Slashdot Mirror
RFID More Hackable Than Retailers Think?
Iphtashu Fitz writes "Lukas Grunwald, a senior consultant with DN-Systems Enterprise Solutions GmbH, is warning retailers that the RFID technology that they are quickly adopting can easily be hacked with the appropriate tools. Grunwald has written a program called RFDump which lets you read and display all metadata within an RFID tag and also modify the user data using a text or hex editor. He wrote this program to demonstrate how consumers can protect themselves by wiping out RFID data after purchasing a product but he acknowledges that it would be trivial to abuse this behavior. What, you might ask, can you do if you hack an RFID tag? Well as the technology is adopted more widely a thief could conceivably mark down the price of an expensive piece of jewelry before paying for it at an automated checkout counter, underage hackers could purchase alcohol or adult movies, and pranksters could simply reprogram the inventory of an entire store by just walking up and down the isles. 'The people who will be using this (shopkeepers) don't know much about technology,' Grunwald warned."
Is it possible to make RFID write once read many? So the product info is in the tag, and price/special/discount is cross-referenced with a database.
Is there any advantage for embedding prices in the tag?
Uselessful technology (Air-Charged
Why not simply store only a cryptographically secure (signed) random unique value on the tag itself, and keep all the other data somewhere else that all the legitimate readers are connected to?
With a simple database, this is not a problem, since it is computationally infeasable to forge a signature like that.
I don't think it's on the web yet but it describes how some RFID tags work (all of them? Some? I dont' know).
Here's a summary:
The scanner basically gets all the RFID tag info from all the tags at once, on the same frequency, which as you can imagine creates a lot of noise. In order to find out what tags are in the area, you have do a binary search. First ask all the tags that have a 1 in the first digit of their serial numbers to reply. Then the ones with zero. Then all of the "10's", the "11"'s, etc. And so on down the line, pruning empty subtrees as it goes, until it knows all the nearby RFID tags.
The article described a custom RFID tag that just always responds to all serial numbers. Tying up the scanner for 1^64 (or is it 1^64 factorial?) iterations of the algorithm (forever, basically).
Pretty neat. I will definitely be carrying one of those in the future. "Hey, whenever that guy comes in the store, all our inventory disappears"
The fact, that relabelled barcodes are quite good to spot even for an untrained eye.
Reprogrammed RFID-Chips are not to spot without the proper equipment. And if you use the self checkout lane, there is no one to spot anything except the machine which is programmed to look solely at the RFID chips.
A way to prevent some misuses would be to ask the customer to scan at least the bar code too, so the check out machine can do a match between the RFID information and the bar code information. But THEN your argument holds true that the fraudulent customer could also relabel the good before going to the check out. A label scanner is not able to difference between a printed on bar code and a bar code that got stuck on by someone.
Having done some research into metal detectors for -ahem- covert operations some years ago, I can assure you that there are ways and means within the scope of home build.
Supermarkets would just love to ban people from bringing in mobile phones, palmtops, laptops in standby mode, and all the other gadgets that create background RF noise, wouldn't they? The whole object is to make it look as if you can just walk in, load up and walk out.
Panurge has posted for the last time. Thanks for the positive moderations.
Says who? Most, if not all, of the larger grocery stores (at least, up here in Canada) have self-checkout stations, where you scan your own purchases and pay for them all by yourself.
Unless there's a problem getting a particular item to scan, you can go through the whole process without speaking to a store employee once.
If you're going to go changing the bar codes, though, you can't make it too obvious; they might clue in that the $25 package of steaks should not be scanning in as $0.49 green onions.
"I don't get it." -- ObviousGuy
Also, the self checkout lines double check your items by weight. So if you scan your steaks as onions, it's going to see that your steaks weigh a lot more than the onions should and notify the person on duty.
I am working on an RFID client project at my company. There are read-only tags and read-write tags. The read-write tags can also be locked on a per-byte basis so that those bytes can never be written to again. Believe me, the system can be secured.
/.'er that dissed Walmart's technology because of his experience with their sales people is pretty myopic. I'm definitely no fan of Walmart--last time I stepped into one was about 10 years ago--but their distribution system is incredibly efficient. In 1993, their gross sales were $USD244 Billion. The U.S. GDP was 10.98 Trillion, so if my math is correct, their sales amounts to 2.2% of the U.S. GDP. That is a lot of inventory for a single company to move around the world. Of course, they have 3rd party distributors that bring in a lot of their products, but they still have to keep track of that as well.
By the way, the
For mass retailers like Walmart, RFID will work much better than barcodes and it will probably be first implemented in the distribution system, not the sales system. One RFID tag will keep track of a single shipment lot, case, box, whatever.
RFID tags will NOT replace barcodes in the forseeable future. But they can accomplish some things better than barcodes so they will coexist.