Slashdot Mirror
RFID More Hackable Than Retailers Think?
Iphtashu Fitz writes "Lukas Grunwald, a senior consultant with DN-Systems Enterprise Solutions GmbH, is warning retailers that the RFID technology that they are quickly adopting can easily be hacked with the appropriate tools. Grunwald has written a program called RFDump which lets you read and display all metadata within an RFID tag and also modify the user data using a text or hex editor. He wrote this program to demonstrate how consumers can protect themselves by wiping out RFID data after purchasing a product but he acknowledges that it would be trivial to abuse this behavior. What, you might ask, can you do if you hack an RFID tag? Well as the technology is adopted more widely a thief could conceivably mark down the price of an expensive piece of jewelry before paying for it at an automated checkout counter, underage hackers could purchase alcohol or adult movies, and pranksters could simply reprogram the inventory of an entire store by just walking up and down the isles. 'The people who will be using this (shopkeepers) don't know much about technology,' Grunwald warned."
They don't do the price, they do a product code. The product code is read in at the checkout counter and compared to the database to get the price. same with barcodes currently being used.
In addition each rfid has a unique number, which cannot be changed. If the store wanted to they could record thoses individual numbers instead of the product code and that would solve the problem. However that would be a major problem, since instead of having a single product code for 1000 items you now have to store thoses 1000 item in the database.
In order to write data to the tag you needed to know a 64bit number that was programmed into the tag. The standard didn't say how you set that number; that was policy reserved to the tag programmer. But in order to have a write command accepted, you needed to match the previously programmed number.
So if commercially deployed tags really are generally writeable it is more of an administration problem (like leaving telnet enabled on public facing servers) than a failure to consider the problem at all.
"Oh, yeah, we have it."
I get there, and it turned out they didn't have it. They had an AC Adapter.
A clerk who cannot tell the difference between something that lets you go on the internet and something that plugs into the electric socket will be easily fooled by the RFID swap. Even if someone DOES check your bag, do you think "Joe Walmart" is really going to be acute enough in his observation to recognize that you've got the high end ATI card, and not the 9600? Doubtful.
It'll be great to watch Wal-Mart reap the fruit of the seed they've sown - lost merchandise, lost profits, etc. And it's quite fitting that this really has nothing to do with RFID, but their unwillingness to go the extra mile to spend a few more bucks to get employees who know what they are doing.
FeliCa chips are already in SuiCa cards which have been used for paying train toll fees for awhile now. RFID is also already used in the US - EZPass for automatically paying highway tolls in the New England area, I-Pass for Illinois, and Im sure other states have similar technologies that are the same. Unlike disposable RFIDs on grocery items, FeliCa chips are more expensive, so it can use more secure technology such as encryption.
There's no sane reason why RFID should have a feature added that would allow wireless re-writes. It costs more and it only adds a security issue. RFDump doesn't overwrite data stored in any RFID. It's just a spreadsheet program, and of course it can modify the data in the spreadsheet cells, but it's not changing the data stored in the original source! Note that on RFDump's webpage itself, they claim that it only works with RFID READERS - that is, it can't MODIFY the source RFID data. RFDump can import RFID data to a computer, and change the RFID data within the computer's memory - no RFID chip modified! RFDump can't do that. But apparently it's good enough for creating a hyped up CNet article. I think CNet is only covering RFID obsessively because it's a buzzword and it can bring in alot of eyeballs to their website - that's why they like to write so many super-exaggerated RFID articles.
It's simple. instead of using the expensive reprogrammable rfid tags you use the cheaper PROM rfid tags.
you set them once and they stay that way forever.
The story is nothing but high brow FUD.
not all RFID tags are the rewriteable type. most are the single write read many variety. and nothing is to stop a manufacturer like coke from ordering their rfid tags preprogrammed. not every can of coke needs a different tag. (just like hoe they dont have different barcodes on them.
Do not look at laser with remaining good eye.
From what the submitter had mentioned, he thought it would be possible to reprogram RFID tags to use to cheat a SCO...I'm not really sure about how the RFID stuff works, so I can't really say much about that, however, I do know a bit about the SCO's.
Some SCO's (namly those by ACM/IBM) have a secondary server that handle the interactions with the cash register controllers (sometimes called the BOSS server). They have a 'security profile' that lets a SCO learn pieces of information about an item (dimensions, weight, that kinda thing) and if the item doesn't match a security profile, it'll kick it back, until a cashier scans their card to get it to learn the item.
Other SCO's use a weight-based system. I'm not totally sure if the scales weigh all items and go from item to item specifically, or from item to item just to see if the item's been placed in the 'bagging' area (if not a pass around item).
A properly set-up SCO won't allow things like this anyway. Really, nothing more than barcode switching.
I disable sigs...do you?