Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking the RFID Network

Posted by michael on from the ubiquitous-tracking dept.

An anonymous reader writes "The world's largest retailers are developing the EPC Network as the infrastructure for a global rollout of item-level RFID. In many ways this 'Internet of Things' resembles the ISBN system or CueCat's codes-to-content. But the network built for tracking consumer goods could also be used for intangible items: airline seats, music tracks or service calls."

21 of 213 comments (clear)

  1. Sounds like they're working by Anonymous Coward · · Score: 5, Insightful

    on overusing this new system

    Track music downloads and service calls? That's billions of unique items every year. How many items do these RFID tags support?

    1. Re:Sounds like they're working by Big+Smirk · · Score: 5, Informative

      Well, there is 96bits on info on the tag (the 64bit tags are already just about dead). The reprogrammable tags (unsecure) will have something like 196 bits of scratch space. Secure tags are laser programmed. Of those 96bits, some are dedicated to the same functions as the old UPC codes. But you can imagine 48 bits as a serial number. There are various EPC standards proposed that will dictate how many bits are dedicated to each data type.

      --
      TODO: create/find/steal funny sig.
    2. Re:Sounds like they're working by Qrlx · · Score: 5, Funny

      I propose we begin tagging RFID tags with RFID tags, and feed the data into a meta-tracking database.

  2. So this means.... by mboverload · · Score: 5, Funny

    I can track my porn collection internationally?

  3. Airline seats are intangible? by Marxist+Hacker+42 · · Score: 4, Funny

    I knew they could be used as flotation devices- but now they're apparently virtual as well. That explains the problem with overselling flights I guess. They're selling VAPORSEATS (tm) (Patent Pending)

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  4. Since the article summary is cryptic... by GillBates0 · · Score: 5, Informative
    this is what I learnt about the system from a cursory read of the article:

    What they're saying is that RFID can be applied to intangible information - content rather than the physical media - just like ISBN/Library_of_Congress system uses an identifier for a book rather than an instance of it.

    In other words: RFID can be extended to apply to an entire class, rather than instances of it, as is usually done.

    Bet somebody'll mention how this is great for pr0n in the next 5 minutes.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  5. FINALLY by surreal-maitland · · Score: 4, Funny

    at least someone will be able to find my remote control

    --
    -ninjaneer
    1. Re:FINALLY by shut_up_man · · Score: 4, Funny

      Hey, I'm looking forward to be able to type "grep socks".

  6. So what happens .... by taniwha · · Score: 5, Funny
    if I make my own RFID object that pretends to be other stuff .... maybe lots of other stuff ..... ?

    "err sir ... you appear to be stealing an elephant from our store .... err um please turn out your pockets ... wait I was wrong you appear to be carrying the entire housewares department ..."

    1. Re:So what happens .... by hamsterboy · · Score: 4, Interesting
      I work kind of tangentially on my company's RFID products, so I don't know everything. From what I understand, Gen2 tags (shaping up to be the standard) support read, write, and kill operations. Reading can be done by anyone, but writing and killing may have password protection. If the password is not set, anybody can write or kill a tag.

      I'm not sure about security on the password exchange, but with how little thought seems to have gone into the other "standards", I wouldn't be surprised if it was plaintext.

      Hamster

    2. Re:So what happens .... by hamsterboy · · Score: 4, Informative

      Transmission ranges on these things are VERY short. Keep in mind that the FCC regulates how much power you can pump through a reader, and that the tag is powered entirely by this transmission. With an RFID tag mounted to the pricetag on a shirt, you'll be lucky to get 3 feet of transmission. Also, the tag will most likely be killed right after the customer's credit card is charged, so sitting outside the door won't get you any data at all.

      In answer to your first question, fairly difficult. You'd need an active device which listens for a query from a reader, and responds as though it were a tag. Also, the tag is just responding with essentially the same data as a barcode; any code that isn't in the master database in the sky will be ignored. And the readers can handle a large number of tags (read rate for some readers is >1000 tags/sec, and will only get better), so a DoS will be pretty difficult. Not something you'd wire-wrap in your garage.

      Hamster

  7. Their "Object Name Service"... by tcopeland · · Score: 4, Informative

    ...piggybacks on DNS to look up manufacturer info. The spec is here... nifty stuff!

    --
    The Army reading list
  8. And no doubt, trackable. by TyrranzzX · · Score: 5, Insightful

    The major shortcoming of RFID tags is not their rollout in stores, it's that they want to do things like weave them into clothing fabric or hide them so you've got to work to get them out. I don't know about you, but that's a bit excessive. Moreso, the range on the tags is an issue; the tag may be tiny, but you can still get a considerable amount of range out of that, look what's possible with GPS.

    Then we've got the registering everything idea. If we put RFID tags on everything that can go for 100 feet, and if everything has a unique identification code, then the government can ask for a list of which codes are associated with which objcts. Then, as stuff is baught, you swipe through your drivers lisence and a database is updated with what you have. Combine this with bank account data, wifi hotspots on poles that are constantly pinging devices, garbage trucks equiped with rfid scanning technology, and other pieces of information, and you've got one hell of a spying system. All those evil laws the people in power dream of would be possible.

    If there was a law that said the RFID tags could only be put on removable stickers, and must have a range limited to less than 5 feet, then it'd be ok. It's the "weaving them into products" thing that's got everyone upset. Infact, if that weaving thing didn't exist, I think RFID tags would be pretty neat; you could buy a bunch of food and query it through your house, which could download and update a database of recipe's which could be setup on some kind of whacky algoritm that figures out which is going to go bad first.

    The only problem there is that as the chips evolve, we'll be throwing small flash cards on em with advertising or more complicated systems of ensuring produce hasn't been tampered with, which if the laws don't change, will require licensing since you're copying; licensing to eat, not a good thing.

    AS far as tracking people is conserned, we all know of the mark of the beast, and we all know that tracking accounts with rfid tags is just plain stupid. If you're going to track a person, have them wear a wrist band or something; even the guys on star trek didn't have that little pin thingy embedded in their forhead.



    --


    Candy-Coated Knowledge

    1. Re:And no doubt, trackable. by AnodeCathode · · Score: 5, Funny

      As long as we can continue to obtain rolls of aluminum foil without RFID tags, we should be good to go.

  9. intangible: airline seats and japanese children! by sxtxixtxcxh · · Score: 4, Interesting

    http://news.com.com/Japan%20school%20kids%20to%20b e%20tagged%20with%20RFID%20chips/2100-1012_3-52667 00.html

    i, for one, welcome our rfid tagged japanese overlords.

    --
    for a minute there, i lost myself...
  10. Re:intangible: airline seats and japanese children by TyrranzzX · · Score: 4, Insightful

    If there's anything to say about the japanese, it's "wow, they're screwed up". If tagging your kid everywhere they go says something, it says "I don't trust you"; and the longer kids aren't trusted with responsability, the less they will be responsable, and if the world is filled with irresponsable people....

    Dear lord...that'd be one screwed up place...

    --


    Candy-Coated Knowledge

  11. Just how intangible .. by AndroidCat · · Score: 5, Interesting

    .. Are Japanese school children anyway? (Japan school kids to be tagged with RFID chips) Just wait until a stalker hacks that RFID network!

    --
    One line blog. I hear that they're called Twitters now.
  12. A good use for existing RFID tags by Alaska+Jack · · Score: 5, Interesting

    It's my understanding that a common practice these days is to have microships (which I assume to be RFID tags) injected under the skin of pets, so lost pets can be identified even if they're not wearing collars.

    I think a good idea would be to make pet doors that can "learn" to unlock only when certain RFID tags are within 4 or five feet. You could set it for the pets you own, and other pets (and/or other critters) wouldn't be able to get in.

    Also, if your pets didn't have the chips implanted, you could just get a chip on a collar.

    Alaska Jack

  13. Security at the beginning by Blindman · · Score: 4, Interesting

    I'll let the philosophers sort out whether the ability to track every object is a good or bad thing. However, I do know that if this system becomes too pervasive without security, this is going to be a big problem in a hurry.

    I remember a commercial where a shifty guy walks through a store stuffing things in his jacket, and then walks out of the door to be stopped by security. The guard informs him that he forgot his receipt, hands it to him, and sends him on his way. I'm all for putting checkers out of work, but if such an environment existed, it would also be profitable to spoof the system.

    As they are currenly used, I suppose the only profit would be to either disable the tags or somehow make the store think it has already been purchased. That brings me to the next issue. I assume most people have tried to walk out of a store with a purchased tagged item where the checker forgot to take off the tag. It is annoying and embarassing. Imagine if this could happen with every article of clothing that you own because the store database gets screwed up.

    --
    I don't practice what I preach because I'm not the kind of person that I'm preaching to.
  14. Seek and destroy by Hannes+Eriksson · · Score: 4, Interesting

    What would be the easiest way to find and/or destroy an RFID tag? Put your new pullover in the microwave oven for 3 seconds?

    Is there any way to destroy such a tag embedded in electronics? Would it be possible to make the tag a vital part of the electronics in such a way that its destruction would lead to immediate equipment failure?

    Are the signals easy to spoof?

    --
    Geek rants since like... 2000 or something.
  15. Those activists aren't too bright. by Positive+Charge · · Score: 4, Interesting

    Maybe I'm just spoiled being a hardware engineer, but it seems to me that the people who are crying about these RFID tags and privacy are just plain ignorant.

    I can tell you it will be trivially easy to build a jammer for them. Maybe a little harder to build an RF source with enough energy to burn out their cute little itty-bitty diodes. And until they get wise and start putting challenge/responce encryption in them, building a box to spoof them would be a weekend project for your average Radio Shack hobbyist.

    Will someone please educate them about the technology so they can devote their time to something that really matters? (If they want something to bitch about, they can read my blog for ideas.)

    I might just wait until they're manditory in license plates and walk parking lots blowing them all out, (but probably not being a grownup and all.) Perhaps I should have posted as AC just for suggesting it. (Damned Patriot Act bastards.)