Become a fan of Slashdot on Facebook


Forgot your password?

Real RFID Hacking Scenarios 180

kjh1 writes "Wired is running an article on RFID hacking that has potentially scary implications. Many RFID tags have no encryption and will happily transmit their information in the clear if they are active or within range of a reader. Worse yet is that they can be overwritten. Some interesting scenarios and experiments: snagging the code off of a security badge and replaying it to gain access to a secure building; vandalizing library contents by wiping or changing tags on books; changing the prices of items in a grocery or other store; and getting free gas by tweaking the ExxonMobil SpeedPass tags."
This discussion has been archived. No new comments can be posted.

Real RFID Hacking Scenarios

Comments Filter:
  • by gasmonso ( 929871 ) on Thursday May 25, 2006 @10:50AM (#15401615) Homepage

    Never fear, the DMCA is here to protect us from that sort of behavior. It's illegal, so I doubt criminals would even try it ;) Thanks god for big government! []
  • by Anonymous Coward on Thursday May 25, 2006 @11:00AM (#15401715)
    i thought they live in there
  • by Hoho19 ( 529839 ) on Thursday May 25, 2006 @11:01AM (#15401728)
    Frat boys tend to live in frat houses :-P
  • Uhhhh... (Score:3, Funny)

    by k-0s ( 237787 ) on Thursday May 25, 2006 @11:06AM (#15401774) Homepage
    Remind me again how getting nearly $4/gallon gas for free from ExxonMobil and it's $8.4 billion quarterly profit is scary.
  • Kick Me (Score:3, Funny)

    by Doc Ruby ( 173196 ) on Thursday May 25, 2006 @11:23AM (#15401905) Homepage Journal
    Why not just tattoo our personal ID info on our foreheads in radar-colored ink?
  • by Isquaredare ( 869282 ) on Thursday May 25, 2006 @11:48AM (#15402154)
    At the Bethel Park High School Library in 1977, they installed crude RFID tags in the spine of all of the books. As you checked out a book, the bold Librarian Gary Hutton would wanded the spine to deactivate the tag.

    If they failed to deactivate the tag, or if you tried to steal a book, the system would sound an alarm, and Gary would be in an uproar. He might even have called the elderly Mrs. Simpson as backup. I recognized the 400Hz. tone as being a Mallory Sonalert.

    Seeing as how we were already using the ASR-33 Teletypes with acoustic couplers in the Library to hack into local dial-up modem mainframes, I felt that a new hack was in order.

    I had a Mallory Sonalert from a recent dumpster dive where my brother worked. I wired it and a 9v battery to a momentary switch and kept it in my coat pocket.

    On occasions, I would situate myself in a library desk near the checkout. When Gary would wand a book, I would sound my alarm. Then, with a red face, he'd retrieve the book, and wand it again. I'd beep. He'd wand again. And again. Then, I'd stop before his blood pressure popped his head off.

    Sometimes, I'd activate my Sonalert when Gary walked past the sensor gate. Sometimes not. I was having fun.

    Why the long story? Well, just to let you know that hacking in a jovial sense can be a pantload of fun, and that you might not have to hack the internals of a system, to hack a system. That was 1977 folks - RFID (even in a crude sense) has been around for a while.

    Our hacking was not malicious, it was fun. We never caused harm, and we never left tracks.

System checkpoint complete.