Real RFID Hacking Scenarios 180
kjh1 writes "Wired is running an article on RFID hacking that has potentially scary implications. Many RFID tags have no encryption and will happily transmit their information in the clear if they are active or within range of a reader. Worse yet is that they can be overwritten. Some interesting scenarios and experiments: snagging the code off of a security badge and replaying it to gain access to a secure building; vandalizing library contents by wiping or changing tags on books; changing the prices of items in a grocery or other store; and getting free gas by tweaking the ExxonMobil SpeedPass tags."
Regarding security badges (Score:5, Informative)
Make has a project in the current issue (Score:5, Informative)
RFID Spoofing Guide (Score:5, Informative)
Speedpass IS encrypted... (Score:4, Informative)
A squirt of electrons??? (Score:3, Informative)
FUD (Score:2, Informative)
Mod up the "FUD" factor of the headline (Score:3, Informative)
Read/Write tags are a step up in cost. They range from 20 bytes to 256 bytes of data with a 10 digit serial number. Some brands support encrypted encoding formats. There is a trivial one byte "access key code" that prevents a Writer from writing to an RFID tag if this "access key code" byte doesnt match. Its really more of an accident prevention mechanisim (so you dont accidentally overwrite an ExxonSpeedPass if it was put in a WalMart system).
Encryption of the "Writable" tags is the responsibility of the application. Since you only have 20 bytes (on the more common, cheaper tags) there isnt much you can do anyway as the number of permutations at 20! is low enough for most script-kiddies to crack. When you start getting upto 256 bytes, then sure it makes absolute sense to encrypt the contents. But, when you're at that price level, you're already considering the hardware that can encrypt at the signal level.
(Yes, I write code dealing with RFID tags)
-Mike
Well (Score:4, Informative)
Credit card theft and misuse could be almost eliminated with better cards that use encryption so the code changes every time they are used. No longer would the number of your visa card suffice, every transaction would need a new code. For a business relationship, you would press a button on the card to generate a code that a particular merchant could then use repeatedly to charge the card from, and only that merchant.
Of course, every security measure can be broken. Thieves could still swipe actual cards (and they could be cancelled just as quickly like it is today, but no thief could use the card without phyisically possessing it). With electron microscopes and specialized equipment someone could read the codes out of memory for a card, and create duplicates : but the cost and time involved could easily be so onerous that no criminal ever did it.
I think the slashdot mentality is one of fear of the tech because if the megacorps deploying these cards screw it up, we could end up with a system far less secure than we have now. For instance, wireless internet could have been made pretty much 100% secure from the start, but instead was pathetically easy to hack and far less secure than standard cat-5 jacks with no log on.
I imagine a future walmart or best buy where you grab anything you want to buy and throw it in a mostly plastic shopping cart. You wheel it through a special detector booth enclosed on three sides, and with one big electronic beep EVERYTHING gets instantly scanned, and a total price comes. You take your credit card out of its protective foil sheath, push a physical button ON the card (or press your thumbprint to it), and put it into a little recess on the self checkout machine. You close the foil lined door, another beep follows, you open the door and the transaction is done. 15 seconds, start to finish, whether you are buying 1 item or an entire cart full. No more lines at stores that use the technology, ever. Instead of 30 clerks on the job at Walmart, there are just 4 or so "customer service representatives" to handle problems that come up. There's a roll of bags if you want to bag your own stuff, but otherwise you just push the cart right on out of the store. The guards even at best buy never bother to inspect your cart because each expensive or routinely stolen item has a deeply embedded rfid tag with a writable (WRITE ONCE) field that "knows" if it has been bought. Everything in your cart gets interrogated when you push it through the doors.
No need for a paper receipt, either - a customer id for who bought the item is on the tag for each item. When you return stuff, you don't need a receipt, either, the clerk can quickly scan all your items when returned and press one button to instantly refund your money or give you store credit with your store card.
Course, this is the real world. We can't get fcking word processing to work without any trouble at all on computers in offices because viruses, bloatware, stupid users, features creep, and constant other problems mean that the commonly used Word is MORE trouble prone that windows and DOS word perfect I used back in 1990. That's like a modern car being out performed by a model T! I can imagine this RFID stuff not working right either, or a health scare starting up due to the magneti
Re:Regarding security badges (Score:5, Informative)
Ideall you authenticate on 2 out of these three:
1 - what you know
2 - what you have
3 - what you are (or aren't, depending).
Now that I think about it, most buildings I've been in that use RFID tags to open doors do not use anything but #2.
I found this gizmo at fidgets [phidgetsusa.com]just poking around on Google after reading TFA and feeling curious. That's the biggest one I found, the rest once stripped of their case would be very much like the scanner described in TFA.
I'm sure this will become a growing problem, quickly.
Re:Over the edge (Score:3, Informative)
I don't know where you get this idea, but currently most public libraries make it a point to destroy the record of you checking out a book after you return it, just so that they don't have this information available if/when the government comes around asking for it. Here is some relevant reading material: http://www.ala.org/ala/oif/ifissues/usapatriotact
factual error in TFA about SHA-1 (Score:5, Informative)
This is incorrect.
SHA-1 is a digest algorithm. You give it some data, it outputs a 160-bit string that represents a fingerprint of the data. This fingerprint does not allow you to reconstruct the original input, but you can use it to verify data integrity, that data have not been tempered with. This does not protect against eavesdropping. Hacking a digest algorithm means to find, in a reasonable amount of time, two different inputs that produce the same digest.
SHA-1 is not a cipher. A cipher takes plain-text and a cipher-key in, and produces cipher-text out, which would appear to a third person without a cipher-key as a pretty random string.
Most CARS have secret RFIDs to allow US gov spy ! (Score:2, Informative)
Spy transmission chips embedded in tires that can be read REMOTELY while driving.
A secret initiative exists to track all funnel-points on interstates and US borders for car tire ID transponders (RFID chips embedded in the tire).
Yup. My brother works on them (since 2001).
The us gov T.R.E.A.D. act (which passed) made it illegal to sell new passenger cars lacking untamperable RFID in the tires allowing efficient scanning of moving cars.
Your tires have a passive coil with 64 to 128 bit serial number emitter in them! (AIAG B-11 ADC v3.0) . A particular frequency energizes it enough so that a receiver can read its little ROM. A ROM which in essence is your GUID for your TIRE. Multiple tires do not confuse the readers. Its almost identical to all "FastPass" "SpeedPass" technologies you see on gasoline keychain dongles and commuter windshield sticker-chips. The US gov has secretly started using these chips to track people.
Its kind of like FBI "Taggants" in fertilizer and "Taggants" in Gasoline and Bullets, and Blackpowder. But these car tire transponder Ids are meant to actively track and trace movement of your car.
Taggant chemical research papers
http://www.wws.princeton.edu/cgi-bin/byteserv.prl/ ~ota/disk3/1980/8017/801705.PDF [princeton.edu]
(remove spaces in url from slashcode if needed)
I am not making this up. Melt down a high end Firestone, or Bridgestone tire and go through the bits near the rim (sometimes at base of tread) and you will locate the transmitter (similar to 'grain of rice' pet ids and Mobile SpeedPass, but not as high tech as the tollbooth based units). Sokymat LOGI 160, and Sokymat LOGI 120 transponder buttons are just SOME of the transponders found in modern high end car tires. The AIAG B-11 Tire tracking standard is now implemented for all 3rd party transponder manufactures [covered below].
It is for QA and to prevent fraud and "car theft", but the US Customs service uses it in Canada to detect people who swap license plates on cars when doing a transport of contraband on a mule vehicle that normally has not logged enough hours across the border. The customs service and FBI do not yet talk about this, and are starting using it soon.
Photos of tracking chips before molded deep into tires!
http://www.sokymat.com/index.php?id=94 [sokymat.com]
PLEASE LOOK AT THAT LINK : Its the same shocking tire material I have been trying to tell people about since the spring of 2001 on slashdot.
a controversial dead older link was at http://www.sokymat.com/sp/applications/tireid.html [sokymat.com]
(slashdot ruins links, so you will have to remove the ASCII space it inserts usually into any of my urls to get to the shocking info and photos on the embedded LOGI 160 chips that the us Gov scans when you cross Mexican and Canadian borders.)
You never heard of it either because nobody moderates on slashdot anymore and this is probably +0 still. It has also never appeared in print before and is (or was) very secret.
Californias Fastpass is being upgraded to scan ALL responding car tires in future years upcoming. I-75 may get them next in rural funnel points in Ohio.
The photo of the secret high speed overpass prototype WAS at
http://www.tadiran-telematics.com/products6.html [tadiran-telematics.com]
Re:Subscriber only (Score:3, Informative)
RFID Door [extremetech.com]
RFID board [phidgetsusa.com]
Instructions on building an extended range reader [iacr.org]
New Hampshire Resists Real-ID (Score:4, Informative)
In addition, there was a large rally at the NH State Capitol; here is that video [google.com].
Unfortunately, our State Senate pulled some extremely underhanded parlimentary tricks to kill HB1582; all the gory details (and sound bites from the Senate) are here [freestateblogs.net]. The good news is, we here in the "Live Free or Die" still actively resisting this intrusion into our privacy!
Re:the courts beg to differ (Score:3, Informative)