Slashdot Mirror
RFID Explained
SecurityFocus has a nice column summarizing the last year's worth of stories about RFID. Of course, you, diligent Slashdot reader, have read about many of these already. But for your slacker friends that need an RFID education in one easy-to-digest article, here you go.
and the only way to defend ourselves is with an electromagnetic pulse, our only defense against sentinel tags.
Isn't Wal-Mart adopting it?
Comment removed based on user account deletion
But for your slacker friends that need an RFID education in one easy-to-digest article, here you go.
Oh, you mean the slacker friend who didn't spend his Friday afternoons reading frivilous websites, who managed to get that promotion instead of me. I'll forward him the link.
Anyone who has used an RFID-based security pass card knows that they are easily shielded. Placing your RFID-secured product in an discreetly shielded bag would render the product nonexistant from RFID-probing security. I hope store that use it to augment theft security don't get lazy and think its unbeatable.
*watches walmart become target of infinate number of home made EMP devices
On the other hand, this will prevent people from theft, and quite possibly lower costs, or raise stock value, either way, someone benifets
And if you look closely, and RTFA, its the same one as Security Focus. From the author's name, right down to the '©SecurityFocus.com' at the bottom of the article.
http://thechubbyferret.net - Ferret pictures and informative links.
"Of course, you, diligent Slashdot reader, have read about many of these already"
Read? No. Commented about? Yes!
While these chips sound very interesting at first, there are obvious privacy concerns. I'm not very comfortable knowing that someone with a portable transceiver could tell exactly how much cash I have in my wallet or what items I just purchased at the store. Criminals could also use this to determine what expensive items were hidden under the back seat of your car before they decide to break your window. The possibility of having RFIDs in my shoes is quite disturbing. I don't want to be tracked everywhere I go.
How susceptible are these tiny units to small EMP charges? If you drive by a high power radio tower, are the chips in your shoes going to start smoking? While this technology is interesting, I hope it goes no furthur than a replacement for barcodes.
The same thing is happening today. I'm here to tell you that the bar code's days are numbered.
When DigitalConvergence 's CEO and entrepreneur extraordinaire J. Jovan Philyaw hears about this, he'll start making free RFID scanners (CueDogs?) before you know it.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Yes...this always comes up anytime some story regarding chips underneath skin. But it doesn't sound too difficult to slip a RFID tag underneath a hand or forehead.
Sounds an awful lot like this.
These RF tags are perfect for tagging clothes, as the blurb pointed out. But an even more sinister use than tagging clothes is tagging the people who wear the clothes. And I'm especially referring to a certain kind of person:
Slavery is alive and well in this country, and I'm not referring merely to rhetorical or political slavery, but actual slavery. Women from foreign countries, particularly southeast-Asian countries are flown to America and promised low-paying but normal jobs performing menial labor or housecleaning services, but when they arrive, they discover to their horror that the real purpose is to prostitute themselves for the financial benefit of their masters. These women (and even children) are trapped, since they don't speak English, don't have the money to fly home, and don't have the physical or mental stamina to escape their tormentors after so much abuse.
How is this relevant to RF tags? Think of how much easier it would be to kidnap people from airports if all you needed to do was wander around with a small device, picking up the signals from the tags embedded in clothing given to the erstwhile immigrants back in their home countries. No longer would there have to be complicated networks of international communication -- they'd just have to agree on a certain range of serial numbers (of which there are trillions, as the article points out), hand out "free" clothes to people boarding the plane at departure, and sit back while agents at the US airports haul in the "goods".
This never would've been possible if we'd stuck to normal barcodes -- it's simply impossible to read barcodes surreptitiously. And since criminals are always the first to adopt new technologies for these devious purposes, it's only a matter of time before it comes to an airport near you, Thirteenth Amendment be damned.
I think Congress should mandate that any product which contains an RFID tag must be clearly labelled as such, and the store must provide you the option of disabling the tag before leaving the store (perhaps a certain device you walk through or something?)
Products that have RFID tags only in the packaging could be exempt, since those tags don't stick with the product.
Natural != (nontoxic || beneficial)
Everyone freaks out about RFIDs, but I remain in the camp that these could be really cool, as long as consumers (ok, geeks) figure out how to control them (by burning them out or just finding the darned things and removing them from unwanted places, like the back of a Yugo [1])
/fridge:
/.s email garble today : Email
Ever lose your cell phone and have someone call it so you could find it? Imagin being able to do that with any random item? superglue a RFID onto it, and walk around with a semi-portable RFID scanner. OK, not as great due to the limited range of the things, but you could pretty easily determine if the keys were under the couch or not.
Now, the sucky thing will be if (when) manufacturers build RFIDs into places that you can't get to without destroying the item or voiding the warranty.
So, we need an opt-out method for RFIDs, which may be as simple as a way to find the lil' bastards and plier them flat, but beyond the scare, there's promise:
telnet homenetwork : fridgeport
Brr! it's cold in here [45F]! Can I have your username?
> JoeBachelor
And your password?
> gotb33r?
Welcome to your Refridgerator/Freezer system!
>cd fridge
>ls
Directory of
Beer/
Beer/Shiner Bock (1)
Beer/MGD (5)
Condiments/
Condiments/ketchup package (13)
Condiments/mustard package (2.5)
Condiments/SoySauce package (1)
Condiments/Unidentifiable (5)
Condiments/mayonnaise (1) (warning: use-by-date 5 months expired!)
Vegetables/
Soda/
Coke (.5)
Mountain Dew (4)
non-caffeinated/
ActualFood/
lunchmeat_ham (1) (warning: use-by-date 1 week expired!)
cheese_cheddar (2) (warning: use-by-date is tommorow!)
End of directory. No healthy food available.
>man healthy
Sorry, you need to install the Mother or Health-Conscious-Girlfriend modules for these extensions
>make food
Unable to make food. Stop.
>exit.
Goodbye.
see?!!!!! see! this is my vision!
unrelated, I'm worried about
GriffJon@[ ]mail.com ['Hot' in gap]
hot in gap? what does that imply?
[1] That's a "Mall Rats" reference, for the rest of you.
Returned Peace Corps IT Volunteer
ok, so in the first part of this article the guy says
"When a transponder receives a certain radio query, it responds by transmitting its unique ID code, perhaps a 128-bit number, back to the transceiver. Most RFID tags don't have batteries (How could they? They're 1/3 of a millimeter!). Instead, they are powered by the radio signal that wakes them up and requests an answer."
Later he throws in this little paranoia bit about "Do you really want your car's tires broadcasting your every move?" What's that about? He knows they don't "broadcast" and that you'd have to be within several feet to monitor. You already have a frickin license plate on your car, so who cares? The good side of that is that you could prove that your tires were now living on someone else's car when they were stolen...
And in that line of thinking, how long will it take for commercial "scanners" to come around, so you can locate the chip and neutralize it? It just seems that people are freaking out about security when in reality, people can already track everywhere you go anyway. How many people out there use cash exclusively? No one I know. I can't WAIT for the day when I just walk out the door with a cart full of stuff and it's automatically taken out of my checking account. that would well be worth someone being able to count how many hammers I buy in a month.
You missed something. They are not exactly like bar code tags. Here you go:
They are like bar code tags, except that they are scanned by electromagnetic sensors through your clothing/belongings possibly without you knowing, and carry enough bit-depth to uniquely identify your specific item (serial number), rather than visible lasers at checkout counters, which can only identify the type of item it is, not exactly which specific item it is.
As you can see, it's a bit more complicated than you would have us believe.
They are exactly like bar code tags, except they are scanned by electromagnetic sensors, rather than lasers
Brilliant! Consise! Wow.
And a newspaper is EXACTLY like radio, except you recieve it with your eyes, instead of with a tunable RC network with optional FM demodulation.
To ensure perfect aim, shoot first and call whatever you hit the target
shoes, pants, tires, body in shields whenever I leave my house? After the doctors spent all that time convincing me to take off the tin foil suit, you're telling me to put it back on?
For anyone who is interested in looking more at this area and has a Linux box....
For more info and then Download it here
If you want to build an RF-ID lab you need some cash to get tags and readers but this would help with the theory.
An Eye for an Eye will make the whole world blind - Gandhi
You'll find the summary of this Business 2.0's story on Smart Mobs. And on my blog, you can find two other stories about RFIDs, Bye-Bye Bar Codes? and The Eerie Possibilities of RFID Tags.
yea i stole your sig- whats the big deal, it sucked anyway.
I can't WAIT for the day when I just walk out the door with a cart full of stuff and it's automatically taken out of my checking account.
The thought of my wife doing that scares the living shit out of me.
1D barcodes store only a reference number that can be used to indicate WHAT TYPE the product is.
And EPC stored on a tag tells you exactly WHICH product it is, and from that you can map its whole supply chain if it is all connected.
If you'd said 2D and 3D barcodes you'd have been more accurate, but those still can only be read one at a time.
RF-ID tags can be read thousands at a time and identifiy exactly which items you are dealing with. It is definately different but not by definition something to be paranoid about.
An Eye for an Eye will make the whole world blind - Gandhi
Lighten up. I can't shop at Walmart because I still have all of my teeth, but the cost savings alone (retail inventory every 6 months is expensive in a big store) will make the ROI appealking to managers everywhere.
I can feel the prices dropping now. I also can't wait until Walmart starts putting MY employers out of business, in addition tothe thousands of other small-scale employers that they've already nuked.
To ensure perfect aim, shoot first and call whatever you hit the target
They have many good potential uses (retail stores would never have to do inventory again, which, speaking from experience, is a nightmare.), but there is a GREAT chance of misuse. Unlike barcodes, RFID tags can be updated, and changed. A great example of this is the movie Minority Report, in which the stores know Tom Cruise's character by name, and know what he has purchased (and attempt to interest him in accesories.) What I see as the first, and immediate problem for consumers is returning products. Wal-Mart will know that they sold you a product and if you try to return the SAME product, only purchased from a different store (such as a gift that you are unsure where it came from), they could refuse to accept the return by stating it did not come from their store. Great for the Wal-Mart bottom line, bad for the consumer.
Can RFID tage be deactivated? Once the product is purchased, is the tag still active or can the store "kill" it?
Yes it can be killed. In fact, stores have a good reason to do so, since that way they can tell the difference between an item that has been purchased and one that has been stolen. (Unless the thief has a device to deactivate tags, of course, but casual shoplifters wouldn't).
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Am I the only one sick of "privacy" being used as an argument? It reminds me of "won't someone think of the children." The Constitution/Declaration of Independance do not stipulate privacy.
I'm beginning to think that privacy is costing us too much. If we had access to a plethora of medical information, perhaps we could do some data mining and identify some patterns that would benifit us more than we can imagine.
I'm trying to remember WHY I want all this privacy, why it's so impoartant my purchases be private, who is it I'm afraid of them knowing that I bought a copy of "swank" magazine. I guess if I was a politcian I wouldn't want people to know some things, but I'm just a pretty average citizen, I don't need someone else protecting my privacy.
Maybe an employer would do a backround check and find something - but if they won't hire me becuase of some obscure piece of information, maybe I don't want to work there. Perhaps I'm the kind of person who doesn't really have something like that to hide... it seems the only people concerned about privacy are trying to hide something. Now I'm beginning to ramble...
M@
Krispy Cream is people
I am on the other side of this argument: RFIDs are actually good for the consumer, and there is little financial incentive for retailers to do anyting too big brotherly with RFID data; here's my older /. post on the matter.
However, I've had yet another thought recently, one that I haven't heard in any RFID discussion; I am currently in Hong Kong, home of the wondrous Octopus Card an RFID-based smart debit card. Octopus is used for every transit system in the HK metro area, and is increasingly used by retailers to pay for small transactions. Now, actual use of the Octopus rocks: you don't have to take it out of your wallet/bag/briefcase, just swap the whole thing over the reader; you can get an Octopus chip implanted in things other than a card, e.g. the back cover of a Nokia phone, etc.
But one other feature is very cool: an Octopus is anonymous. Anonymous as in cash: you can buy an Octopus and charge it with cash and it does not get traced back to you. There's the potential of RFIDs to actually enhance your privacy by reducing the overhead of certain transactions, and that's pretty big in my book.
I guess it's kind of the same thing as GSM SIM cards: yes they can be used to trace you --both phone-record-wise and location-wise via E911 services-- but you can also go to a shop and pay cash for a cell and a pre-paid SIM and you're online anonymously. There are two sides to every coin...
Um, how exactly did bar codes change Big Brother's powers dramatically? Only for bar codes was 1984 a significant year, not for RFIDs.
Okay, pretend I just robbed a bank (or people robbed a bank who were associated with the RFIDs on the car I was driving), THEN went driving in the country side, THEN broke down. ;)
(your faith in cellphones is disturbing! Or maybe you get better service than I do.
So Johnny law is hot to get their hands on me, but RFIDs don't do them any good.
What they CAN do is build up over a long perioud of time a limited account of where I go- if my car passes through a Toll Booth, that is. However if I travel the backroads, the would have to trace my credit card purchases. But what if I use cash? They have RFIDs in the bills. But HOW fine grain can they trace that cash? Some random guy cashes his friday paycheck, then gives a waitress a $5 tip (Cheap bastid!), which she then uses to get into a punk rock show, which is then used to pay back a local heavy for a loan, which is then given to the Church collection plate, which is then used to pay me back for the supplies I got for the church picnic (assuming they'd even want to be associated with me)... So I've got this bill that can't really be traced to me, per se.
From the RFID "trace" that's left, there was some money cashed on a friday, spent next week three states away, and the guy who cashed it never left.
SO my conjecture is that Credit Cards and ATM withdrawls are a far more effective means of tracking someone's habits. I understand my example doesn't mean using RFIDs won't be effective, but I think the privacy concerns are a little out of proportion. I welcome any better examples.
In the future, I would want to not be isolated from my friends in the Space Station.
could work on stuff like jeans, tires and shoes, but are you going to EMP your new MP3 player? How about your new watch? Your PDA? Think of any other electronic device you might want to carry with you on the bus. Of course a notebook with Wi-Fi can track you by mac address (theoreticaly), and mobile phones already have GPS locators built in that the government can track you with. My Panasonic Duramax was on of the last phones made without it, and people (the phone company) are begining to call it dated.
The preceding post was not a Slashvertisement.
But each of your points apply to today's technology.
Moore's law tells us range will increase, size and cost will decrease, storage will increase, etc. etc.
So the sky isn't falling today - but tomorrow - that's another story.
Just microwave your clothed for 15 seconds before the first time you wear them. :)
-Chris
-- This sig is only a test. If this were a real sig it would say something witty. --
Think of it this way... you will be able to go to a bar with your trusty wrist watch RFID scanner, go up to a pretty girl and be able to tell that yes indeed she is wearing a thong, one of those frilly kinds, no bra, her purse contain three condoms, ribbed, and a lubricant plus she has a Palm with bluetooth.... I could go on but it is hard to type with one hand....
You will have to pry my proprietary software $$$ from my cold dead hands!
I'm no expert on RFID tags, but it seems that the signal they emit must be fairly faint if it is only a modified echo of the transmitted query. For passive tags, this means their emission can be no stronger (and in reality must be far weaker) than the strength of the query signal when it reached the tag. Transmitted through three dimensions, my college physics course tells me that these signals drop off proportionally to the inverse square of their distance -- and for RFID, whose query signal must be bounced back without additional power, the distance would have to be double that from interrogator to tag. And then we'd have to factor in the unavoidable inefficiency in the tag itself.
So the signal is going to be faint. Why can't we carry around a jammer? It wouldn't have to be very complicated to function quite elegantly -- it could passively monitor RFID query broadcasts and automatically reply with misleading noise. Since it can measure the signal strength of the query, it could use its own power source to magnify its response by, say, 20%. It seems that should be enough to drown the response from any tag in one's clothing, driver's license, or other effects. A switch could allow the user to disable it when he wants RFID signals to get through -- to have the cashier ring up his purchase, for example.
I can't imagine that the power requirement for extended usage would be that steep -- active (powered) RFID tags theoretically function for 10 years or longer. The circuitry, too, seems like it would be fairly trivial. I'd guess that they wouldn't be significantly more costly to produce than regular AA battery cases. Maybe they could even function for years on the juice of a button battery, and fit the form factor of a credit card.
So why doesn't CASPIAN or anyone else against RFID privacy violations mass-produce these things and sell them online for a couple bucks? I'd grab one just for the coolness factor, and I'm sure lots of privacy advocates would use them too. It'd certainly protect the privacy of anyone using one, and by making the collected data less reliable, even those without would indirectly benefit.
It wouldn't interfere with non-retail uses of RFID tags, since there is a specific spectrum range reserved for retail use -- something like 1.25-8.64mHz. And by introducing a degree of randomness into marketers' data, general trends (governed by the Central Limit Theorem) could still be deduced, whereas individual data points would be significantly less reliable. Hence, the data would be quite useful for tailoring goods to what most people want (a good thing) without allowing individual-level violation of privacy.
Read the Fucking ID??
The war with islam is a war on the beast
The war on terror is a war for peace
Don't RFID tags have a range of just a few feet. It would be cool to put tags on my remote, keys, cell phone etc, then just walk around the house with a scanner each time I lose something. Anyone know how much a home scanner and tags would cost?
http://www.windmeadow.com/
As a real security professional (i.e. one that does not go around screaming that the sky is falling) and as someone who has worked with RFID for the military and for civilian uses (mainly Post Offices) for over six years, I find your article makes a number of glaring omissions that would allow any sensible human being to make a rational judgement about this technology.
You are a black pot, and to top it all off the kettle is orange.
Omissions: 1) Range verses size. Very basic issue. The smaller it is, the closer you have to be to it to pick up the signal. For a small passive tag we are talking inches (3-4 feet max). In order to track something from 200 yards (maximum range currently in use), you need an active tag (i.e. with a battery) and it has to be the size of a beer mat. I think you would notice it in your jeans. The signal generator in this case is also a non-trivial device. It is the size on a lamp-post and weights in excuss of 30Kg. Hardly PDA attachment material.
If your experience is as you claim it, I can only conclude that you are intentionally lying. There is no inherent, physics based limitation of "a few feet" to how far these tags can be read: to read the tags from further away, all one needs is a better receiver. Your statement assumes that a newer, better receiver will never be invented or brought to market. Doesn't the NSA do quite a bit of work already on picking up radio signals at a distance?!?
2)Storage area on the device is tiny. For the small passive devices you are referring to the storage area is less than 1Kilobyte. Not much space for your medical records here.
A KILOBYTE? Tell me, chum, how long is an IP address? A MAC Address? An IPv6 address? A 1 Kilobyte serial number is pretty damn big.
3)The logic associated with the tyre scenario. The association of the vehicle number and the tyre would not be stored on the tag. There is no space, and Read/Write tags are much more expensive (and larger). Easy to overwrite also. So for your big brother is watching scenario, you would need to replace every lamp-post on every highway with a signal generator, have assess to the database that cross-references your vehicle ID with the tag ids, and be able to monitor all of the signal generators in real-time to see what was happening.
OK...so...what's the problem? You don't think Big Brother has mastered the fine art of the database? Or a simple message passing network? It's not even as expensive as all that, as you wouldn't really need one for each lamp post, just one for each 'path'. One at the freeway entrance, one at each exit and the same for residential blocks - one at each end. Maybe, on freeways, a few here and there at mile markers and such.
It really seems intentional that you're overlooking the obvious -- that's not a typical trait of a "security professional".
I'm glad you posted that because I was wondering if you could just protect yourself by "tag spamming". Purchase a whole bunch of tags (like 500 or so) and have them sewn into something always with you, such as a wallet. And you would never have to worry about Nike or the Gap or WalMart tracking you because they'd have absolutely no idea what clothing or products you actually have.
I'd love to see the look on the guys face when he scans someone and it reports that he has on his person a set of Bridgestone tires, 13 brands of CD players, 2 refrigerators and about 1000lbs worth of miscellaneous food and clothing items.
Active tags have a long range, Passive tags have a short range. Its Legislation that limits readers to 4watts in the US and 0.5 in Europe, not to mention other elements that make UHF RF-ID not feasible in Europe (channel hoping can't be done).
The tags that Walmart will use will be passive as they cost alot less.
An Eye for an Eye will make the whole world blind - Gandhi