Slashdot Mirror

← Back to Stories (view on slashdot.org)

RFID Injection Required for Datacenter Access

Posted by ryuzaki0 on from the one-way-to-make-sure-we're-working dept.

user24 writes "Security focus reports that RFID injections are now required for access to the datacenter of a Cincinnati company. From the article 'In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access ... although the company does not require the microchips be implanted to maintain employment.'"

16 of 551 comments (clear)

  1. Comrades... by Bananatree3 · · Score: 5, Insightful

    ...and the Comrades marched rank and file into their working facility, while the Big Brother telescreen carefully scanned each implanted chip...

  2. I especially like... by Statecraftsman · · Score: 4, Insightful
    the part about the VeriChip being sucsceptible to scanning and cloning.

    At least, it doesn't need to be cut out to be used by a sufficiently motivated attacker.

  3. Maybe they're right by HeavensBlade23 · · Score: 5, Insightful

    Isn't this what the Christians have been saying was going to happen for the past 20 years now? Of course, it's not the governing that's forcing the chips on people, but it's only a matter of time.

  4. Why? by cgenman · · Score: 5, Insightful

    I'm not understanding the point here. If you inject the RFID chip, you can theoretically track your users wherever they go. But you can't ensure that access isn't being granted to someone who has an RFID chip in their wallet. You are making it slightly harder to steal the data, but you're not making it any harder to clone the chip.

    What's the security benefit to injected RFID?

    BTW, this is the original article.

    --
    The ______ Agenda
    1. Re:Why? by netwiz · · Score: 4, Insightful

      You're not even really improving the security at all. Most of these types of devices get a short burst of RF at the reader which serves two purposes, one to provide raw power for the device (a la crystal radios), and one to signal the device to request it's ID. The device gets just enough power from the input signal to do a lookup and squirt back it's code just before it dies. The trick is, so long as you're willing to wait for someone to use the door, a directional antenna will pick up the conversation nicely. Once you've got a sample of the door's signal (they broadcast continuously), you can use the same directional to trigger the victim's ID unit remotely. Since normal badged users won't have the badge on them at all times, you couldn't get the code by following them in public. The RFID guy on the other hand, well, he's a different story. you could snag codes from him all day by just hanging nearby as he goes in/out of stores, Wal-Mart, etc.

      So in the end, the RFID makes things worse by imcreasing the level of access to the device itself.

  5. Religious Objection by Shky · · Score: 5, Insightful

    Could someone object on the basis of religious discrimination if they believe that RFID implants constitute the "Mark of the Beast"?

    --
    CC Licensed Serialized Story and Podcast: Ingenioustries
  6. This will only last about as long as by zappepcs · · Score: 4, Insightful

    This will only last about as long as the Sony rootkit-like DRM lasted. It now has public attention, and when it is pointed out that the scheme has enough security holes in it to act as a noodle strainer, the number of people who will actually allow the implant will be zero, meaning there will be no one to do any maintenance in the datacenter, and thus the rules will have to be changed.

    For less than they paid for the RFID system, they could have hired someone to log people in and out of the data center. Additionally, I question the validity of a system that restricts access to only those with an implant during disaster situations (fire, flood, and worse) where access rights and needs are rather different than in normal situations.

    Good security costs a lot of money, and you cannot replace the human element in the security chain. The RFID schemes won't prevent anyone following an authorized person into the data center, unless there is physical restrictions that would make working in the data center dangerous during emergencies. In this case, the $10/hour guard is more flexible and cheaper than the high-tech answer, and more respectful of humans in general... or at least I think so

    --
    Support NYCountryLawyer RIAA vs People
  7. Just a marketing gimmick by cyberjessy · · Score: 4, Insightful

    To me this sounds more like a marketing ploy. So that they could go to potential clients and say, "Look we are so secure and futuristic that we need embedded chips in humans to access our critical datacenter!". Client is left stunned.

    IANA American, but I hope that the goverment would do something if this was forced on the employees working in the datacenter. After all, what can this achieve which cannot be done with a retinal scan, RFID tag combo? If the criminal can pass the retinal scan, can't he also pluck the RFID from the employee and stick into his arm?

    Huh..... I would hate it if someone said they are gonna put a chip inside my body. Wait till someone gets hurt and the company gets sued for a million dollars.

    --
    Life is just a conviction.
  8. Re:A milestone by Jafafa+Hots · · Score: 4, Insightful

    Well, there were those number tattoos in the Nazi slave labor camps...

    --
    This space available.
  9. Re:From TFA by Esion+Modnar · · Score: 4, Insightful
    Although the company does not require the microchips be implanted to maintain employment, anyone without one will not be able to access the datacenter

    And anyone who requires access to the datacenter to do their job, such as operators and sysadmins, cannot DO their job unless they get the implant. And if they cannot do the job, how are they expected to maintain employment?

    I suppose the official reason for termination would be "uncooperative attitude." Certainly not "he refused to get chipped." Or maybe the company will concentrate on ways to make the employee so miserable, he just quits. Problem solved.

    --

    They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
  10. Re:A milestone by JabberWokky · · Score: 5, Insightful
    Godwin's Law does not apply when there is a legitimate historical reference to Nazis. I'd say this one actually is a proper and on-topic reference, as there aren't many other cases of forced permanent identification or serialization. I can think of plenty of "mode of dress" and uniform enforcements, but no other examples of permanent body modifications that mark specific individuals.

    --
    Evan

    --
    "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
  11. Sounds like a publicity ploy by gad_zuki! · · Score: 4, Insightful

    We all know that this won't increase security, but now this surveillance company can use this in all their advertising and PR. "Sure, you can go with the other company but they arent half as serious as we are. We put bloody implants into our employess! That's serious!"

    Its harmless except for Joe and Jane Datacenter who have to go in for some minor surgery on the weekend to keep their jobs. I hope this "Golden Casino" mentality stops right here after these people get exposed for the dumbasses that they are. Hell, even in the article they did not know the weaknesses of RFID authentication.

    I woulndt doubt if this was 100% publicity stunt. I wonder how many people even have to access the datacenter. Depending on the company size it could just be one or two people. Of course all the executives, security, etc will have the old keycards that will work just fine.

  12. Re:Escalation by tftp · · Score: 4, Insightful

    Don't worry, nobody is going to take your arm (it's too large to carry.) The chip is not that deep, so a small incision with a sharp boxcutter will allow the attacker to pull the capsule out. He only may need to explore a bit (with that knife) around the needle scar :-( Chances are very good that you will survive, especially if the attacker knows how to avoid major blood vessels, and if the knife is clean, and if you don't need that arm that much. Just choose your attackers carefully and check their medical diplomas before they do it to you.

  13. Re:uh, no. by netwiz · · Score: 4, Insightful

    Okay, but what's the metric here? "Unsafeness?" How "unsafe" is getting an RFID implant? Is it then safe to assume that if something was sufficiently risk-free, that a potential employer could get away with making the employee submit to their wishes? How far might that go? And most importantly, who's deciding what's unsafe, and where's their money come from?

  14. Re:Don't panic by Somegeek · · Score: 4, Insightful

    I don't think the CIA is going to want thier agents permanantly broacasting a message that says 'hey I work for the CIA' to anybody that has the desire and technology to listen.

    --
    And as you tread the halls of sanity, You feel so glad to be, Unable to go beyond. I have a message, From another time..
  15. Wait, isn't this worse security? by Rakishi · · Score: 5, Insightful

    Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication. When contacted, those at CityWatcher were unaware of the chip's security issue, according to the spychips.com release.

    So before I needed to get close to an object (whatever had the rfid tag) which under normal circumstances an employee would not be carried around (say they were going home or something) or could have it in a reader blocking case. Now, I simply need to get close to an employ anywhere at any time to copy their data.

    Fucking brilliant, now I can steal their tag without anyone ever knowing, whereas before they'd know it was gone in a reasonable amount of time (I'd have to steal the physical object most likely).