes all the nightmare scenarios possible is that unsecured RFID broadcasts to anyone and everyone. For any implementation of RFID to be acceptable, the chips must be programmed only to speak to proper readers who authenticated themselves first.

For example, say you have a refrigerator that scans the food inside. When you put food inside, the fridge should program the food with a one-time code that makes it impossible for the chips in the packaging to respond to any other reader.

Think no one cares what the contents of your fridge are? Think again.

2. Poor (or no) encryption

Even after a chip authenticates a reader, if it sends the data out in the open, anyone else nearby (or not so nearby) can read it too. All communications between a chip and authenticated reader must be encrypted to prevent eavesdropping by others.

3. Use of Long-term RFID

Implantation is permanent. Passports are good for 10 years. Companies plan to replace UPC barcodes with RFID that will transmit ID codes for the life of the product (from creation to landfill and beyond).

Every RFID implementations will eventually be hacked by someone. All it takes is one person in the world to find a way to break the system and the security is no good anymore (like the millions and millions of pounds wasted with the UK passports). Secure implementations can slow it down or help, but the best defense is NO RFID.

I can't see implants ever making sense and you definitely want to be sure the products you wear and carry around can't be used to wirelessly communicate with the world around them.

Tags: , , ,

Elvis Lives Thanks to Cloned Passports

(Image is in the Public Domain)
The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. When the reader scans the passport it is revealed to belong to one Elvis Aaron Presley, complete with picture.

RFID is not ready. Every country that has tried to use it for identification has failed and miserable.

Tags: , ,

New York Second State Dumb Enough to Put RFID In Licenses

Want to be battle? Because this is how you become cattle.
(Image used under: Creative Commons 2.0 [SRC])
When will people ever learn?
The optional license will include a picture and radio frequency identification tag that can be scanned to verify a person's identity. The tag will not contain any personal information - only an assigned number, authorities said.

How reassuring. So they won't be able to take my data from it, but they'll be able to clone it and frame me or just use the unique ID to track me remotely. But they're going to be passing out sleeves that prevent it from being read remotely without your authorization. So if you don't find it bulky and actually use it, you'll be partially protected until it's time to pull it out to be read or if someone gets a few seconds alone with your wallet to pull it out and clone it.

Tags: , ,

The World’s First “Unclonable” RFID Chip – Yeah Right

(Image used under: Creative Commons 2.0 [SRC])

The website includes very loose information about what makes this chip so "uncloneable", but I highly doubt that it's true. An RFID chip is read by radio waves and as long as you can make a chip, computer, or anything else that transmits replicate the signal that the original chip did, you can clone it.

If they mean that you can't make one of these chips copy the data from another of these chips, I can see that as being possible, but what difference does that make in the end if I can use a different brand chip to open your secure door or travel the world in your name?


How RFID Tags in Products You Own Can Be Used to Track You

(Image used under: Creative Commons 2.0 [SRC])

Katherine Albrecht has written has written an article for Scientific American that everyone should read. For those who don't already know her, she's the leader of CASPIAN and one of the world's foremost experts on RFID privacy issues.

Here is a mini summary of some of the major points:

  • Companies intend to replace barcodes with RFID
  • Unlike barcodes which identify a product type (i.e. a can of soda), RFID will identify an INDIVIDUAL product (i.e. can of coke #48377625376)
  • RFID tags can be read secretly from long distances (30 or more feet).
  • RFID tags in licenses have minimal security (and even passports that have more security have been hacked already many times)
  • IBM filed a patent that was granted in 2006 for a system of scanners at “shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, restrooms, sports arenas, libraries, theaters, [and] mu­­se­­ums ? to track the movements of people by their RFID tags
  • Alton Towers (an English amusement park) issues RFID wristbands to visitors and tracks their movements through the park. While they use it to create a keepsake "where you went" map for their customers, they prove that the system works in practice

California Wireless Toll System Hacked

Bad security is worse than none in some case
(Image used under: Creative Commons 2.0 [SRC])

This is hardly surprising. The wireless toll systems use RFID and there isn't an RFID system yet that hasn't been hacked that I know of. Anyway, by cloning anyone's transponder, you can pass through the tolls while the other sucker pays the bill. Also useful for committing crimes in someone else's name.

Tags: , ,

“Fakeproof” E-Passports Cloned Easily

Wireless passports. Who could have guessed they'd have security problems.
(Image is used under the Pixabay license)

So much for "Fakeproof". Of course, anyone who knows about RFID and the way they work could see this coming.

Tags: ,

If you want to learn more about my professional background, click here to learn more. Otherwise, let’s get started - how can I help?

Online learning
On-site learning
Read my blog