Slashdot Mirror
The Trouble with RFID
wintermute42 writes "Simson Garfinkel, author of Practical Unix & Internet Security along with Gene Spafford and Alan Schwartz,
has an article in The Nation on RFID tags. They're not just for tracking stuff. They can track you too."
This has been discussed. RFID-tags can be designed to withstand such treatment (shielding plus decoupling the antenna in overload situations). Besides, even if it worked it wouldn't save you: RFID tags will be embedded in things which you don't want to fry because you would destroy the useful function as well (_anything_ with electronics, your watch for example).
Just off the top of my head Its probably quite difficult. All the RFID chip is doing is responding to an outside pulse and using the pulses energy to respond back. You would need a fairly, powerful EM (electromagentic) source to fry the thing which aren't too easy to get access to. It probably wouldn't be too clever if you wearing it as well. (unless of course you believe that mobiles phone transmitters aren't bad for you either)
:-)
Interestingly though i doubt many RFID tags would stand up to a hot wash, plenty of water with detergent and a big motor as an EM source nearby driving it might well fry it... Dunno the thought just occured to me - anyone got any ideas how physically tough the chips are?
The best way would probably be to have a big magnet at home or maybe move to a house under a supergrid power line
There are things we know we don't know and things we don't know we don't know. - Donald Rumsfeld
you are forgetting much of the ways this can be used.
small rfid collectors can easily be installed all over an area and YES a rfid can be read from farther away if the reader is designed to do so. I did it with prox-cards that are rfid access cards at work.. I can get a 5 foot read range without any difficulty.
read EVERY rfid passing by point A and B searching for a specific number is easy (the rfid in the bvd's the target is wearing... wow he hasn't changed them in 3 days!) and we can digitally collect your habits.
and I can easily get almost EVERY rfid number you have by installing a reader near your home.
none of these need to transmit, just simply collect the data and I can download and parse at my leisure. the reader can be made as small as a kids' lunchbox and easily hidden to erad a 5 foot range, I'm beting that if I used more current electronics and DSP chips I can make one that will reade most every rfid in a 15 foot radius, taking multiple reads while you stand there for a couple of seconds.
It's easy to do, and only takes a moderate EE to do it.
My understanding, based on earlier articles that have been posted on this website, is that the RFID tags are specifically built to withstand these sorts of problems.
They disconnect their antenna if they sense a surge to protect their circuitry.
And it makes sense -- if you're using these for tracking merchandice, you wouldn't want some shoplifter taking the RFID equivalent to a tazer with them, shorting out the RFIDs, and then walking out with your product.
(personally, I didn't see anything new from this article than any of the other articles posted before on the subject. I don't think there have been particular suggestions of targeting window shoppers, but the general proximity issues have mentioned repeatedly before)
Build it, and they will come^Hplain.
This group, CASPIAN - Consumers Against Supermarket Privacy Invasion and Numbering has information on RFIDs including Auto-ID: Tracking everything, everywhere. The group is also against loyalty shopping cards for similar reasons.
One of the high street stores in the UK (Marks & Spencer) has just completed a pilot test at one of its stores. Worryingly the Department for Trade and Industry actually subsidised the scheme, even more worrying was of the 50 people who were intereview about RFID no one seemed to care or be aware of the technologies issues.5 5,39118147,00.htm
The scheme used intelligent tags that "hold just the number unique to each garment. When scanned against an M&S database, the tag would only give information related to the product's size, style or colour." Check out the full story at http://www.silicon.com/software/security/0,390246
There are things we know we don't know and things we don't know we don't know. - Donald Rumsfeld
Maybe now, but think down the road a few years. You have an RFID tag in your jacket, shoes, pants, cellphone, carkeys, and wallet. You walk by a sensor, and it ties all thoes things together.
Sure, you change clothes, but what about your phone? What happens when you wear the same pair of shoes with different clotes? The data warehouse ties that serial number in with your profile and builds a profile of all the items you own. There's not an easy way to eacape that.
I work in datawarehousing. We have a system that processes about a billion transactions a day. Each record is far mor complex than than a simple RFID and station ID. We also tie multiple records together into transactions. The scenaro above could be very real.
"Drug related crime" is a misnomer, "prohibition related crime" is the more accurate and correct phrase.
"You're thinking about this all wrong. Take off your tin-foil hats, nobody really wants to 'track' you."
So, totally unlike the inroads that have been made with pinpointing the location of mobile phones?
It doesn't take a genius (note: I don't mean you) to figure out that it's not the application of something that matters, but the possible application, and given that corruption exists, and the ability to track will exist, someone will use it.
Hell, just go take a look at how much tracking has infiltrated the internet from the early days of relative anonymity; historically the people with the ability to do tracking have tended to just do it.
Oddly Draconis
Too cynical to live, too stubborn to die.
I talked to one of the runners last year about it and we were laughing over the story. we also have a lot of ham radio operators in the city who broadcast results as they're anounced; i'm wondering what's next with RFID. Will hardcore athletes just have permanent chips in their bodies? Or will they be embedded in the sneakers?
"I'd say 'Have a good time,' but arson is still illegal.
As well as RFID jamming technology being in development, the makers of the tags themselves want to find a decent compromise, such as a kill command.
As a third-party public warehouse, my company is constantly looking at technologies to streamline the process of receiving, storing, and shipping material for our customers. Currently we receive inventory to our docks in two ways: 1. Material is received at the dock and put away in location by warehousemen. They record exactly what came in on a form and turn it in to the office staff who enter the information into the database. This relies on the warehouseman to count the material correctly, fill out the form correctly, then for the office staff to enter the data correctly. The system works, but there are many opportunities for data entry errors. One misread, miscount, mis-type and the data is bad. 2. Material arrives at the dock and barcodes are scanned. The data is uploaded to the system without any human interaction besides the original scan and a later check against the Bill of Lading that came with the load. Much better than the first method, but it comes with its own issues. For one, if the material is put into location, stacked high off the ground, reading barcodes for inventory purposes can be problematic. Also, it relies on a good quality barcode. A lot of our material arrives after long truck/train rides with the material rubbing and jostling against its neighbor resulting in many unreadable barcodes. RFID is the next logical step for us. For the material to cross from the truck/train to our dock and be read by an RFID reader without the warehouseman having to aim a laser at a possibly unreadable barcode would be nice. The customer would also be able to follow that particular RFID all the way from manufacturing through the distribution process. I understand privacy concerns, but in regard to the logistics industry I see RFID as a positive thing.
It's scary how much misinformation and FUD is spread around concerning RFID. The company I work for deals in it among other things. Reading tags isn't that easy, proximity is important. You can't just walk around with a scanner and scan the tags at even 20 feet or so without major difficulties. Too many tags in one area and they don't work right either as multiple signals screw things up. People seem to hear about the concept and they remember articles like this from people who really don't understand the limits of the technology. I like my privacy as much as the next person, but with it's limitations I see RFID far less of a threat than just about anything else. As mentioned in another post, it's how the equipment is used that's a problem, not it's existance.
As a sidenote, nearly every system I've seen intended for sales related uses kills the tags at the register when the item is sold by design. It's intended to help with inventory and keep theft down. If you stop and think, stores don't want to piss off consumers, and nothing pisses people off more than invading privacy.
Given what a microwave does to a light bulb, I'd expect it would be pretty useful in destroying electronics. Note that a burnt-out lightbulb will still glow in a microwave, and for this reason I doubt that simply disconnecting the antenna from the RFID circuit will have any effect since the whole circuit will be getting irradiated. Also, don't forget to have the clothes in a pyrex pan full of water or something- unless you want there to be a burnt hole in the garment where the RFID tag was.
pi = 3.141592653589793helpimtrappedinauniversefactory7
http://www.aimglobal.org/technologies/rfid/resourc es/articles/jan04/0401-roispy.htm
And please take special note of the scanning of RFIDs on drivers licenses while you are still in your car....
--*--*-- The Eagle sneers at the Peacock
In the U.S. it is against the law to own/operate a device whose sole purpose is to interfere with communication across the radio spectrum. The obvious exceptions are the military and other govt. agencies. I think that the "jammer" would violate the law. However, if the jammer wasn't really a "jammer" but a device that would generate a localised EMP pulse, you could permanently disable the tag. That oddly wouldn't land you in jail, as they would have to prove that the tag wasn't "broken" and that you did it.
To know is to have knowledge....to understand is to be enlightened.