Surprised!

August 8, 2009 at 2:00 am 1 comment

NYC ProtestI’ve raised the issue before of RFID (radio frequency identification). If you’ve missed the posts, go here and here . You can always visit Spychips to get a good run-down on the dangers of RFID, but let me summarise for you:

  • RDID devices can be inserted into clothes or products – they send a wireless, unique identification number to an RFID reader – and this data capture can be used to track an item.
  • manufacturers want to replace the bar code with RFID – it helps them with warehouse inventory and supply chain sure, but it also means that the item (and its purchaser) can be tracked. You can be tied to an RFID-enabled item you buy when you use a credit card for example. What will be recorded is: the store the item was purchased from; date and time bought; your name, your address and so on. The manufacturer might then start bombarding you with targeted advertising through your email or via brochures sent to your home.
  • as far as I am aware, there is no legislation or standards controlling the use of RFIDs – you may have them in your clothes right now and be unaware. Go here to find out how to spot an RFID chip and disable it. Apparently, the chips can be as small as the tip of a pencil – a mere dot.

You may have a passport with an RFID chip in it. It makes sense: the chip can contain a lot of information that immigration officials scan quickly. But….the chip can be scanned from a distance by an RFID reader. It’s not just immigration officials who can download your information, it’s anyone (a hacker for example) with a reader within close proximity. And poof: there goes your identity onto an RFID reader, ready to be used by who knows. I’ve read that these scanners can be pretty small and able to be concealed up a sleeve.

Now, you would imagine that a bunch of hardened, security savvy US law enforcement and intelligence dudes would be wise to RFID and its dangers – wouldn’t you? Yes, well, apparently not.  There’s a secret squirrel conference that happens yearly in the US, known as DefCon. It’s attended by Federal agents and discusses the latest cyber vulnerabilities and the hackers who exploit them. Some attend under their real name and affiliation, but many attend undercover, secret squirrel.

Imagine their surprise when many of them had their RFID-enabled ID tags scanned and read. Attendees might have had the card in their back pocket, in a backpack, in a wallet or in a shirt pocket. Many of them passed by a table with an RFID reader in full view but were stunned, shocked, gobsmacked (as we say in Oz) when conference attendees were told about the presence of the reader and that it had captured personal information. To add insult to injury, they were told a camera snapped the card holder’s picture as well! So those attending in secret squirrel disguise may have been identified by their photo for example.

Quel horror!  Big, HUGE scare. Red faces and egg on face all round I’d say. Apparently, it was all part of a project devised by security consultants to highlight privacy issues around RFID (sure hope they obtained permission to do this, otherwise I sniff a huge cat fight coming up).

Here are some scenarios to make you think about RFID dangers:

  • you’re sitting at a restaurant, enjoying dinner with family or friends. Meanwhile, a hacker seated at a table nearby with a portable reader is downloading your RFID-enabled credit card – account number, expiry date, name.
  • you’re standing in a queue, waiting to check-in at some international airport, passport in hand. Terrorists with a portable reader are downloading your passport details or they are busy identifying all Americans within the terminal by reading as many passports as they can.
  • a hacker scans the access card number you use to get into your office building. Perhaps the hacker bumps into you, knowing you’re an employee of a certain organisation, and scans your back pocket where the security ID is kept. Since these cards are usually in sequential order, the hacker selects a number, clones the card and impersonates an employee.

There are so many scenarios I could give you. Apparently, if you chuck an RFID chip in the microwave and nuke it for 5 secs, that will kill it (but be careful as I’ve read the thing can explode too). You can also pierce the chip with a knife or cut off its antenna but you need to know how to spot an RFID chip first – so make sure you read this Spychip FAQ.

UPDATE: seems the new UK ID cards are very easy to download data from the RFID chip embedded within it. It took 12 minutes for someone to electronically copy the ID card microchip and all its information.

About these ads

Entry filed under: RFID. Tags: .

Observations for American friends The colours of Russia

1 Comment Add your own

  • 1. trackandshield  |  December 6, 2010 at 2:49 pm

    With each and every passing day more information comes to light about the ways that contactless technology seems likely to impact on our lives. Radio Frequency Identification (RFID) or ‘contactless’ applications are certainly a force to be reckoned with. For those that are interested in this subject, I’ve posted some PDF case studies on my blog, which may be of interest. All make for pretty easy reading, (even a numbskull like me can understand them), and are aimed squarely at lay audiences; detailing both the pros, and some of the cons with this new science!!!

    There are three files at present, (all optimized for swift download) and from memory I think it’s the second file that details a big student RFID tagging programme in Texas. Really staggering stuff! There’s a story about how hackers have ‘skimmed’ information from the UK Oyster travel card, and one about the US Department of Defence, which now issues RFID shielding sleeves (i.e. anti-skimming) with its standard issue ID cards for service military personnel. (Mmmm – that one made me wonder????)

    Anyway, you should be able to navigate to the relevant post by following this link: http://trackandshield.wordpress.com/2010/12/03/some-useful-case-studies-at-rfid-protect/

    Thanks for raising awareness by the way.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Search ThinkingShift

   Made in New Zealand
     Thinkingshift is?

Flickr Photos

Zsa Zsa

Zeph

Polocrosse

More Photos
 
This work is licensed under a Creative Commons Attribution 2.5 Australia License.

ThinkingShift Book Club


Kimmar - Find me on Bloggers.com

Follow

Get every new post delivered to your Inbox.

Join 46 other followers

%d bloggers like this: