Welcome!
If you have an account, please:
Log in

Researcher Points Out the Risk of Virus Infected RFID Implants

An RFID tag hidden under a label

One of the many problems of RFID technology is that they can be hacked and used to spread viruses.

The device, which enables him to pass through security doors and activate his mobile phone, is a sophisticated version of ID chips used to tag pets. In trials, Dr Gasson showed that the chip was able to pass on the computer virus to external control systems. If other implanted chips had then connected to the system they too would have been corrupted, he said.

Mostly, this hasn't received a lot of attention to date because the computing power of RFID has historically been very low. But as the technology progresses, the consequences of not securing them properly becomes higher and higher. Tags: ,

RFID – Radio Frequency IDentification

An RFID tag hidden under a label

An RFID tag is nothing more than a little chip attached to a paper-thin antenna. The chip's basic function is to store and transmit a small amount of information, usually just a unique identifier. What good is that? Well:

Pros

Though there hundreds of visionary and useful things you can do RFID, because they typically lack strong security controls there are serious risks that come with them too!

Cons

Don't underestimate how easy it would be to track and monitor people by the poorly-secured RFID tags they carry
(See online!)

Making RFID Safe

On the plus side again, RFID can help prevent infant abduction or hospital mixups.

RFID, like most technology, isn't something that can (or necessarily should) be stopped. Intstead, we need to harness and direct the technology to reduce the threat. To do this, we need to look at three risk aspects of RFID:

1. Poor authentication

One of the primary issues with RFID and the main thing that makes all the nightmare scenarios possible is that unsecured RFID broadcasts to anyone and everyone. For any implementation of RFID to be acceptable, the chips must be programmed only to speak to proper readers who authenticated themselves first.

For example, say you have a refrigerator that scans the food inside. When you put food inside, the fridge should program the food with a one-time code that makes it impossible for the chips in the packaging to respond to any other reader.

Think no one cares what the contents of your fridge are? Think again.

2. Poor (or no) encryption

Even after a chip authenticates a reader, if it sends the data out in the open, anyone else nearby (or not so nearby) can read it too. All communications between a chip and authenticated reader must be encrypted to prevent eavesdropping by others.

3. Use of Long-term RFID

Implantation is permanent. Passports are good for 10 years. Companies plan to replace UPC barcodes with RFID that will transmit ID codes for the life of the product (from creation to landfill and beyond).

Every RFID implementations will eventually be hacked by someone. All it takes is one person in the world to find a way to break the system and the security is no good anymore (like the millions and millions of pounds wasted with the UK passports). Secure implementations can slow it down or help, but the best defense is NO RFID.

I can't see implants ever making sense and you definitely want to be sure the products you wear and carry around can't be used to wirelessly communicate with the world around them.

Tags: , , ,

Computers Freedom and Privacy Conference of 2008

(Image used under: Fair Use doctrine)

The CFP2008 conference is coming up in late May. They're not taking registrations yet, but their information page is up at least. I wasn't able to attend last year, but the 2006 session was very cool.

The conference is the perfect place for paranoid anti-government/business privacy invasion types to congregate and complain as a group. Besides that, there are useful technical sessions about privacy technologies and such. I particularly liked the session hosted by Public Citizen where they described the ways they protect people against companies trying to stifle their free speech online. In cases where a blogger was issued take-down notices by big companies that didn't like what the blogger was saying, Public Citizen took their case for free and defended them. Very cool.

Also of note was the session about RFID where an industry crony "debated" the author of the book spychips (though to call it a debate is laughable). When the crony was challenged about his company's use of privacy protections and he didn't have any good answers for the crowd, he bacame flustered and accused us of being "technophobes" (HA!). What an idiot. But it was very entertaining 🙂

Anyway, if you'd like to meet some of the people in all the various consumer groups who are protecting your rights every day, this is an awesome way to do it.

Tags: , , ,

If you want to learn more about my professional background, click here to learn more. Otherwise, let’s get started - how can I help?

Online learning
On-site learning
Read my blog

RFID - Radio Frequency IDentification

One of the most risky technology when it comes to your privacy is Radio Frequency Identification Tags (RFID). These radio chips broadcast your identity sometimes hundreds of feet and can be found in passports, farecards, credit cards, and even some clothing.

[Click for full description]