×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Real RFID Hacking Scenarios

Zonk posted more than 7 years ago | from the rfid-underground dept.

180

kjh1 writes "Wired is running an article on RFID hacking that has potentially scary implications. Many RFID tags have no encryption and will happily transmit their information in the clear if they are active or within range of a reader. Worse yet is that they can be overwritten. Some interesting scenarios and experiments: snagging the code off of a security badge and replaying it to gain access to a secure building; vandalizing library contents by wiping or changing tags on books; changing the prices of items in a grocery or other store; and getting free gas by tweaking the ExxonMobil SpeedPass tags."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

180 comments

NOO (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#15401583)

BoxTorrents is down WTF

patents available (0)

Anonymous Coward | more than 7 years ago | (#15401592)

I know of at least one lucent patent on RFID security.

Regarding security badges (5, Informative)

benjjj (949782) | more than 7 years ago | (#15401597)

I think it's common practice for most serious security badges to rely on RFID for part of the verification, but some sort of user input for the rest. I have a prox card at work (which, I assume, is an RFID-based card), but the card only activates a keypad. Without my PIN, it's useless.

Re:Regarding security badges (4, Insightful)

Hoho19 (529839) | more than 7 years ago | (#15401627)

My college has no keypad. You just swipe your card. That's a huge security risk. Imagine if some sexual predator got access to a dorm. That's scary!

Re:Regarding security badges (1)

Aranth Brainfire (905606) | more than 7 years ago | (#15401747)

In my experience, college dorm security is a joke. They tell you not to hold the door for anyone, but are you really going to slam it shut in the face of the guy who says he lost his keycard, and is hovering right outside the door? And there are people coming back at all times of the night. There are, however, locks on all of the room doors you should probably make good use of...

Not that your general concern is entirely wrong, but this specific case isn't terribly strong. Better, maybe, is that a few of the other, non-dorm buildings on my campus are locked by only a card reader, I think. The individual rooms still take old-fashioned metal keys, and I've seen more than a few fingerprint readers with number pads...

Overstated (1)

Mateo_LeFou (859634) | more than 7 years ago | (#15402283)

"are you really going to slam it shut in the face of the guy who says he lost his keycard, and is hovering right outside the door"

No. It's not polite to slam doors in people's faces. But you could say "Sorry, I can't let you in" and just "close" the door. That guy might think you're a dick but the potential rape victims won't.

Re:Regarding security badges (1)

Programmer_In_Traini (566499) | more than 7 years ago | (#15401931)

I can sense the pun here.... man, i just WISH!!! i had access to the girls dorm when i was a student.... wouldnt have had to go thru so much trouble to get in and stay in overnight :)

Re:Regarding security badges (3, Insightful)

jandrese (485) | more than 7 years ago | (#15402005)

Yes, because nobody in a dorm would be able to hear someone screaming for help...

Dorm security is a joke because for the most part it's not necessary. The people who break into dorms aren't sexual predators, they're common thieves trying to make off with a laptop or two. Most of the time they have legitimate access to the dorm anyway so the front door security is useless to begin with. Lock your door when you go to bed or leave the room, that's all there is to it.

I beg to differ (1, Interesting)

BitterAndDrunk (799378) | more than 7 years ago | (#15402125)

All the locks in the public showers in the Cambell/Landon/Mayo dorms at Michigan State were installed because a "grabber" was hiding out in showers and . . . well. . . grabbing.

Why do I know? BECAUSE I WAS THAT MAN. Not really. I lived there during that time, in 1995.

Re:I beg to differ (1)

jandrese (485) | more than 7 years ago | (#15402327)

Someone who cops a feel is a little different than a sexual predator at least in my mind.

You also hear stories of college guys hiding out in the women's bathrooms to sneak a peek. That doesn't make them sexual predators either in my book.

On the other hand, the RFID systems implemented at colleges seems like a good method of detering pervets like these, at least until they overwrite a card with someone else's ID and get them in trouble.

the courts beg to differ (1)

BitterAndDrunk (799378) | more than 7 years ago | (#15402420)

Grabbers are considered sexual predators by the courts, in IL at least. And they should be. . . it strikes me jumping out of the bushes/hiding in showers to grab a woman against their will should be Not OK and is indicative of compulsion, not "kids will be kids".

At 18 you should know better.

Re:I beg to differ (1)

MADCOWbeserk (515545) | more than 7 years ago | (#15402598)

Do it once to a girl you know, you are not predator. Starting hanging out in the shower and doing it to random girls on a regular basis than there is something wrong with you.

Re:Regarding security badges (1)

ScottLindner (954299) | more than 7 years ago | (#15402230)

Security is not guaranteed, even if they were to secure the ID cards. Just by issuing them and requiring their use you already significantly reduce the issues. If a criminal of any type (sexual or whatever) was so determined to try to crack the RFID cards, having the encrypted will just force them to find another hole in the system... or circumvent the system entirely.

You cannot guarantee anything. YOu can only reduce the probability of it happenings.. but as you approach very high tolerance, the costs go up enormously for very little benefit.

It's a choice.. higher tuitition to support better security, or some fairly reasonable security at low cost to you? There's no wrong answer.. but it's a choice you have to make.

Re:Regarding security badges (1)

Toba82 (871257) | more than 7 years ago | (#15401685)

Yeah, because I'm sure everyone takes PIN security seriously and doesn't use an easily memorized pattern. Nobody I know would ever do that at the expense of their own security.

Isn't that a bit like saying "It's okay that the deadbolt can be smashed with your pinky, I still have a screen door!"?

Re:Regarding security badges (1)

nharmon (97591) | more than 7 years ago | (#15401724)

Except the keypad is digital so the digits don't always show up in the same order. Thus if somebody shoulder surfing sees you input your code and remembers the pattern, he/she still won't know the correct PIN.

Re:Regarding security badges (3, Interesting)

Kadin2048 (468275) | more than 7 years ago | (#15401823)

Except the keypad is digital...

Huh?

I'm not sure I'm understanding what you're saying. Of course the keypad is digital. My keyboard is digital. Pretty much anything except for a mechanical combination lock is going to be "digital." (Well, even that you can argue is 'digital,' in the non-computerized sense of the term.)

Are you saying that the keypad appears on a screen, with the numbers in a random order in the array? E.g., so that some person might get a keypad numbered [[6,2,9][5,4,7][8,1,3]] and the next person would get [[3,8,4][5,2,1][6,9,7]]?

Seems like a system like that, which requires a touch-screen instead of a regular el-cheapo numeric keypad, would be pretty expensive to implement. If you have a small number of chokepoints where you can put them, it might work, but if you're trying to secure all the exterior doors of a large number of buildings, I could see it getting prohibitively expensive fast.

I have seen a lot of places that use Prox-Cards as their only form of authentication for access control: for whatever reason, people seem to think they're "more secure" than swipe cards. They were actually implemented at a place that I worked a few years ago this way, and I argued against them because of the RFID interception risk, but I got shot down by the PHB's and the system vendors, who said this was 'totally impossible.' I was tempted to try and figure out how to intercept the transmission, but I never had the time to get started.

At any rate, I don't work there anymore.

Re:Regarding security badges (1)

LiMikeTnux (770345) | more than 7 years ago | (#15401860)

you don't need a touch screen, just some clear buttons with any-digit LEDs behind em. Like the ones they use in older calculators and clocks.

Re:Regarding security badges (1)

Icculus (33027) | more than 7 years ago | (#15402062)

Are you saying that the keypad appears on a screen, with the numbers in a random order in the array?

Yes, I'm pretty sure that's what the poster was talking about. The systems I've seen are actual physical keys with old-school-calculator-type led displays inside. Some have a little shroud so you have to duck down and get your face right in there to see what the numbers are. I've only seen them in higher security areas (like NOC of a bank is the one that comes to mind).

My current employer uses card-only authentication for its doors, but our entrances are pretty high-volume. If everyone entering had to punch up a code we'd have a line out to the avenue to get in in the morning. I'm surprised to see we don't have those keypad deals for our data centers, though.

Re:Regarding security badges (4, Informative)

tinkertim (918832) | more than 7 years ago | (#15401854)

I'm recollecting many, many instances where I got through a door swiping a key with no pin or other authentication based on what I know.

Ideall you authenticate on 2 out of these three:

1 - what you know
2 - what you have
3 - what you are (or aren't, depending).

Now that I think about it, most buildings I've been in that use RFID tags to open doors do not use anything but #2.

I found this gizmo at fidgets [phidgetsusa.com]just poking around on Google after reading TFA and feeling curious. That's the biggest one I found, the rest once stripped of their case would be very much like the scanner described in TFA.

I'm sure this will become a growing problem, quickly.

Re:Regarding security badges (0)

Anonymous Coward | more than 7 years ago | (#15401882)

ExxonMobil SpeedPass tags require nothing beyond swiping the tag in front of the reader. So stealing gas would be possible... despite being unethical.

Re:Regarding security badges (1)

Panaflex (13191) | more than 7 years ago | (#15401986)

Not true - there's a brute force required to get at the key. Once you have the key, yes - you just swipe.

Re:Regarding security badges (0)

Anonymous Coward | more than 7 years ago | (#15402051)

Do you mean to equate Brute Force with kicking the sh** out of the guy who currently has the speedpass tag in question? If so I think what the article was trying to suggest was that by modifying your own speedpass key perhaps you could discover a way to send data to the reader that will make your purchase free.

I would expect it would be time consuming and difficult to find a sequence of data that tells the reader to enter "debug" mode where it runs as normal but does not charge the credit card. However there is always someone out there willing to spend the weeks required to rip a company off. Additionally I would bet that all your failed attempts would be logged and someone would start monitoring the security tapes to see who tried to hack the machine... but who knows maybe someone could pull this off.

Re:Regarding security badges (1)

jandrese (485) | more than 7 years ago | (#15402029)

That's pretty common. Most RFID systems that are implemented for actual security require a second authentication method (usually a pin pad, but sometimes biometric) for this very reason.

Encrypted RFID too expensive? (5, Insightful)

tinkertim (918832) | more than 7 years ago | (#15401612)

From TFA:

A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5. It's just not cost-effective for your average office building to invest in secure chips.

Ok, office with 200 people. You mean to tell me a lousy thousand bucks isn't worth preventing an intrusion? Some places spend that much a month on copy paper.

I'd call it cost effective considering the alternetive possibilities :)

Re:Encrypted RFID too expensive? (3, Insightful)

Aladrin (926209) | more than 7 years ago | (#15401658)

It costs a LOT more than $5 to hire someone. If you count the cost of the name/rfid badge in the newhire cost, it doesn't look nearly so bad anymore, either.

Re:Encrypted RFID too expensive? (1)

Ulrich Hobelmann (861309) | more than 7 years ago | (#15402094)

Um, why does the chip, i.e. the hardware, have to support encryption?

Why not just store *encrypted* data on it? My hard disk doesn't support encryption, but I can store encrypted files (even partitions) on it nonetheless.

I don't get this. The price difference between a computer system + RFID reader/writer and one that also supports encryption should be zero. I think ANY computer system nowadays is perfectly capable of encrypting data.

Re:Encrypted RFID too expensive? (0)

Anonymous Coward | more than 7 years ago | (#15402189)

You don't understand. The card is still copyable.

The more expensive cards we're talking about have a challenge-response system.. i.e. one cannot simply buy some card reader off of ebay and snag the data, there is a more complex handshaking procedure involved (think like how an SSH session works.. even if I am sniffing all the data, including the session initiation, I myself would not be able to steal your credentials)

Re:Encrypted RFID too expensive? (2, Insightful)

Thuktun (221615) | more than 7 years ago | (#15402383)

Why not just store *encrypted* data on it? My hard disk doesn't support encryption, but I can store encrypted files (even partitions) on it nonetheless.

When you're talking about authentication tokens, this does absolutely ZERO to block a replay attack.

Re:Encrypted RFID too expensive? (1)

RpiMatty (834853) | more than 7 years ago | (#15402532)

Why don't you store some encrypted data on a plain rfid tag. Then I will get my reader to make an exact copy of your tag.
Then I can go to your tag reader and swipe in just like you could.
I don't care whats on the tag, as long as I can still make a bit perfect copy.

Re:Encrypted RFID too expensive? (1)

Kadin2048 (468275) | more than 7 years ago | (#15402559)

If all you did was store the key on the card in some encrypted form, and send that every time the card was swiped, you wouldn't have added any security.

The way most (insecure) RFID systems work is like this.
Reader: What is your key?
Card: My key is 123456.
Reader: (consults lookup table to see if that key is authorized) ... (opens door).


Since the key is being transmitted in the clear, it's trivial for someone to snoop on the conversation and then repeat that key to the reader, and also open the door. This happens whether the key is encrypted or not: if all the card has to do is transmit something, and the result is that the door opens, then you can sniff that transmission and use it to open the door.

The cards with "encryption capabilities" don't just store encrypted information, they actually do the encryption on the card. At least this is my understanding of them. There are some smartcards that do stuff like this also. I assume that their "conversation" with a reader is something like this:

Reader: What is your public key?
Card: (sends its public key)
Reader: The time now is "20060525131827" ... authenticate.
Card: (takes timestamp from reader, and appends it to its owner's secret identity string and other salt, then encrypts it with its private key) I authenticate with "6baff175ed8a185356d0bc66c892a974"
Reader: (attempts to decrypt card's authentication string with the public key previously sent, if successful, checks the owner's identity string against lookup table) ... Authentication okay ... (door opens)


In the latter case, the challenge-response key exchange ensures that even if someone is snooping on the entire transaction, they don't get anything of value. This would not be possible unless the card had enough logic to do the encryption on its own.

There might be more-secure ways to do this than the way I'm envisioning, but I think this at least avoids having the key blasted out into the RF in an unencrypted form that could be easily reused.

Re:Encrypted RFID too expensive? (1)

John Harrison (223649) | more than 7 years ago | (#15402566)

It is the card (not the reader) that supports encryption ON THE CARD. I have a stack of contactless smart cards sitting here on my desk that do 3DES and RSA in the chip. These are much hard to crack than a dumb RFID tag.

Think of the reader as simply being a network connection between one computer (the card in this case) and another (your desktop or whatever it is that is letting you in the door).

Stop your worrying! (4, Funny)

gasmonso (929871) | more than 7 years ago | (#15401615)

Never fear, the DMCA is here to protect us from that sort of behavior. It's illegal, so I doubt criminals would even try it ;) Thanks god for big government!

http://religiousfreaks.com/ [religiousfreaks.com]

Re:Stop your worrying! (1)

sepharious (900148) | more than 7 years ago | (#15402242)

besides, I'm sure the NSA and the CIA are on top of any potential abuses of the system, because god knows we don't want prices remarked and security compromised. perhaps everyone should have a RFID-monitoring RFID chip installed to ensure 'Merica's success over the turrists!

With Every New Technology... (3, Insightful)

InsomniacMK5 (975929) | more than 7 years ago | (#15401620)

There will be those who can manipulate it. On one hand I think it's awesome that people have the technical expertise to do it. On the other hand it's scary when you want to play by the rules and be affected negatively by something of this sort.

Make has a project in the current issue (5, Informative)

hal9000(jr) (316943) | more than 7 years ago | (#15401628)

It is interesting reading and looks like a fun project. RFID for Makers [makezine.com]

Needed: RFID lockers. (4, Insightful)

Demon-Xanth (100910) | more than 7 years ago | (#15401629)

What is really needed for security applications that use RFID is a kind of shielded wallet, that when an RFID tag is placed inside would keep the RFID tag from being read. Preferably one that could carry multiple cards and such. When you want something to be able to read it, you open it up. When you don't, you close it.

I don't think many people carry thier credit cards out in the open.

Re:Needed: RFID lockers. (1)

Gattman01 (957859) | more than 7 years ago | (#15401903)

Like a tin-foil hat for your wallet?

So all these years they've been trying to read my RFID implant, and not my mind.

Wow, that sure takes a load off.

Re:Needed: RFID lockers. (1)

Kadin2048 (468275) | more than 7 years ago | (#15401921)

Yeah I started thinking about this as well, when I first saw those MasterCard and Amex credit cards that have embedded RFID chips so that you can use them to pay for things without having them swiped. (I forget what the system is called...FastPay? SpeedPay?)

I don't know whether they use the encrypting chips or not, but my feeling is that they probably don't. Call me cynical, but I have a feeling that if an encrypting chip costs 2,000% more than a non-encrypting one, the credit card companies are probably going to go with the cheaper route and just figure that they'll make up the costs of fraud with the savings.

Plus, there are other kinds of RFID cards besides credit ones: in the Washington, DC area, the Metro system uses RFID cards for payment of fares and parking, and it's not uncommon for people to keep a hundred bucks or more stored on their account (figure they load it once a month and pay for two metro fares and parking every day, that could be $250+), depending on the fare. I'm almost positive that those cards aren't encrypted: all they do is chirp back a serial number, which is then looked up in the system to find the value associated with it.

If you could build a small "harvester," a passive receiver that you put next to a legitimate RFID scanner and which recorded the transmissions of all the cards swiped past it, you could probably get hundreds of numbers a day, from any number of places in the metro system. (Next to a scanner on the exit of a parking garage, etc.) And depending what the frequencies are that the MasterCards use, you might get their numbers as well, if they're activated by the Metro cards' scanners.

I foresee a huge demand for shielded wallets and card-carriers, once the first large-scale RFID scams hit. And they're going to, sooner or later. The public is just setting itself up for a giant reaming: right now is the calm before the storm, because the black-hat technology hasn't been developed or perfected to the point where any idiot script kiddie can use it. When it gets to that point, and I suspect that it will eventually, people's unwarranted feelings of personal security are going to be deflated in a hurry. It's not going to be pretty.

Re:Needed: RFID lockers. (3, Insightful)

qwijibo (101731) | more than 7 years ago | (#15401971)

I dislike the idea of shielded wallets because it misses the point. If you want something to default to off without user interaction, you shouldn't be using something that is always on plus another thing that mitigates the always on effect. Why not just make the rfid circuit default to open and make you do something like squeeze the badge to close the circuit and enable the RFID capability? Always on means always vunerable. That gets sold based on convenience, but is it ever really a good idea?

Re:Needed: RFID lockers. (1)

jefu (53450) | more than 7 years ago | (#15402072)

Perhaps the RFID makers are also investing in RFID shielded wallets :
1) Sell the RFID chip for a nickel
2) Sell the shielding for $25
3) ???? (engineer a very public RFID scam)
4) Profit!

(Sigh. I never wanted to do that, but it seemed appropriate.)

Re:Needed: RFID lockers. (1)

Demon-Xanth (100910) | more than 7 years ago | (#15402121)

The reason I was saying shielded wallets, is that it is something people are used to. You show someone your driver's license, you open your wallet. You show someone your passport, you open it up. You need to use your credit card, you open your wallet up (you just don't have to actually pull it out anymore). It's a simple action that can be done easily, and in most cases, 90% of the work (pulling it out of your pocket) is done anyways.

Walk upto toll reader, pull out "wallet", open up as you walk by, close it, stick back in pocket.

Simple, easy, fast, and doesn't require training or retooling of the infrastructure.

Re:Needed: RFID lockers. (1)

Maximum Prophet (716608) | more than 7 years ago | (#15402616)

They had this on Max Headroom (TV series). Your ID was a thing the size of a pen that you had to insert into the reader.

The real trick is getting everyone to standardize on the same device, so that you wouldn't have to carry a dozen of these things around.

Needed: RFID shredders (1)

Secrity (742221) | more than 7 years ago | (#15402004)

A common paper envelope provides sufficient shielding to prevent the visual reading of a credit card, and the credit card holder can visually determine the likely effectiveness of the shielding. Reading the magnetic stripe of a credit card while it is inside a paper envelope might be possible, but is not a likely threat. Simply putting a credit card in a shirt pocket is sufficient to prevent the surreptitious reading of common credit cards. A wallet that is shielded to prevent the reading of RFID tags would be much more complex than a paper envelope or shirt pocket, and the holder of the RFID cannot determine for himself the likely effectiveness of the shielding. When a user opens an RFID wallet, would he be exposing the rest of his RFID's so that they can be read?

Re:Needed: RFID lockers. (1)

dwandy (907337) | more than 7 years ago | (#15402133)

What is really needed for security applications that use RFID is a kind of shielded wallet, that when an RFID tag is placed inside would keep the RFID tag from being read. Preferably one that could carry multiple cards and such. When you want something to be able to read it, you open it up. When you don't, you close it.
...more like what's needed for tags that contain private data is for the tag to be physically activated by the holder. It would only work when you press a 'button' on it...It's the passive nature of these cards that is the issue.
Alternatively, for pure authentication purposes they could respond to a challenge, that way if it was passive it wouldn't matter. The tag wouldn't broadcast a static number, but rather a response...

What kills me here is that lots of the solutions to security have been dealt with in 'fixing' the internet. We have here a chance to learn from all the mistakes we made by not making security a fundamental component of the 'net... and do we? nope. Just broadcast numbers and leave tags writable. That makes good security sense.

RFID Spoofing Guide (5, Informative)

Anonymous Coward | more than 7 years ago | (#15401631)

Re:RFID Spoofing Guide (2, Interesting)

Kadin2048 (468275) | more than 7 years ago | (#15402345)

I have to hand it to that guy, that's some pretty brilliant homebrew. (He even has a home-built PCB router!)

He's right though that if you did a multilayer board that you could make the device a lot smaller; and I tend to wonder if you used an FPGA if you couldn't make it even smaller, down to around key-fob size. At any rate, he already seems to have achieved the "cigarette pack" size benchmark for a portable device, or close to it.

From his "Security Implications" section:
I could also exploit the fact the distance at which the cards will be powered is less than the distance at which they can be read; if another reader is exciting the card then my reader can read that card from the other side of a wall!

This means that a sniffer concealed somewhere near a legitimate reader could intercept real transactions at a significant distance. This sort of attack is particularly good because the card repeats its id over and over as long as it is in the field, so that I could use signal processing techniques to combine multiple copies of the pattern to further improve my read range. This is easy--if I sample all 64 bits of the id then I don't have to get word-sync, and if I oversample then I don't even have to get bit-sync. Even if I capture the id with a few bit errors it is still useful; I could try the captured id, then every id with a Hamming distance of 1 from the captured id (one bit flipped), then 2, and so on. One or two bit errors would take seconds; three would take minutes.
I think this is worth pointing out, because most people think of RFID cards as line-of-sight devices. But there's nothing stopping someone from burying a sniffer on the other side of the wall that the reader is mounted on, or maybe some distance away if they have a high-gain receive antenna and some good pre-amplification and filtering (not too hard: they're only trying to receive on one very particular frequency, so the whole setup can be tuned for that purpose).

It's also worth noting the date on that article: October 2003. It's almost three years old at this point -- and I'm not convinced that RFID equipment has gotten any smarter, the installed base has increased significantly. The demand for sniffing equipment is going to be pretty big, and there are a lot of grey-market factories in Asia (like the ones that make console mod-chips) that will be happy to supply the hardware.

Nothing New (5, Interesting)

WebHostingGuy (825421) | more than 7 years ago | (#15401632)

While they may have just realized this everyone else has already known about it. Three years ago I attended BlackHat in Vegas and they presenters already were doing this.

They showed live examples and had very interesting stories about how they were reprogramming cheese to send RFID signals saying they were shavings products. Also, the store they were doing this in used RFID on all their products to make sure everything is shelved in the right place. They would reprogram an item on the shelf (already in the right place) to emit a signal saying it was something else. When the store came by to move the item to the correct place all they would find is the correct item. The presenters say it drove the store nuts.

Re:Nothing New (1)

goldaryn (834427) | more than 7 years ago | (#15401818)

They showed live examples and had very interesting stories about how they were reprogramming cheese to send RFID signals saying they were shavings products.

Hmm. What with the Gillette/Walmart scandal, I was quite worried about all this stuff. But your point is a good one: well-armed consumers could perhaps thus sabotage tags if their use they become widespread? Or clone the data and flood it everywhere so it becomes useless?

Re:Nothing New (0)

Anonymous Coward | more than 7 years ago | (#15402229)

Now I understand the link between my Souffle tasting bad, and all the cuts on my face.

Speedpass IS encrypted... (3, Informative)

nweaver (113078) | more than 7 years ago | (#15401645)

Speedpass is encrypted, they just did a really bad job of the custom cypher they decided to use for it.

Very interesting (2, Interesting)

goldaryn (834427) | more than 7 years ago | (#15401647)

Interesting points raised in TFA. It's worth bearing in mind, though, that the average range for a passive RFID tag is only a few yards..

The Wikipedia article on RFID [wikipedia.org] states "The US state of Virginia has considered putting RFID tags into driver's licenses ostensibly to make lookups faster for police officers and other government officials." Now that would fun, if you had a cloner!

By the way, read the "Religious Reaction to RFID" part if you haven't. It's "interesting".

Re:Very interesting (0)

Anonymous Coward | more than 7 years ago | (#15402012)

A few yards under the best of conditions. Add some ferrous metal near the tag and the range drops to nearly contact. Is that a chunk of iron in your pocket or are you just glad to see me?

Re:Very interesting (1)

Loco3KGT (141999) | more than 7 years ago | (#15402118)

because the two different bar codes we have on our licenses are apparently slow. :-| Or typing in our driver's license is so difficult? please.

I love government. Especially mine (Virginia).

A squirt of electrons??? (2, Informative)

ebcdic (39948) | more than 7 years ago | (#15401668)

"They send a signal only when a reader powers them with a squirt of electrons". Definitely not. Just some radio waves (think crystal set).

FUD (2, Informative)

QuartzDuane (803077) | more than 7 years ago | (#15401680)

The cheapest RFID chips - by and large - are not read/write. They're read-only. The Wal-Marts of the world aren't putting read/write RFID in their products. This strikes me as largely a non-issue. As far as the securty-badge scenario; you'd have to be pretty close to the badge to get it to transmit. Like, close enough to have it in your hand. If the bad guy has your badge in his hand, you've already got bigger problems.

Re:FUD (0)

Anonymous Coward | more than 7 years ago | (#15401922)

Ummmm, why does Walmart pay me to reactivate all of those tags on the return items before we put them back on the shelf?

Re:FUD (0)

Anonymous Coward | more than 7 years ago | (#15402159)

Walmart employees read Slashdot??

Re:FUD (0)

Anonymous Coward | more than 7 years ago | (#15402320)

Are you sure you are referring to RFID tags and not EAS tags.

Please note the difference.

EAS (Electronic Article Survellience) can only contain a 0 or 1. It is swithced to zero at the register so the alarm does not sound. You probaly switch it back when an item is returned.

RFID much more complicated. Walmart is not tagging everything at the item level. They are requiring their top veondors to tag at the PALLET LEVEL so you should not have to switch something back on.

Also, if you have to swicth it back you you must be assuming that Walmart is "killing" the tags upon exit. This is not the case. It would be very difficult to kill all the tag going out the door IF they were tagging everything.

--RFID guru

Re:FUD (0)

Anonymous Coward | more than 7 years ago | (#15402384)

The tags themselves are not 're-activeted'. What you are doing is telling Wal*Mart's inventory system that those particular items are now back in inventory.

Re:FUD (1)

Maximum Prophet (716608) | more than 7 years ago | (#15402648)

As far as the securty-badge scenario; you'd have to be pretty close to the badge to get it to transmit. Like, close enough to have it in your hand.

Nope. I know many people who keep the badge in their wallet, and just bump the reader with their hip. Works fine. In the example given, the cloner did bump into the guy with the real badge.

"If I don't understand it, it must be secure." (4, Insightful)

dpbsmith (263124) | more than 7 years ago | (#15401692)

Dilbert once ran a strip in which the PHB says "Reasoning that anything I don't understand must be easy..." before assigning Dilbert a monumental task on an impossibly short deadline. This is a mental trap that's easy to fall into.

Another similar trap is "Any security technology I don't understand must be secure."

Everyone has some vague notion of how a traditional lock and key work, and how they might be circumvented.

But if there is no hole where the keyhole should be, and what IS there has some spiffy up-to-date appearance, and is "electronic" or "digital," the natural assumption is that because it clearly isn't a traditional lock and key, it must not have the traditional security vulnerabilities of a traditional lock and key... and since we aren't familiar with the new technology, we assume that "no traditional security vulnerabilities" = "no security vulnerabilities."

And, obviously, the vendor of the new system, who is likely to be in the best situation to know them, isn't likely to explain them to us.

Re:"If I don't understand it, it must be secure." (1)

stienman (51024) | more than 7 years ago | (#15402075)

I don't think the security people are as trusting in black box technology as you seem to indicate.

Like everything else there is a cost/security decision that has to be made. One could invest in a system that would use all three possibly keys (biometrics, passcode, key), or one could invest in a regular tumbler lock with 6 tumblers.

The reality is that of the population that wants to break into your office, most of them would be stopped by the lock - they don't want to break in badly enough to obtain and learn to use lock picking tools. They'd rather social engineer a way in.

Of the population that wants to break in, more would be stopped by the more secure system, but the improvement might only by perhaps 1-5% fewer possible break-ins. Again, a social engineering trick is also going to work here depending on the people who have legitimate access.

The RFID is going to be, for quite some time (measured in years) better than the tumbler lock. Simply because most of the possible miscreants would rather employ a social hack than obtain and learn to use the equipment necessary to conduct and electronic attack. Further, social hacks are much easier to defend if caught. If caught with electronic RFID hacking equipment, you're going to be hard pressed to prove that you use it on a day to day basis for legitimate purposes. Eventually cell phones will be used for these attacks, but again that's several years down the road.

For right now the cost is more than the tumbler lock, and the security is measurably greater. It's not a double digit improvement, though - few security advances are, and even fewer organizations need a double digit improvment.

-Adam

How many times are we going to see this story? (0, Flamebait)

Assmasher (456699) | more than 7 years ago | (#15401719)

It was up a loooong time ago with the same info about wiping library tags, reading a security manager's badge and gaining entry as a test, yadda ^ 3.

Over the edge (1)

packetmon (977047) | more than 7 years ago | (#15401721)

As noted in the article: "Private citizens and the government could likewise place cookies on library books to monitor who's checking them out." And how is this not being done as is. For anyone who goes into a library, records of what books you check out are kept since you have to submit your library card. Most public libaries are known/thought to share this information with government as it stands. In response to Exxon Mobile SpeedPass ""Texas Instruments used an untested cipher." The Johns Hopkins lab found that the code could be broken" ... That was then, this is now... The test in question was done some years back. How about verifying something now instead of crying over spilled milk. Can this be replicated now, if so why didn't they write about it. Did they solely include this information to inject FUD into the RFID security scene. Another noteworthy statement: "VeriChip, the only company making FDA-approved tags, boasts on its Web site that "this 'always there' identification can't be lost, stolen, or duplicated." It sells the chips to hospitals as implantable medical ID tags and is starting to promote them as secure-access keys." Of interesting note would be that, many hospitals' maternity wards have chips for newborns that are supposed to alert staff if a baby is removed. While parents may find this "useful", it does nothing if someone simply... (drum roll) cuts off the tag. Aside from that instance of stupidity, in many instances, one need only to inject noise interference to disable many RFID tags... So instead of getting all geeky and narrowing down a band, find yourself a decent noise generator capable of jamming a frequency and just do a five finger discount on a bag of Doritos. Go for it, its on the house and I'm sure those security personnel whose jobs were lost from companies depending on RFID will love you for it

Re:Over the edge (2, Informative)

VP (32928) | more than 7 years ago | (#15401984)

And how is this not being done as is. For anyone who goes into a library, records of what books you check out are kept since you have to submit your library card. Most public libaries are known/thought to share this information with government as it stands.

I don't know where you get this idea, but currently most public libraries make it a point to destroy the record of you checking out a book after you return it, just so that they don't have this information available if/when the government comes around asking for it. Here is some relevant reading material: http://www.ala.org/ala/oif/ifissues/usapatriotact. htm [ala.org]

Re:Over the edge (0)

Anonymous Coward | more than 7 years ago | (#15402512)

Of interesting note would be that, many hospitals' maternity wards have chips for newborns that are supposed to alert staff if a baby is removed. While parents may find this "useful", it does nothing if someone simply... (drum roll) cuts off the tag.

That may have been the case originally, but the current situation (having done the Maternity Ward tour in the last month) at my local hospital is that the alarm goes off/floor goes on lockdown if the tag is cut or if the tag gets too close to an exit door without being turned off at the main system.

Can it be circumvented? Sure, but the point isn't to protect the babies (the numbers of babies stolen from hospitals was very low before the system was implemented), it's to give the new mothers peace of mind.

Re:Over the edge (0)

Anonymous Coward | more than 7 years ago | (#15402523)

Several problems with your statements about libraries:

1) Library RFID tags are write once tags. They cannot be written to again, and only contain an ID that looks up to the books information. The patron information is NEVER stored on the books in any way.
2) When you return a book to a library all links back to your record are removed. Some libraries keep the patron information linked until the book is checked out again incase the patron returns it in the book drop and it is damaged. This is not always the case.

Mod up the "FUD" factor of the headline (2, Informative)

RagingChipmunk (646664) | more than 7 years ago | (#15401768)

Its really no big deal. The vast majority of RFID chips are simply read-only, because thats the bottom of the line cheapest way to go. The card is "pinged" with a radio-field, and the chip burps out its serial number. No over write. No virus attack potential. Nothing of interest... Sure you can spoof these by putting a different tag in its place - oh yay, you've done the same cleverness as peeling a price sticker from a different product.

Read/Write tags are a step up in cost. They range from 20 bytes to 256 bytes of data with a 10 digit serial number. Some brands support encrypted encoding formats. There is a trivial one byte "access key code" that prevents a Writer from writing to an RFID tag if this "access key code" byte doesnt match. Its really more of an accident prevention mechanisim (so you dont accidentally overwrite an ExxonSpeedPass if it was put in a WalMart system).

Encryption of the "Writable" tags is the responsibility of the application. Since you only have 20 bytes (on the more common, cheaper tags) there isnt much you can do anyway as the number of permutations at 20! is low enough for most script-kiddies to crack. When you start getting upto 256 bytes, then sure it makes absolute sense to encrypt the contents. But, when you're at that price level, you're already considering the hardware that can encrypt at the signal level.

(Yes, I write code dealing with RFID tags)

-Mike

not so much of a fud but "heads up" (2, Insightful)

pikine (771084) | more than 7 years ago | (#15402411)

I think you underestimated how a read-only RFID tag can still be subject to play-back attack. You can fake the presence of an RFID. This becomes a problem when the person deploying RFID doesn't understand the consequences. For example, since perimeter security assumes that authorization is equivalent to the presence of an ID, being able to fake RFID violates this assumption and breaches security.

TFA mentions a couple of these examples, where deployment is flawed. The flaw is not in the RFID technology.

As for encryption, if the RFID always echoes back the same cipher-text, then it is still subject to play-back attack. Encrypted authentication is only useful if there is some sort of challenge-response protocol. I'm sure you know all this.

Uhhhh... (2, Funny)

k-0s (237787) | more than 7 years ago | (#15401774)

Remind me again how getting nearly $4/gallon gas for free from ExxonMobil and it's $8.4 billion quarterly profit is scary.

Re:Uhhhh...Someone pays (1)

SirLanse (625210) | more than 7 years ago | (#15401902)

Unless you are spoofing the speedpass of the CEO of Exxon,
the poor schmuck whose speedpass you cloned will get the bill.
It is stealing from that person. They could notice the extra
fill-ups on the bill and try to fight Exxon about them.
I'm sure that they would win any court battle.
Feel good that you are getting "FREE GAS" and forget that
you may have robbed some poor kids of christmas.

Hello noobcakes (1)

BitterAndDrunk (799378) | more than 7 years ago | (#15402148)

It's not getting gas for free, it's getting gas from someone else's speedpass. I.e. identity theft.

Which is pretty scary if it's YOUR SpeedPass they're using.

Noob.

Re:Hello noobcakes (1)

k-0s (237787) | more than 7 years ago | (#15402613)

I see you obviously own ExxonMobil stock. Please now, nowhere in the article does it state there was identity theft. In fact, if you read the article *gasp* it says the follow, "Using a laptop and a simple RFID broadcasting device, they tricked the system into letting them fill up for free." As for "Noob", please, maybe 15 years ago. *MAYBE* ten years ago that title might have offended me. Come on man, you're in your 30's now, no need to speak like a 14 year-old "k-rad leet haxor".

Re:Uhhhh... (1)

warpSpeed (67927) | more than 7 years ago | (#15402272)

Remind me again how getting nearly $4/gallon gas for free from ExxonMobil and it's $8.4 billion quarterly profit is scary.

Well if you are morly challenged, then I would say nothing is wrong with it. Stealing from anyone, is, well, stealing, no matter how big a boogie-man you make the large "heartless corperations" out to be.

Hacking? (2, Insightful)

tehcyder (746570) | more than 7 years ago | (#15401802)

Have we now given up on using the word hacking except in a perjorative sense?

The examples given all appeared to be illegal to me.

Well (3, Informative)

ShooterNeo (555040) | more than 7 years ago | (#15401836)

RIFD technology has the potential to do everything it's backers claim. Inventory tracking for all manner of transportation and commerce could be MUCH more efficient because it is possible to read hundreds of tagged items at once, and without having to rotate the items to expose the barcodes. Unlike a barcode, or a credit card which is basically just a magentic barcode, easily readable with commonly available readers or even iron filings, RFIDs can be made to keep their codes secret with encryption. It has to be competently done encryption, with secure, proven algorithms and a unique encryption key for EVERY device (it would be retarded if a bank made all of it's rfid credit cards, for instance, use the same key)

Credit card theft and misuse could be almost eliminated with better cards that use encryption so the code changes every time they are used. No longer would the number of your visa card suffice, every transaction would need a new code. For a business relationship, you would press a button on the card to generate a code that a particular merchant could then use repeatedly to charge the card from, and only that merchant.

Of course, every security measure can be broken. Thieves could still swipe actual cards (and they could be cancelled just as quickly like it is today, but no thief could use the card without phyisically possessing it). With electron microscopes and specialized equipment someone could read the codes out of memory for a card, and create duplicates : but the cost and time involved could easily be so onerous that no criminal ever did it.

I think the slashdot mentality is one of fear of the tech because if the megacorps deploying these cards screw it up, we could end up with a system far less secure than we have now. For instance, wireless internet could have been made pretty much 100% secure from the start, but instead was pathetically easy to hack and far less secure than standard cat-5 jacks with no log on.

I imagine a future walmart or best buy where you grab anything you want to buy and throw it in a mostly plastic shopping cart. You wheel it through a special detector booth enclosed on three sides, and with one big electronic beep EVERYTHING gets instantly scanned, and a total price comes. You take your credit card out of its protective foil sheath, push a physical button ON the card (or press your thumbprint to it), and put it into a little recess on the self checkout machine. You close the foil lined door, another beep follows, you open the door and the transaction is done. 15 seconds, start to finish, whether you are buying 1 item or an entire cart full. No more lines at stores that use the technology, ever. Instead of 30 clerks on the job at Walmart, there are just 4 or so "customer service representatives" to handle problems that come up. There's a roll of bags if you want to bag your own stuff, but otherwise you just push the cart right on out of the store. The guards even at best buy never bother to inspect your cart because each expensive or routinely stolen item has a deeply embedded rfid tag with a writable (WRITE ONCE) field that "knows" if it has been bought. Everything in your cart gets interrogated when you push it through the doors.

No need for a paper receipt, either - a customer id for who bought the item is on the tag for each item. When you return stuff, you don't need a receipt, either, the clerk can quickly scan all your items when returned and press one button to instantly refund your money or give you store credit with your store card.

Course, this is the real world. We can't get fcking word processing to work without any trouble at all on computers in offices because viruses, bloatware, stupid users, features creep, and constant other problems mean that the commonly used Word is MORE trouble prone that windows and DOS word perfect I used back in 1990. That's like a modern car being out performed by a model T! I can imagine this RFID stuff not working right either, or a health scare starting up due to the magnetic fields needed to energize the chips, or clueless staff not being able to make "the system" work at a typical store so NOTHING gets bought or returned. Or the whole system crashing or taking an interminable amount of time to do things....waiting a minute for the machine to scan your cart, longer than a clerk would have taken.

Re:Well (1)

fredklein (532096) | more than 7 years ago | (#15402473)

"The guards even at best buy never bother to inspect your cart because each expensive or routinely stolen item has a deeply embedded rfid tag with a writable (WRITE ONCE) field that "knows" if it has been bought. Everything in your cart gets interrogated when you push it through the doors."

Problem: When an item is returned, how do you change the "WRITE ONCE" field to reflect the item is no longer sold???

Problem: What if someone makes an emitter that set all the "WRITE ONCE" fields to 'sold' as they walk around inside the store? Even if they don't steal any items themselves, it could cause problems.

Problem: I use my own bags to bag my products. My bags are foil-lined. This method is currently used to defeat EAS tags now.

Beaners (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#15401852)

This happened in Austin, TX:

*se habla espanol?

*Get ready....................this is so good !

I have a friend who is president of his homeowner's association. They
are having a terrible problem with trash on the side of the road.The
trash is thrown down by the Mexican work crews working on new homes in
the area. (McDonald Bags, Burger King trash, etc). He has pleaded with
the site supervisors and the general contractor to no avail, called the
City,County, the Police and got no help. So....

They organized about twenty folks, named themselves The "_I_nner
_N_eighborhood _S_ervices" or INS..to go out at lunch time and "police"
the trash themselves. They got some navy blue baseball caps and had the
initials "INS" in gold put on the caps and just hoped the workers would
think they were INS.

The day after their first pick up detail, with them wearing their caps
and carrying cameras; 46 out of 68, of the construction workers did not
show up for work the next morning...and haven't come back for 10 days.

The General Contractor is furious, but can't say anything publicly or he
could be busted for hiring "illegal aliens". This friend and his
neighbors can't be accused of impersonating INS folks, because they have
it on their home owner association records the vote to form the new
committee within their association, plus they informed the INS about
what they were doing in advance, and the INS said
basically........."have at it"!

Good ol' YANKEE INGENUITY TRIUMPHS AGAIN!

Hobbiest hacking of RFID (3, Interesting)

Iphtashu Fitz (263795) | more than 7 years ago | (#15401873)

After the recent reports that companies like Levis were testing RFID tracking [mobilemag.com] in their clothes I started searching around to see what it'd cost to get an RFID reader if I wanted to start tinkering. Although self-contained hand-held readers are still quite pricey I did find an alternative. There are companies that are selling RFID attachments for Palm and Windows CE devices. For about $200-$400 you can buy an RFID device that plugs into an SD slot. Depending on how much you want to pay you can get just a reader or a reader/writer. With a little bit of software work it probably wouldn't be very difficult at all to whip up an RFID "skimmer" that you could just stick into your pocket. Just casually walk buy a security guard and steal his access card, walk around a store and reprogram prices, etc. and nobody would know it was you since you're just walking around and the device in your pocket is doing all the real work.

Shouldn't another concern be.. (1)

dyslexicbunny (940925) | more than 7 years ago | (#15402007)

privacy concerns? Assuming the signal was strong enough and the RFID was embedded in the product (so I can't remove it), couldn't someone drive by my house and see what sorts of things I buy? Or use them to track me with tags embedded in clothing or a watch?

I understand how they work but only know a little about RFID's integration into inventory management and the like. Are they deactivated when you check out? If not, how long would they last?

factual error in TFA about SHA-1 (4, Informative)

pikine (771084) | more than 7 years ago | (#15402018)

The last sentence on page 2 says: "Compare that to the hundreds of years experts estimate it would take for today's computers to break the publicly available encryption tool SHA-1, which is used to secure credit card transactions on the Internet."

This is incorrect.

SHA-1 is a digest algorithm. You give it some data, it outputs a 160-bit string that represents a fingerprint of the data. This fingerprint does not allow you to reconstruct the original input, but you can use it to verify data integrity, that data have not been tempered with. This does not protect against eavesdropping. Hacking a digest algorithm means to find, in a reasonable amount of time, two different inputs that produce the same digest.

SHA-1 is not a cipher. A cipher takes plain-text and a cipher-key in, and produces cipher-text out, which would appear to a third person without a cipher-key as a pretty random string.

June Consumer Reports on RFID (2, Interesting)

OzPeter (195038) | more than 7 years ago | (#15402039)

The June edition contains an interesting article on RFID and its security with respect to consumers. It is a good introductory article that covers all of the main security issues. It also talks about how various people who have been influential in teh government are now working for RFID companies (one being Tom Ridge former Secretary of Homeland Security)

What was interesting to me in the same articla is a reference to IBM having a 2001 patent application for tracking individual persons using the RFID constellation they create when carrying around a significant number of RFID tags. You nominate your target and profile what RFIDs they have, and then just look for that specific profile as it floats from detector to detector. This is scary stuff.

On a slightly related note, I remember seeing a comment somewhere about how teenage boys could profile the RFID constellation of hot looking women walking down the street and correlate this with the Victorias Secret catalogue in order to pick who was wearing the hot lingerie. This is a weird but possible new behaviour that RFIDs is opening.

Of more importance, I saw recently a reference to an RFID tag that could be embedded in currency notes as an anti counterfitting measure. Imagine how the muggers would jump on board this if it comes true.

Exxon Speedpass already being worked on... (0)

Anonymous Coward | more than 7 years ago | (#15402044)

I mean we are already working on a device that confuses the reciever into thinking it is being worked on by a technician and shuts of but lets the pump open for inspection thus letting it pump gas and whoala free gasoline. Plus, it is easy to break into one of those pumps and add in a card read that reads off the card number from your debit/credit card and PIN number if you use debit. Technology is amazing, is it not?

Ancient RFID Hacking at Bethel Park HS (2, Funny)

Isquaredare (869282) | more than 7 years ago | (#15402154)

At the Bethel Park High School Library in 1977, they installed crude RFID tags in the spine of all of the books. As you checked out a book, the bold Librarian Gary Hutton would wanded the spine to deactivate the tag.

If they failed to deactivate the tag, or if you tried to steal a book, the system would sound an alarm, and Gary would be in an uproar. He might even have called the elderly Mrs. Simpson as backup. I recognized the 400Hz. tone as being a Mallory Sonalert.

Seeing as how we were already using the ASR-33 Teletypes with acoustic couplers in the Library to hack into local dial-up modem mainframes, I felt that a new hack was in order.

I had a Mallory Sonalert from a recent dumpster dive where my brother worked. I wired it and a 9v battery to a momentary switch and kept it in my coat pocket.

On occasions, I would situate myself in a library desk near the checkout. When Gary would wand a book, I would sound my alarm. Then, with a red face, he'd retrieve the book, and wand it again. I'd beep. He'd wand again. And again. Then, I'd stop before his blood pressure popped his head off.

Sometimes, I'd activate my Sonalert when Gary walked past the sensor gate. Sometimes not. I was having fun.

Why the long story? Well, just to let you know that hacking in a jovial sense can be a pantload of fun, and that you might not have to hack the internals of a system, to hack a system. That was 1977 folks - RFID (even in a crude sense) has been around for a while.

Our hacking was not malicious, it was fun. We never caused harm, and we never left tracks.

hm (1)

xIcemanx (741672) | more than 7 years ago | (#15402180)

Some interesting scenarios and experiments: snagging the code off of a security badge and replaying it to gain access to a secure building; vandalizing library contents by wiping or changing tags on books; changing the prices of items in a grocery or other store; and getting free gas by tweaking the ExxonMobil SpeedPass tags.

Interesting, though in today's climate it seems the fourth option is the only real way to make any money off of this.

do the WORM! (1)

MrSquirrel (976630) | more than 7 years ago | (#15402370)

There are WORM (I think that's the acronoym) write-once read-many tags which can only be written to once (by the end-user, kind of like how you can print on a piece of paper just once but you can read it many times). These are relatively hacker-proof... the only danger is reading the information. Reading information from passive tags (WORM tags usually are) requires them to be very close to the reader (or the reader to be "MORE POWERFUL THAN HULK, HULK SMASH!"), so much so that the only viable scams would be to get people with RFID cards in their wallets to sit on your scanner. ...do I see Santa Claus stealing little kids' information in the future?

Most CARS have secret RFIDs to allow US gov spy ! (2, Informative)

Anonymous Coward | more than 7 years ago | (#15402408)

TOP SECRET FACT:Most modern cars have tracking transponders! While you drive on highways. Wires in the road and 14 feet above, work fine and log your car movement.

Spy transmission chips embedded in tires that can be read REMOTELY while driving.

A secret initiative exists to track all funnel-points on interstates and US borders for car tire ID transponders (RFID chips embedded in the tire).

Yup. My brother works on them (since 2001).

The us gov T.R.E.A.D. act (which passed) made it illegal to sell new passenger cars lacking untamperable RFID in the tires allowing efficient scanning of moving cars.

Your tires have a passive coil with 64 to 128 bit serial number emitter in them! (AIAG B-11 ADC v3.0) . A particular frequency energizes it enough so that a receiver can read its little ROM. A ROM which in essence is your GUID for your TIRE. Multiple tires do not confuse the readers. Its almost identical to all "FastPass" "SpeedPass" technologies you see on gasoline keychain dongles and commuter windshield sticker-chips. The US gov has secretly started using these chips to track people.

Its kind of like FBI "Taggants" in fertilizer and "Taggants" in Gasoline and Bullets, and Blackpowder. But these car tire transponder Ids are meant to actively track and trace movement of your car.

Taggant chemical research papers :
  http://www.wws.princeton.edu/cgi-bin/byteserv.prl/ ~ota/disk3/1980/8017/801705.PDF [princeton.edu]
(remove spaces in url from slashcode if needed)

I am not making this up. Melt down a high end Firestone, or Bridgestone tire and go through the bits near the rim (sometimes at base of tread) and you will locate the transmitter (similar to 'grain of rice' pet ids and Mobile SpeedPass, but not as high tech as the tollbooth based units). Sokymat LOGI 160, and Sokymat LOGI 120 transponder buttons are just SOME of the transponders found in modern high end car tires. The AIAG B-11 Tire tracking standard is now implemented for all 3rd party transponder manufactures [covered below].

It is for QA and to prevent fraud and "car theft", but the US Customs service uses it in Canada to detect people who swap license plates on cars when doing a transport of contraband on a mule vehicle that normally has not logged enough hours across the border. The customs service and FBI do not yet talk about this, and are starting using it soon.

Photos of tracking chips before molded deep into tires! :
http://www.sokymat.com/index.php?id=94 [sokymat.com]

PLEASE LOOK AT THAT LINK : Its the same shocking tire material I have been trying to tell people about since the spring of 2001 on slashdot.

a controversial dead older link was at http://www.sokymat.com/sp/applications/tireid.html [sokymat.com]

(slashdot ruins links, so you will have to remove the ASCII space it inserts usually into any of my urls to get to the shocking info and photos on the embedded LOGI 160 chips that the us Gov scans when you cross Mexican and Canadian borders.)

You never heard of it either because nobody moderates on slashdot anymore and this is probably +0 still. It has also never appeared in print before and is (or was) very secret.

Californias Fastpass is being upgraded to scan ALL responding car tires in future years upcoming. I-75 may get them next in rural funnel points in Ohio.

The photo of the secret high speed overpass prototype WAS at :
http://www.tadiran-telematics.com/products6.html [tadiran-telematics.com] ...but the shocking link finally died in July 2004 and the new location 2005 does not have a photo of a RFID bridge underpass RFID database collector. But this 20005 link below does discuss their toll booth RFID tracking uses...

http://www.telematics-wireless.com/site/index1.php ?ln=en&main_id=33 [telematics-wireless.com]

but the fact is... YOU PROBABLY ALREADY HAVE A RADIO TRANSPONDER not counting your digital cell phone which is routinely silently pulsed in CA bay area each rush hour morning unless turned off (consult Wired Magazine Expose article). Those cell data point pulses are used by NSA on occasions.

The us FBI with NRO/NSA blessings, has requested us gov make this moving tire scanning information as secret as the information regarding all us inkjet printers sold in usa in the last 6 years using "yellow" GUID barcode under dark ink regions to serialize printouts to thwart counterfeiting of 20 dollar bills. (30 to 40 percent of ALL California counterfeiting is done using cheap Epson inkjet printers, most purchased with credit cards foolishly). Luckily court dockets divulge the existence of the Epson serial numbers on your printouts... but nobody except a handful of people know about this Tire scanning upgrade to big brother's arsenal. (ALSO NOTE that I tried telling people about Epson Serial numbers in yellow ink on slashdot in 2001 and ealrlier years, in the original very similar version to this large post but PEOPLE IGNORED me until the EFF.org "finally" confirmed it 8 years later in 2005 on front pages of all major newspapers and on slashdot recently). This tire info is and was confirmed equally 100% factual.

YOU MUST BUY NEUTRALIZED OR FOREIGN TIRES!!!!! Soon such tires will become illegal to import or manufacture, just as Gasoline must have "Taggants" added or gasoline is illegal, as are non-self-aging 9 mm bullets.

It is currently VERY illegal to buy or disable the "911 help" GPS emitter in digital cell phones in the US or ship a modified phone across state borders, but it is still legal to turn off your cell phone in your car while traveling. As you should. And you should be wary of your tires now too. : http://www.sokymat.com/sp/applications/tireid.html [sokymat.com]

Alternatively you could illegally build jamming devices at : 13.56 MHz (TI-RFid) , + many close freqs or a few others. If microwave is ever employed you might not be able to effectively jam but your brain would possibly cook over time, as it now known as of last year that the three harmonic resonances of water are not the only chemical actions harming human tissue at gigaherz frequencies. Jammers would be illegal and violators easy to locate. Tire removal is the only option. Cooking with microwave pulse does not work as the Darpa directed DTR design (for truck deliveries on us mil bases) is pulse resistant in the charge coil of the RFID (Defense Transportation Regulations = (DTR) controlled by Defense Transportation Command). Auto chips are no different..

RFIDs have been covertly used and sold by TI for over ten years are in many many products... and now your tires are being read by the us gov as you drive at speeds of up to 100 Mph on primary US interstate corridors. (Actually 160 km/h).

Those same US interstate corridors have radiation detectors too, but a small layer of stacks of interlocked graphite blocks those from detecting stealthy deliveries. Graphite blocks are IDEAL for shipping "dirty bomb" components, I believe.

Anyway, regarding tire radio transmitters: the sokymat LOGI 160, and sokymat LOGI 120) are just SOME of the transponders found in modern tires. The earliest tire radio spy chips had only 64 bit serial numbers but they have rapidly evolved post Sept 11 bombings: LOGI 160 LOGI 120 has 224 bit R/W memory (sokymat.com) to be marked using external hand help injectors with "salt" info when the fbi tags your parked car.

Basically the FBI "marks your car" without touching it physically, thus eliminating a "warrant" to put a locater on your vehicle. Just as the FBI can listen to you while you are at home by LEGALLY bouncing an infrared beam off your vibrating window pane and modulating the signal, the US Gov can LEGALLY inject (program) a saltable read-write sokymat LOGI eeprom tire chip (and other brands of tire transponders)

Using these chips to track people while they drive is actually the idea of the us gov, and current chips CANNOT BE DISABLED or removed. They hope ALL tires will have these chips in 3 years and hope people have a very hard time finding non-chipped tires. Removing the chips is near impossible without destroying the tire as the chips were designed with that DARPA design goal.

They are hardened against removal or heat damage or easy eye detection and can be almost ANYWHERE in the new "big brother" tires. In fact in current models they are integrated early and deep into the substrate of the tire as per US FBI request.

Our freedom of travel are going away in 2003, because now there is an international STANDARD for all tire transponder RFID chips and in 2004 nearly ALL USA cars will have them. Refer to AIAG B-11 ADC, (B-11 is coincidentally Post Sept 11 fastrack initiative by US Gov to speed up tire chip standardization to one read-back standard for highway usage).

The AIAG is "The Automotive Industry Action Group"

The non proprietary (non-sokymat controlled) standard is the AIAG B-11 standard is the "Tire Label and Radio Frequency Identification" standard

"ADC" stands for "Automatic Data Collection"

The "AIDCW" is the US gov manipulated "Automatic Identification Data Collection Work Group"

The standard was started and finished rapidly in less than a year as a direct consequence of the Sep 11 attacks by Saudi nationals.

I believe detection of the AIAG B-11 radio chips (RFIS serial number transponders) in the upgraded car tracking http://www.tadiran-telematics.com/products6.html [tadiran-telematics.com] is currently secret knowledge. Another reason to leave "finger print on Driver license" California, but Ohio gets it next, as will every other state eventually.

The AIAG is claiming the chips reduce car theft, assist in tracking defects, and assists error-proofing the tire assembly process. But the real secret is that these 5 cent devices are a us government backed initiative to track citizens travel without their consent or ability to disable the transponders in any way.

All tire manufacturers were forced to comply AIAG B-11 3.0 Radio Tire tracking standard by the 2004 model year.

(B-11: Tire & Wheel Label & Radio Frequency ID(RFID) Standard)

http://mows.aiag.org/source/Orders/index.cfm?task= 3&CATEGORY=AUTOIDBC&PRODUCT_TYPE=SALES&SKU=B-11 [aiag.org]

Viewing b11 synopsis is free, downloads from that are $10 and tracked by the FBI. Use a google cache to avoid leaving breadcrumbs.

A huge (28 megabyte compressed zip) video of a tire being scanned remotely was at http://mows.aiag.org/ScriptContent/videos/ [aiag.org] (the file is "video Aiagb-11.zip").
THAT LINK was still valid in Feb 2004 but in July 2004 died after feds saw my origianl warnings regarding T.R.E.A.D. act (RFID citizen tracking)

[I guess viewing it is now a terrorist action. That link WAS valid from 2001 to 2004 though. At least my battle cry was valid for the past five years]

And just as showerheads are now illegal to import into the USA from Canada or mexico, as are drums of industrial Freon, and standard size toilets are illegal to import for home use, soon car tires without radio transponders will be illegal to bring across state borders.

The US gov is getting away with this. You read it here first. Well over five YEARs ago, from me, but fbi shills kept marking my message to -1 to silence this post. It never gets modded up, and this is the probably third time I posted it over the last two years.

Hundreds of millions of RFID equipped tires were shipped in the last year. (Yes hundreds of millions according to AIAG).

US Congress's recently passed Transportation Recall Enactment, Accountability and Documentation Act (TREAD or T.R.E.A.D.) making it illegal to import or sell car tires and light truck tires without these radio transmitting RFID coils readable on them to track us citizens in a retroactive database. The New York throughway has over 200 RFID reader points and I am not discussing the few at actual exits I am talking about 200 along the highway itself. New York says its for "safety" though they already get over 20 FBI subpoenas per year for RFID records from these transmitters. They get full computer files each time, but the FBI wants fresh data.

The TREAD act is just a branch of the Patriot Act, though much more sinister.

TREAD link (not a great one, look toward bottom) : http://www.zebra.com/id/zebra/na/en/index/rfid/faq s/rfid_considerations_specific_industries.html [zebra.com]

Goodyear, Michelin and other tire manufacturers are claiming TREAD is the reason they are forced to put in spy RFID transmitter chips in all tires... not whims. A bylaw document addendum for TREAD is merely one strongarm tactic by feds that aided it to be fully adopted. AIAG manipulation was another.

Goodyear RFID tires from TREAD :
SNIPPET QUOTE EXCERPT:
"Tires have to have a unique identification number called a DOT number," he said. "Cars have a vehicle identification number. Under the TREAD Act, carmakers have to associate the unique number on each tire with the VIN of the car it's put on. RFID offers a cheaper way to do that association

web source : http://www.rfidjournal.com/article/articleview/122 3/1/1/ [rfidjournal.com]

Michelin RFID tires from TREAD :

SNIPPET QUOTE EXCERPT:
"The tire industry faces regulatory pressures from the National Highway Traffic Safety Administration requiring tire companies to monitor pressure and temperature in tires as part of the Tread Act, a much-publicized law passed in 2000 in response to the rollovers of Ford Motor Co.'s Explorers equipped with certain Firestone tires. The Tread Act states that the vehicle identification numbers must correlate with the Department of Transportation's number for the tire."

web source : http://informationweek.com/story/showArticle.jhtml ?articleID=49901180 [informationweek.com]

Industry and TREAD RFID ..

SNIPPET QUOTE EXCERPT:

"There are no industry-based automotive mandates out there today. Perhaps the only exception to this is the Tire TREAD Act in which RFID is specified as a method of identifying tires supplied to OEMs. The U.S. Congress passed the TREAD (Transportation, Recall, Enhancement, Accountability and Documentation) Act after the Firestone/Ford Explorer issues emerged. The act mandates that carmakers closely track tires from the 2004 model year on, so they can be recalled if there is a problem. "

web source : http://www.zebra.com/id/zebra/na/en/index/rfid/faq s/rfid_considerations_specific_industries.html [zebra.com]

Industry abd RFID TREAD :
SNIPPET QUOTE EXCERPT:
"For example, Michelin and Goodyear plan to use RFID to aid their compliance with the Transportation, Recall Enhancement, Accountability and Documentation (TREAD) Act."

web source : http://www.fawcette.com/wss/2003_10/magazine/colum ns/trends/ [fawcette.com]

How effective is reading and logging car tire transmitter chips? 100% effective at highways speeds. Here is a meticulous research PDF paper entitled "Test Report : Single-lane Vehicle identification with UHF RFID"

http://www.ipico.co.za/technology/Whitepapers/Sing [ipico.co.za] le-lane%20EVI%20Test%20Report%2020030618.pdf

And that shows a LOW POWER 4 watt reader at a height of 5.7 meters (18.7 feet) above a passive RFID coil product can read at speeds of 160 km/h for common tollway type RFID. The US feds buy >4watt readers and also use better gear. And the feds have scored the highway surface to embed RFID wires too.

4 out of 5 times this post (first revealed by me in 2001) was rapidly modded to -1 by fbi shills angry at the epson ink info and tire info and explosives tagant info and only two times did it survive the FBI negative modding Slashdot accounts and remain at +2 by the next day. If you like to read RFID facts like this that I BROKE FIRST IN SPRING OF 2001 here on Slashdot, then keep this vital post from getting modded to -1 by idiots that cannot follow links or perform searches for themselves.

Learn and read. Every word in this post is sadly factual. The USA records car traffic on highways into databases for retroactive searches.

You're Safe in My Library (0)

Anonymous Coward | more than 7 years ago | (#15402481)

I am a techie librarian, you can put away your pointy tinfoil hat.

Our RFID tags are write-once-only. Once we've written the tag, it can't be over/re-written. Yes this means we have to throw a tag away if someone writes the wrong thing to it.

Our tags only include the barcode of the item on the shelf. Our library catalog does not allow searching by barcode, so there is no way for an outsider to link the barcode to what the item is short of physically possessing the item.

So, maybe all those other nightmare scenarios have some credence, but I can sleep at night about our RFID implementation, and you can too.

I for one... (1)

sherpajohn (113531) | more than 7 years ago | (#15402497)

welcome our new RFID Tag pirating overlords.

Seriously though - I hope organizations which are implementing this are seriously considering the security risks and implications. Though I fear the people trying to sell them this technology are emphasing the cost-savings and largely ignoring the potential for abuse.

RFID used for the wrong thing (2, Insightful)

Proteus (1926) | more than 7 years ago | (#15402546)

A lot of these problems stem from using RFID as authentication (esp. single-factor) rather than identification.

Most of the good RFID-enabled security measures I've seen essentially use the RFID as a rapid user ID. When I approach a secured door, the RFID says "this is Proteus", and a second device (PIN-pad, hand scanner, etc.) says "ok, prove it". That's much the same as a username/password pair, except cloning the RFID has a higher work-factor than guessing a user ID (e.g. it requires physical proximity and specialized hardware).

That doesn't mean RFID isn't secure. It's just that too many people are using it as magical techno-faery-dust to solve security problems, and that behavior leads to insecurity.

Of course, there are real security issues with certain RFID applications. The DoS that can result from removing/altering the tags is concerning -- makes one wonder why the RFID tag in a library book (for example) needs more data than an unalterable serial number. Can't the readers correlate that number with record in a DB?

Add to that the issue of tracking that comes with things like implantable RFID chips. Yeah, those could just be a serial number. But imagine stores putting RFID scanners in their doorways: they know the ID# of everyone who went in and out of the store, and even if they can't correlate that with your identity, the police could. Now, what if I clone your ID# and rob a store?

Again, though, that's not a problem with the RFID tech, but with an ill-concieved implementation and too much trust. The only security problem with the tech itself is the overwriting/erasing issue.

College Classrooms (1)

azap (949240) | more than 7 years ago | (#15402641)

My College uses these to lock and unlock ALL the doors. The "security monoculture" is a serious issue that people will have to realize, but untill they do thing my get "stoled"
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...