Printable View
Sorry if this thread is getting a bit old.
I was at a meeting this morning about plan to give kids in schools RFID smart cards for registration. Most of the basic problems have been thought about, they already use smart cards to pay for meals rather than carrying cash.
Does anyone know how easy it would be to clone an RFID card or at least to produce a signal to represent a card? Is the system easy to disrupt?
As long as you have a card and a circuit programmer, it isnt hard at all. Retail our circuit programmers were about $4000.
As RFID becomes cheaper we are thinking of using it at Libraries (I work for a university library). Think about falking up to the counter and the computer knowing who you are and checking out all of the books for you while they are still in your hands (That’s the theory any ways, but not the practice as I understand). Now picture someone with a RFID scanner somewhere along your walk home finding out that you have a book on the joys of bestiality. As you can see there are some privacy concerns about how it is implemented.
$4000 puts it out of the league of your average 15 year old. For a little while.
I think there are some issues with RFID for privacy. The sort of things you mentioned (I don't remember finding books like that in my uni library) and general tracking though tags. Things you carry a lot would be more worrying I'm sure they will try to put them in loyalty cards, credit cards etc under the pretense of convienience.
Not a valid postulation with the RFId's of today.Quote:
Originally posted here by Soda_Popinsky
Unless the tag sends out a "#23521351 is dying" broadcast, how
Now the page I linked aboce is talking about animal id RFId's, but it is the same technology. These things aren't little CB radios crammed up your bung...its a small antenna and circuit that responds a certain way when a particular radiomagnetic frequency interacts with it; so if it dies...it simply doesn't answer when the cash register 'scans' the shopping cart, in the previous example.Quote:
Source
end of the third paragraph
The average microchip is about the size of a grain of rice. The device itself contains no battery, and its electronic circuitry is only activated when it is being scanned.
RFId is an excellent application of a technology we've had a solid grasp on for some time. As usual, the problem lies not in the technology, but on the processes and controls around its use. There was a pretty good article in last weeks Network World about the use of RFId human implants for access to medical records. Actually, there are a LOT of articles and such these days about RFId. It's a subject that I am surprised hasn't taken off sooner. I mean, I've had to get those ugly white alert tags taken off clothes for years now (yes, some are ink-vials that break when removed improperly, to 'damage' the item. Those didn't do too well.)
Privacy is a main concern for Rfid, I actually do work in a library irongeek, and we are implementing it to accomodate, 27,000 items tagged so far, I have personally tagged about 13,000.
The chip itself only contains the barcode number, and a security bit, so even if someone did have a handheld scanner on your walk home, they would then need access to your circulation software to resolve the barcode number to an actual title. Our catalog won't display the barcode item if I am not mistaken.
As soon as you mention rfid to any sort of administrative higher up, privacy comes up, peopel have the idea that the tags are a lto smarter than they actually are. they have one purpose, same as a barcode sticker, not much more, not much less.
With a little bit of technical acumen and a few hundred dollars, enterprising thieves can walk away with some late model cars and gas them up for free to boot, according to research published by computer security experts at The Johns Hopkins University (JHU) in Baltimore and RSA Security's (Profile, Products, Articles) RSA Laboratories in Bedford, Massachusetts.
http://www.infoworld.com/article/05/...idcrack_1.html
RFID crack raises spectre of weak encryption | IDGNS | News | 2005-03-17 | By Paul Roberts, IDG News Service
Eg ;)
Ah, Eg got it.
RFID has been h4x0r3d after being used in some noteworthly applications... car keys, gas "speed pass". etc.
http://rfidanalysis.org/
http://rfidanalysis.org/DSTbreak.pdf
The RFID technology used in those things is 40-bit based on a 10-year old algo. The new RFID-wave uses 128-bit (Walmart's RFID-system, for example).
Good point. RFId's are comparable to a license plate on a car. Doesn't tell you much on the surface. A state (or country), the number itself, maybe an expiration.Quote:
Originally posted here by kr5kernel
Privacy is a main concern for Rfid, I actually do work in a library irongeek, and we are implementing it to accomodate, 27,000 items tagged so far, I have personally tagged about 13,000.
The chip itself only contains the barcode number, and a security bit, so even if someone did have a handheld scanner on your walk home, they would then need access to your circulation software to resolve the barcode number to an actual title. Our catalog won't display the barcode item if I am not mistaken.
As soon as you mention rfid to any sort of administrative higher up, privacy comes up, peopel have the idea that the tags are a lto smarter than they actually are. they have one purpose, same as a barcode sticker, not much more, not much less.
Another good analogy, but probably in poor taste, is a tattoo...such as the Nazi's used during The Holocaust. It's a means of (supposedly) non-reputable identification. Or a barcode tattooed on the base of your skull, for you George Lucas fans.
As we use them today, RFId's don't give away valuable information. They give a key that is used to find information in storage (a database) somewhere else.