×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RFID Guardian Protects Your Privacy

CowboyNeal posted more than 6 years ago | from the don't-look-at-me dept.

Privacy 65

An anonymous reader writes "A new device devised by Amsterdam graduate student Melanie Rieback is designed to serve as a portable firewall for RFID tags. The portable battery-powered RFID Guardian uses an access control list to filter RFID queries, blocking queries that aren't approved. Rieback, who is also known for being the first researcher to develop a proof of concept RFID virus, hopes to offer version 3.0 of the RFID Guardian to the public at cost."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

65 comments

Go Cowboy! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#18982021)

You go girl

Back-compat? (1)

Constantine XVI (880691) | more than 6 years ago | (#18982039)

Is this like some sort of "jacket" you put your already existing RFID card into that blocks signals unless told otherwise, or is it something that would have to be added to new cards?

Re:Back-compat? (2, Informative)

KillerCow (213458) | more than 6 years ago | (#18982165)

Is this like some sort of "jacket" you put your already existing RFID card into that blocks signals unless told otherwise, or is it something that would have to be added to new cards?


It is an active, selective jammer for existing cards.

Re:Back-compat? (3, Informative)

Sowilo (970468) | more than 6 years ago | (#18982239)

Is this like some sort of "jacket" you put your already existing RFID card into that blocks signals unless told otherwise, or is it something that would have to be added to new cards?

From TFA:

Eventual plans call for the Guardian to be incorporated into cell phones and PDAs, but the current model is a pocket-sized device that runs on its own battery and provides a circular 1m field of control over RFID tags, jamming any tags that the user does not want read.

TFA goes on to explain exactly how it does it, but in a nutshell it has an internal list of RFID tags along with what it should do for each tag - block everything, only allow certain readers to access it, etc. If it's not allowed, then it blocks the RFID tag's response by jamming the signal.

But since it works by detecting and jamming the signals sent, and not by any physical connection or link to the RFID tags themselves, it should function with any pre-existing RFID tag.

Re:Back-compat? (1)

asills (230118) | more than 6 years ago | (#18987269)

Not quite.

It only works with 13.56Mhz tags and only a not very widely used air protocol. This device requires intimate knowledge of the air protocol used to communicate with the tag. It must know exactly which frequencies the tag will communicate back on in order to function.

The health care market is using 13.56Mhz tags, but they're not using the air protocol her device uses, so it won't know where to do the jamming. The consumer goods market isn't currently tagging on a per-item basis, but when they do get there it'll be 900Mhz tags using the EPC Gen2 standard (at least in the US), which does not use such a predictable frequency hopping mechanism. Her device won't be able to selectively jam only certain frequencies and will likely have to be even more noisy (jam the whole 900Mhz range? doubtful).

Re:Back-compat? (3, Funny)

wizzahd (995765) | more than 6 years ago | (#18982665)

It's a hat, duh. Do you realize how long it would take to make a tin foil jacket??

Re:Back-compat? (0)

Anonymous Coward | more than 6 years ago | (#18985299)

RTFA man!

Re:Back-compat? (1)

RfidShield (1017494) | more than 6 years ago | (#19054235)

No, this is an active jamming device, and as the other readers indicate, may only work at a particular frequency or communications protocol. However Smart Tools offers an RFID Shield - a passive device that prevents your RFID card from being detected or communicating, and is independent of frequency or protocol. There's info and a picture at: http://smarttools.home.att.net/rfshield.htm [att.net]

proof of concept RFID virus (3, Funny)

bulliver (774837) | more than 6 years ago | (#18982041)

So does that mean you could theoretically create a virus that would make all RFID enabled passports identify themselves as belonging to known/suspected terrorists? That would make for a million laughs on April 1...

Re:proof of concept RFID virus (3, Informative)

apathy maybe (922212) | more than 6 years ago | (#18982303)

Here http://en.wikipedia.org/wiki/RFID#Viruses [wikipedia.org] is a nice little bit, and a link to the original article. http://arstechnica.com/news.ars/post/20060315-6386 .html [arstechnica.com]

ArsTechnica links to http://www10.nytimes.com/2006/03/15/technology/15t ag.html?_r=5&th&emc=th&oref=slogin&oref=slogin&ore f=slogin&oref=slogin [nytimes.com] and to the real original webpage http://www.rfidvirus.org/index.html [rfidvirus.org]

Basically, it uses buffer over flows to insert nasty code into a computer. The RFID chips contain the code and when read exploit problems in the reader. You can use commercially available tools to write your own RFID chips. Have fun.

Re:proof of concept RFID virus (1)

bulliver (774837) | more than 6 years ago | (#18990059)

Thanks for the links. Despite the guy who modded me funny, it was a serious question

why? (2, Insightful)

wizardforce (1005805) | more than 6 years ago | (#18982077)

this seems to me like they are trying to sweep the flaws of rfid uder the rug.- fix the main system and this wont be needed.

Re:why? (3, Insightful)

maxume (22995) | more than 6 years ago | (#18982735)

This isn't about sweeping something under the rug. It is about RFID coming whether you want it or not and having a straightforward way to avoid many of the issues that it is coming with.

Like encryption (2, Interesting)

Original Replica (908688) | more than 6 years ago | (#18982079)

or the radar detector, will this remain legal? Why have an RFID vs. the same info on a barcode, unless the design is to be able to read said info without your knowledge?

Re:Like encryption (2, Insightful)

The Cisco Kid (31490) | more than 6 years ago | (#18982701)

Well, in the retail environment, the point is to be able to read them without touching each individual item. Inventory audit your warehouse, ring up an entire cart of stuff without having to pick it all out and set it on a convery and scan it one by one.

There are plenty of legitimate uses for RFID. But I would agree it should always be used transparently, and once an item is yours, you should be able/allowed to remove the tag. (Note that passports, I beleive remain property of the US and are just issued to you for your use. The only reason I can figure the RFID is more desirable is perhaps it is harder to forge, since any fool can print a barcode)

Re:Like encryption (3, Insightful)

Anonymous Coward | more than 6 years ago | (#18983191)

Well, in the retail environment, the point is to be able to read them without touching each individual item. Inventory audit your warehouse, ring up an entire cart of stuff without having to pick it all out and set it on a convery and scan it one by one.

Another big retail selling point is to set up scanners at doors and set off an alarm if an item passes through that is allegedly still in the store's inventory. You can bet retail chains will lobby against Guardian and similar technologies.

...not that the FCC would ever approve the device to start with.

Re:Like encryption (3, Interesting)

JFitzsimmons (764599) | more than 6 years ago | (#18984613)

It is harder to forge but not because of some stupid restriction like "the stuff is harder to get". Any fool can write a RFID tag with quite reasonably priced equipment as well. The security actually comes from the cryptographic hash of the digital data also on the RFID tag. Therefore, if the digital data matches the physical printing of the data, and the cryptographic hash checks out, then you have within a good degree of certainty that the passport is legit. Of course, who knows if the secret hashing algorithm has been leaked or not, but that's a totally different concern.

With that said, a wireless technology is completely stupid for this sort of application. Any official checking a passport is going to be physically handling it anyway, so what's wrong with requiring a physical connection, like that in a smartcard?

Already insecure? (1)

iknowcss (937215) | more than 6 years ago | (#18982085)

Considering the fact that this technology is so new, why can't we start by making RFID more secure in the purest sense? Today's other article about the "unimportance" of IT in a world without viruses is crazy to discuss when a majority of the world uses inherently insecure systems. Let's lock this one down now before it gets out of control.

Re:Already insecure? (2, Insightful)

Dunbal (464142) | more than 6 years ago | (#18982255)

why can't we start by making RFID more secure in the purest sense?

      You want RFID security? Ok that's simple. DON'T USE IT. Otherwise, it's not secure - by its very nature.

Re:Already insecure? (1)

iknowcss (937215) | more than 6 years ago | (#18982347)

I'm inclined to agree with your point. RFID is not a fun thought. Let's hope and pray it never becomes a requirement in daily life as computers seem to be going.

Twofo GNAA (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#18982091)

FAggots. [twofo.co.uk]

                        GNU GENERAL PUBLIC LICENSE
                              Version 2, June 1991

  Copyright (C) 1989, 1991 Free Software Foundation, Inc.
          59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.

                                Preamble

    The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.

    When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.

    To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.

    For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.

    We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.

    Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.

    Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.

    The precise terms and conditions for copying, distribution and
modification follow.

                        GNU GENERAL PUBLIC LICENSE
      TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

    0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.

    1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.

You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.

    2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:

        a) You must cause the modified files to carry prominent notices
        stating that you changed the files and the date of any change.

        b) You must cause any work that you distribute or publish, that in
        whole or in part contains or is derived from the Program or any
        part thereof, to be licensed as a whole at no charge to all third
        parties under the terms of this License.

        c) If the modified program normally reads commands interactively
        when run, you must cause it, when started running for such
        interactive use in the most ordinary way, to print or display an
        announcement including an appropriate copyright notice and a
        notice that there is no warranty (or else, saying that you provide
        a warranty) and that users may redistribute the program under
        these conditions, and telling the user how to view a copy of this
        License. (Exception: if the Program itself is interactive but
        does not normally print such an announcement, your work based on
        the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.

In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.

    3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

        a) Accompany it with the complete corresponding machine-readable
        source code, which must be distributed under the terms of Sections
        1 and 2 above on a medium customarily used for software interchange; or,

        b) Accompany it with a written offer, valid for at least three
        years, to give any third party, for a charge no more than your
        cost of physically performing source distribution, a complete
        machine-readable copy of the corresponding source code, to be
        distributed under the terms of Sections 1 and 2 above on a medium
        customarily used for software interchange; or,

        c) Accompany it with the information you received as to the offer
        to distribute corresponding source code. (This alternative is
        allowed only for noncommercial distribution and only if you
        received the program in object code or executable form with such
        an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.

If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.

    4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.

    5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.

    6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.

    7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.

It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.

This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.

    8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.

    9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.

    10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.

                                NO WARRANTY

    11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

    12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

                          END OF TERMS AND CONDITIONS

                How to Apply These Terms to Your New Programs

    If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

    To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

        Copyright (C)

        This program is free software; you can redistribute it and/or modify
        it under the terms of the GNU General Public License as published by
        the Free Software Foundation; either version 2 of the License, or
        (at your option) any later version.

        This program is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
        GNU General Public License for more details.

        You should have received a copy of the GNU General Public License
        along with this program; if not, write to the Free Software
        Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:

        Gnomovision version 69, Copyright (C) year name of author
        Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
        This is free software, and you are welcome to redistribute it
        under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:

    Yoyodyne, Inc., hereby disclaims all copyright interest in the program
    `Gnomovision' (which makes passes at compilers) written by James Hacker.

    , 1 April 1989
    Ty Coon, President of Vice

This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

The advance of technology. (4, Insightful)

osu-neko (2604) | more than 6 years ago | (#18982101)

One of these days, someone should invent something that can convey information like RFID, but not anyone can read it. In fact, make it so that it can be only read when I take it out and present it to the reader, rather than readable by anyone without be uncovering it. That makes sure only those I want can read it, and keeps it safe from being read without my knowledge, much less consent.

I think I have an idea! I'm gonna go patent it now. I'll call it a "barcode"! Yeah, that's the ticket!

Re:The advance of technology. (2, Insightful)

Dunbal (464142) | more than 6 years ago | (#18982223)

nvent something that can convey information like RFID, but not anyone can read it. In fact, make it so that it can be only read

      You've just hit on the essential limitation of cryptography. Make up your damned mind, do you want people to read it, or not?

      If _someone_ (ie the GOOD guy) can read it, then AUTOMATICALLY the BAD guy also can read it - IF he manages to figure out the algorithm. QED. There is no more. Everyone who tries to sell you an idea where ONLY the "GOOD guy" can read it is talking out of his ass. Look at DRM, etc.

Re:The advance of technology. (1)

Original Replica (908688) | more than 6 years ago | (#18982579)

umm, How can the bad guy read my barcode if I don't take it out of my pocket. You can't stand behind me in line and read the barcode in my passport. You can't make a device to read the barcodes on the licenses of other people in the elevator. But RFID is ripe for this. It's not a matter of cyptography, it's a matter of easy, obvious, physical control of the information.

Re:The advance of technology. (2, Insightful)

cybereal (621599) | more than 6 years ago | (#18982947)

Have you ever looked at a credit card and noticed how nearly every one has visibly obscured the numbers?

An ancient theft attack vector is photography. Your bar code would be even easier to steal than a credit card number.

Don't underestimate the thieves.

Re:The advance of technology. (1)

The Cisco Kid (31490) | more than 6 years ago | (#18982649)

The whole point of RFID for some applications is to be able to read them without physically sighting every one.

For instance, store inventory. Walk down an aisle with an RFID reader - 5 minutes to a perfect count. Walk down the same aisle, with a barcode scanner, and scan every item one at a time - many hours, if yer lucky.

Re:The advance of technology. (2, Interesting)

sneezinglion (771733) | more than 6 years ago | (#18982893)

The whole point of RFID for some applications is to be able to read them without physically sighting every one.

For instance, store inventory. Walk down an aisle with an RFID reader - 5 minutes to a perfect count. Walk down the same aisle, with a barcode scanner, and scan every item one at a time - many hours, if yer lucky.
Actually you made a mistake,it is 5 minutes to a perfect count, but only a perfect count of the rfid chips......It still does not tell you how many of the product is actually on the shelves.

Very valid point (1)

Khyber (864651) | more than 6 years ago | (#18990969)

I used to work in retail, not all boxes of the same product had RFID on them. We still had to do a visual inventory.

Re:The advance of technology. (0)

Anonymous Coward | more than 6 years ago | (#18983757)

The smart thief can simply remove the chip and leave it hidden on the shelves, and if everyone assigned to inventory is as foolish as you it's never reported missing. On a completely unrelated note, where may I ask do you work?

Re:The advance of technology. (1)

Lumpy (12016) | more than 6 years ago | (#18982801)

In fact, make it so that it can be only read when I take it out and present it to the reader, rather than readable by anyone without be uncovering it.

go to your kitchen, cut 2 pieces of heavy duty aluminum foil to fit the inside of your wallet, put it in your dollar bill section.

All done, wallet closed, RFID reader will NOT read it unless it is shoved in your butt crack. open wallet and remove card, it's readable.

100% free, and works. Better would be to have a wallet made of RF shielding material. no "high tech" "firewall" needed.

Re:The advance of technology. (2, Insightful)

plover (150551) | more than 6 years ago | (#18984329)

Barcodes aren't the greatest answer, as they are vulnerable to spoofing.

Imagine two barcodes that look like this:

| || |l| || |11| | |||
12345

and this:

| || || |l| |11| | |||
12345

Both look like barcodes (please forgive the characters used to dodge the lameness filter.) Both have HRIs (human readable interfaces) beneath them. But one is a forgery, and actually scans to the value 13245. Unless the person with the barcode scanner is actively verifying the numbers match (or is verifying other aspects of the document) the forgery is just as good to the laser beam as the original.

The RFID tags are at least harder to forge, but provide weaker security in that they can be intercepted or surreptitiously read. Contact-based chips (a la Smartcards) would have been the best choice in terms of security, but probably much more costly in terms of hardware maintenance of the readers (cleaning, static electricity, etc.)

That's all I had to say, but the lameness filter is making me add extra lines to make up for the junk characters. Perhaps I should have switched more bytes to exclamation points or ones or lower case Ls, that probably would have helped make up the difference. I suppose the wonderful ascii artists of the past few years have frightened Slash code into assuming that any graphic is too graphic.

RFID Guardian Website (3, Informative)

achillean (1031500) | more than 6 years ago | (#18982111)

Here's the link to the official RFID Guardian website:

http://www.rfidguardian.org/ [rfidguardian.org]

Re:RFID Guardian Website (0)

Anonymous Coward | more than 6 years ago | (#18982589)

Dumbass. We don't want a link to the product. We want a link to the cute geek chick [cs.vu.nl] who invented it!

Why oh why does she have to be wearing a big, bulky, form-hiding winter coat in that photo? :)

What would really be fun (2, Funny)

eric76 (679787) | more than 6 years ago | (#18982155)

What would really be fun is to have a little credit card sized radio that would play with the various RFID tags it found.

Put it in your pocket and then walk down the aisles of your local WalMart.

Re:What would really be fun (2, Funny)

eric76 (679787) | more than 6 years ago | (#18982363)

To elaborate a bit, suppose a store used the RFID tags to ring up purchases at the store.

Your RFID reader would read various tags while you walk down the aisles of a store. Then, while you are near the checkout line, it would transmit them to a reader (it would have more distance than a passive tag) and provide the ids it read to the reader as if it were a tag. Someone standing in line to buy $25 worth of purchases would find the store rang it up to include two or three tvs, stereos, a dozen pairs of shoes, ..., adding up to several thousand dollars.

They would, I assume, notice that something was wrong and might have to ring them all up several times before you move away and they get the correct value.

Re:What would really be fun (1)

ExFCER (1001188) | more than 6 years ago | (#18983101)

Brilliant...Truly. Copyright this idea now and sue the performance artist that makes a mint with world wide downloads of a hit single.

I mod you... +1 insightful.

Betcha (1, Redundant)

Dunbal (464142) | more than 6 years ago | (#18982159)

Prediction: This device will be made illegal by the US government (in the name of terrorism prevention) in 5..4..3..

Re:Betcha (2, Informative)

plover (150551) | more than 6 years ago | (#18984061)

They don't have to. It's already illegal to use one for shoplifting [justia.com] in Minnesota, and I assume that most states have similar laws. All they have to do when they find one in your pocket is accuse you of trying to shoplift. Not only is the device itself pretty strong evidence, but you get 3 bonus years in jail if you're convicted.

Better than a Cage (0)

Anonymous Coward | more than 6 years ago | (#18982249)

Hey, this sounds a lot more convenient than that Faraday cage that I made for my wallet.

Genius! (5, Insightful)

homebrandcola (983781) | more than 6 years ago | (#18982309)

The genius part was proving their was a threat, then inventing the solution to that threat.

Fantastic business model.

Re:Genius! (0)

Anonymous Coward | more than 6 years ago | (#18982993)

Proving their what was a threat?

Interesting (and not so legal) uses for this... (4, Insightful)

PAjamian (679137) | more than 6 years ago | (#18982431)

This is a really interesting device, I wonder if it has some darker uses, though...

Could you use this device to assist shoplifting by having it in your pocket when you walk past the RFID readers at the store entrance? This would effectively block the readers from being able to "see" the RFID security tags on the merchandise.

Depending on how low-cost these devices are (they are planning to sell them at cost, after all), could someone attach one surreptitiously to the bottom of a modern car preventing the RFID tag built into the ignition key from being read, thereby disabling the car?

Here in New Zealand, they recently passed a law requiring that all pet dogs have RFID chips implanted in them. It would be laughable if a small version of this were made which would could be attached to the collar of the dog to effectively disable the RFID chip implanted in them (admittedly I can't see this particular usage being helpful the the dog or the owner in any way, but it is funny to think about).

Other issues:

Since this is a powered transmitting device, it might not be legal to have it turned on while on board an airplane in flight. Since it can't be effective while turned off, it would still be possible to read passports of people in-flight unless protected by some other means (aluminum foil, farraday cage).

Re:Interesting (and not so legal) uses for this... (1)

cdrguru (88047) | more than 6 years ago | (#18982623)

1. Nobody is using RFID for store inventory control. They use far simpler resonators that are cheaper.

2. Not sure, but most cars aren't using RFID. They use something sort of like RFID but not RFID.

What's wrong with just using a wideband jammer, something like a spark-gap transmitter? It would block all radio signals within a one or two mile radius and completely solve any radio frequency problems.

Re:Interesting (and not so legal) uses for this... (1)

timmarhy (659436) | more than 6 years ago | (#18983763)

1. you don't know what your talking about - walmart use it for crying out loud. 2. you don't know what your talking about - if it's a chip powered by RF that id's itself when near a reciever, then's RFID.... wideband jamming? you do realise that takes more power then a couple of aa batteries can supply, and it is also going to result in the local authorities investigating who took out the local FM/AM channels and other radio channels and putting your arse in jail for a long time.

Re:Interesting (and not so legal) uses for this... (2, Informative)

plover (150551) | more than 6 years ago | (#18984223)

I assume the GP meant to say it this way: "Nobody is using RFID exclusively for inventory control" which is a correct statement. 'Inventory control' is the retailer's phrase meaning "shoplifting detectors", and if all you're interested in is stopping shoplifting, resonance tags (Checkpoint, et al) are a fraction of the price of RFID tags. All the stores using RFID that I'm familiar with are using it for much more than inventory control: logistics and transportation, warehousing, stock replenishment, and point of sale. (Although I will agree that Walmart's use has been focused primarily on high-value shoplifted items such as Gillette razor refills.)

And not all chipped car keys use RFID. Some keys use the Dallas Semiconductor 1-wire technology, and require electrical contact to work. They can't be jammed by this little device.

Re:Interesting (and not so legal) uses for this... (1)

sgt_doom (655561) | more than 6 years ago | (#18990479)

Citizen PAjamian, you've immediately spotted the points of vulnerability:

Great way to frame somebody - be it for murder or crimes Against The State.

[The Carlyle Group - major RFID manufacturer and supplier]

[Tommy Thompson, Republican candidate for the US Presidency who says: "All Americans should be microchipped."]

Big Bad Wolf? (0)

Anonymous Coward | more than 6 years ago | (#18982587)

I understand the significance and potential privacy issues connected with RFID tags, but in the larger scheme of things, it seems like a minor threat, and one that wouldn't cause me to lose any sleep at night, at least not yet.

Ep.?. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#18982681)

to prE3ict *BSD's

Won't last long (1)

wesley78 (1086999) | more than 6 years ago | (#18984533)

It's nice to see that this technology will be available, but I won't be long before it's regulated to the point of uselessness I think. RFIDs are going into too many things, and while 1 metre can be nice covering in some situations, it will be intrusive in others. First off Passports and Drivers licenses of many states carry RFID tags now. I can't imagine customs officials wanting to wait around while you turn off your jamming device or if a police officer would be happy if he tried to read the tag at your car instead of in the patrol car. Further, what if you're standing in line getting groceries and accidentally block the RFID of the person in front of you cause your standing too close. People better take the time to make sure they're set up correctly. A hack that increases the output power will probably be put to use by someone. I guess it boils down to that I don't trust legislators to let me keep my privacy and I don't trust non-technical people to properly set up a technical device.

Melanie @ WhatTheHack (3, Informative)

gbnewby (74175) | more than 6 years ago | (#18984813)

I saw Melanie's talk at What The Hack in summer 2005, and got to speak with her a little afterwards. That was before the virus made news, but her interests in RFID were in strong evidence. Here's the abstract: program.whatthehack.org [whatthehack.org] Here's video (MP4) of her talk, "Fun and Mayhem with RFID:" rehash.whatthehack.org [whatthehack.org] You can find other videos from WTH at the same site (disclosure: I'm there, too!)

With the new Dutch passports this is a MUST (0)

Anonymous Coward | more than 6 years ago | (#18985219)

For reasons I can't quite identify, the new Dutch RFID-equipped passports have NO shielding. I kid you not, they're readable from a distance, and no tinfoil in sight.

Somehow Dutch people don't seem to be entitled to privacy, but this could be a EU directive so I'd be interested to hear from other EU residents.

However, the upside is that it makes accidental damage much more plausible. If you microwave your US passport it'll be pretty clear that it was you, the lack of protection on the passport means that anyone working anywhere near a transmitting dish is going to be able to say "oops, got too close" and get away with it, even though it was in reality a 2 sec microwave visit :-).

(note to wannabee zappers: do it in seconds at a time otherwise it'll burn and be visible..).

Other questionable benefits? (0)

Anonymous Coward | more than 6 years ago | (#18985609)

On a side note, making a five-finger discount just got easier...

I picture this going on somewhere... "But sir, I didn't want anyone doing haxorz to my IDs, honest... I only forgot the merch was in my jacket."

Web of trust for passports? (2, Insightful)

BlueParrot (965239) | more than 6 years ago | (#18987183)

The reason bar codes are not sufficient is that once they are read, they can be easily copied. The same goes for any static message transmitted by an RFID tag. Also, the database can obviously be corrupted by an evil government or disgruntled worker. If you really want to have a forge-proof solution you will need to implement something like OpenPGP in every passport. I can't wait until the day where politicians and media will have to be careful with their creditability or risk having a significant number of people revoke their certificate... Want people to trust you about the foreign policy? Well lets just have a look at that signature of yours...

Firewall vs jamming (1)

Tungbo (183321) | more than 6 years ago | (#18992037)

The reason this device is so complex appears to be
the desire to allow reponses selectively.

Wouldn't it be easier and cheaper to make a simple jamming device?
Say in a small pouch for storing the passport, etc. with even weaker
power so that only 1 foot radius is covered.
When you need to use the passport, take it out of the pouch.

Re:Firewall vs jamming (1)

jimrob (1092327) | more than 6 years ago | (#18999435)

Wouldn't it be easier and cheaper to make a simple jamming device? Say in a small pouch for storing the passport, etc. with even weaker power so that only 1 foot radius is covered. When you need to use the passport, take it out of the pouch.

Yes... some type of device to disable the RFID unit. Perhaps some type of button... one which would turn it off when not in use?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...