Real RFID Hacking Scenarios 180
kjh1 writes "Wired is running an article on RFID hacking that has potentially scary implications. Many RFID tags have no encryption and will happily transmit their information in the clear if they are active or within range of a reader. Worse yet is that they can be overwritten. Some interesting scenarios and experiments: snagging the code off of a security badge and replaying it to gain access to a secure building; vandalizing library contents by wiping or changing tags on books; changing the prices of items in a grocery or other store; and getting free gas by tweaking the ExxonMobil SpeedPass tags."
Nothing New (Score:5, Interesting)
They showed live examples and had very interesting stories about how they were reprogramming cheese to send RFID signals saying they were shavings products. Also, the store they were doing this in used RFID on all their products to make sure everything is shelved in the right place. They would reprogram an item on the shelf (already in the right place) to emit a signal saying it was something else. When the store came by to move the item to the correct place all they would find is the correct item. The presenters say it drove the store nuts.
Very interesting (Score:1, Interesting)
The Wikipedia article on RFID [wikipedia.org] states "The US state of Virginia has considered putting RFID tags into driver's licenses ostensibly to make lookups faster for police officers and other government officials." Now that would fun, if you had a cloner!
By the way, read the "Religious Reaction to RFID" part if you haven't. It's "interesting".
Re:Regarding security badges (Score:4, Interesting)
Huh?
I'm not sure I'm understanding what you're saying. Of course the keypad is digital. My keyboard is digital. Pretty much anything except for a mechanical combination lock is going to be "digital." (Well, even that you can argue is 'digital,' in the non-computerized sense of the term.)
Are you saying that the keypad appears on a screen, with the numbers in a random order in the array? E.g., so that some person might get a keypad numbered [[6,2,9][5,4,7][8,1,3]] and the next person would get [[3,8,4][5,2,1][6,9,7]]?
Seems like a system like that, which requires a touch-screen instead of a regular el-cheapo numeric keypad, would be pretty expensive to implement. If you have a small number of chokepoints where you can put them, it might work, but if you're trying to secure all the exterior doors of a large number of buildings, I could see it getting prohibitively expensive fast.
I have seen a lot of places that use Prox-Cards as their only form of authentication for access control: for whatever reason, people seem to think they're "more secure" than swipe cards. They were actually implemented at a place that I worked a few years ago this way, and I argued against them because of the RFID interception risk, but I got shot down by the PHB's and the system vendors, who said this was 'totally impossible.' I was tempted to try and figure out how to intercept the transmission, but I never had the time to get started.
At any rate, I don't work there anymore.
Hobbiest hacking of RFID (Score:4, Interesting)
June Consumer Reports on RFID (Score:3, Interesting)
What was interesting to me in the same articla is a reference to IBM having a 2001 patent application for tracking individual persons using the RFID constellation they create when carrying around a significant number of RFID tags. You nominate your target and profile what RFIDs they have, and then just look for that specific profile as it floats from detector to detector. This is scary stuff.
On a slightly related note, I remember seeing a comment somewhere about how teenage boys could profile the RFID constellation of hot looking women walking down the street and correlate this with the Victorias Secret catalogue in order to pick who was wearing the hot lingerie. This is a weird but possible new behaviour that RFIDs is opening.
Of more importance, I saw recently a reference to an RFID tag that could be embedded in currency notes as an anti counterfitting measure. Imagine how the muggers would jump on board this if it comes true.
I beg to differ (Score:2, Interesting)
Why do I know? BECAUSE I WAS THAT MAN. Not really. I lived there during that time, in 1995.
Re:RFID Spoofing Guide (Score:3, Interesting)
He's right though that if you did a multilayer board that you could make the device a lot smaller; and I tend to wonder if you used an FPGA if you couldn't make it even smaller, down to around key-fob size. At any rate, he already seems to have achieved the "cigarette pack" size benchmark for a portable device, or close to it.
From his "Security Implications" section: I think this is worth pointing out, because most people think of RFID cards as line-of-sight devices. But there's nothing stopping someone from burying a sniffer on the other side of the wall that the reader is mounted on, or maybe some distance away if they have a high-gain receive antenna and some good pre-amplification and filtering (not too hard: they're only trying to receive on one very particular frequency, so the whole setup can be tuned for that purpose).
It's also worth noting the date on that article: October 2003. It's almost three years old at this point -- and I'm not convinced that RFID equipment has gotten any smarter, the installed base has increased significantly. The demand for sniffing equipment is going to be pretty big, and there are a lot of grey-market factories in Asia (like the ones that make console mod-chips) that will be happy to supply the hardware.
Re:New Hampshire Resists Real-ID - not True (Score:1, Interesting)
new hampshire did nothign to stop the RFIDs hidden in cars from being used by federal authorities to track and log car movements.
Refer to long detailed post regarding RFID in cars... all cars sold in New hampshire in fact without exception.
http://slashdot.org/comments.pl?sid=186652&cid=15
For some reason no one mods anymore on slashdot so people in New Hampsire probably over looked it unless they read at "anon whistleblower" level of 0.
I agree newhampsire is more free than most any other state... but they do plan on tracking citizen movements... just as all gasoline sold in New Hampshire has chemical signature "taggants" added.
The kids burning churches in geogia this year in 2006 were caught not from "luck" or "police talent" but because soley on the gasoline taggants traced back to point of purchase. Amusingly that fact was never divulged in the press. In fact disinformation regarding tire tread database was used. HA!
The truth is taggants and RFID make lots of anonymous movement difficult.
New hampshire does not care about rights.
read http://slashdot.org/comments.pl?sid=186652&cid=15
Re:I beg to differ (Score:4, Interesting)
Of course, the courts may think differently than you do.
We had a good example hereabouts (a suburb of Boston) a few years back, when there was a news story about a college student who'd had a few drinks on a Saturday night relieved himself in an alley. Unfortunately for him, he was spotted by a cop, arrested, charged with, and convicted of indecent exposure. It was pointed out in the news stories that now he'd have to register as a sex offender anywhere he ever lived again.
Among all the comments of the draconian nature of this, there were a few that pointed out another problem: To many of us who read the stories, the phrases "sex offender" and "sexual predator" now induce the thought "Probably another guy caught peeing in a dark alley."
Someone once observed that a problem with unjust laws is that they bring the entire legal system into disrespect. Some of the best examples are the extreme reactions to things like this.