Slashdot Mirror

← Back to Stories (view on slashdot.org)

RFID Personal Firewall

Posted by samzenpus on from the just-for-you dept.

JanMark writes "Prof. Andrew Tanenbaum and his student Melanie Rieback (who published the RFID virus paper in March) and 3 coauthors have now published a paper on a personal RFID firewall called the RFID Guardian. This device protects its owner from hostile RFID tags and scans in his or her vicinity, while letting friendly ones through. Their work has won the Best Paper award at the USENIX LISA Conference."

19 of 58 comments (clear)

  1. Popups. by morgan_greywolf · · Score: 5, Funny

    Oh, great. I can just imagine walking through the mall and then being bombarded by all these popups. "Would you like Macy's to be able to access your RFID tags? [Ok] [Cancel] [X] Always Allow"

    --
    My blog
    1. Re:Popups. by chroot_james · · Score: 4, Funny

      What about "would you like Macy's to have no idea you're stealing their stuff? [yes][no][always][never]"

      --
      Reality is nothing but a collective hunch.
  2. Well... by Steppman2 · · Score: 4, Interesting

    I guess whit officially makes them white-hats, however, I'd still be worried about the ability to spoof a legitimate rfid or steal one and deactivate this firewall. Things that are considered by many to be foolproof make things that much worse when they fall through...

  3. Condoms, anyone? by dotancohen · · Score: 2, Funny

    So these are little electronic rubbers, right?

    --
    It is dangerous to be right when the government is wrong.
  4. Demo Video by AugustZephyr · · Score: 5, Informative

    Video of The Guardian in action: http://www.rfidguardian.org/videos/rfid-guardian-0 250.mov

    1. Re:Demo Video by FinMacCool · · Score: 2, Funny

      Should we trust this guy to protect our RFID chips when he can't seem to protect his underwear by zipping his fly?

  5. Tin foil by Rastignac · · Score: 2, Funny

    That's the only safe protection, for sure.

    --
    -- Rastignac was here.
    1. Re:Tin foil by hey! · · Score: 2, Funny

      Just don't forget to wire the tin foil to a six foot copper stake driven into the Earth. It's a detail that is often neglected by the careless.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  6. Faraday Cage by ParaphiliaNOS · · Score: 2, Insightful

    How much of this RFID traffic is good?  Why not market faraday cage coats and just leave the cellphone in an external pocket?  (Enumerate the GOOD and just ignore the BAD.)

    1. Re:Faraday Cage by Cruise_WD · · Score: 3, Interesting

      Makes sense, since that's a common strategy for dealing with spam: Block anything except emails from a known source.
      That comment just triggered an odd thought in my head... ...in the future, will we look back at spam gratefully, for all the practice it's given us in blocking unwanted intrusions into our systems in a (realtively) benign way? Or does it just demonstrate how easily the majority of people will ignore privacy and real security and make life hell for the rest of us?

      --
      [ cruise / casual-tempest.net / xenogamous.com / transference.org / quantam sufficit ]
  7. Old News by Mike89 · · Score: 3, Funny

    This is either old news, or there is some other reason the website looks like it's from 1996.

    1. Re:Old News by ParaphiliaNOS · · Score: 3, Interesting

      My assumption is either the staff are hardware people or have just prefer the security of static HTML.

      Staff: www.rfidguardian.org/people.html

  8. Re:derivative work by morgan_greywolf · · Score: 2, Funny
    Now Linus Torvalds will write a personal RFID firewall and claim that it is totally original and not based on Andrew Tannembaum's personal RFID firewall... wooo BURN CITY take that groklaw losers!


    And will Tannenbaum back him up this time, too?

    --
    My blog
  9. KISS by khafre · · Score: 4, Insightful

    If people are worried about others reading RFID tags at will, why not add a mechanical switch to the tag that must be pressed for the tag to power up? Just insist on it. If it doesn't have it, it goes in the microwave. Sheesh, add a cheap membrane switch, not a firewall.

    1. Re:KISS by BeBoxer · · Score: 2, Insightful

      Um, cause by design RFID tags have no power source, they rely on an induction current from the reader for power?

      They have circuits in them, and wires. The fact that the power source is external is irrelevant. By your logic, a lamp can't have a switch because it relies on current from the wall for power. DOH!

  10. Attack Barriers by blueZhift · · Score: 4, Interesting

    This reminds me of the anime Ghost in the Shell wherein people use sophisticated attack barriers to defend their cyberbrains from unwanted intrusions. It seems that we are approaching the need for personal firewalls much faster than anticipated driven by the desire of world governments to more closely monitor their citizens as well as consumer desire for more personal electronics. I'd say we probably have only a year or two before implantable cell phones/accessories start making an appearance. Soon thereafter the first viruses targeting those systems will show up. So the personal firewall business should be pretty good.

    --
    To the making of books there is no end, so let's get started
  11. Link to PDF by tttonyyy · · Score: 4, Informative

    For those that want more detail than the videos provide:

    http://www.cs.vu.nl/~melanie/rfid_guardian/papers/ acisp.05.pdf

    --
    biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
  12. But is she hot? by pestie · · Score: 3, Funny

    Yeah, yeah, RFID, mark of the beast, firewall, virus, buzzword... whatever! This is Slashdot, and the important question is whether or not this Melanie Rieback chick is hot. 'Cause everyone knows that hot geek girls are the wet dream of every red-blooded male Slashdotter. And thanks to the magic that is Google, the answer appears to be, "Not bad... not bad at all!"

  13. Tanenbaum's theory is false by crucini · · Score: 2, Informative
    I read Tanenbaum's paper when it came out. One of the soundbites:
    RFID malware is a Pandora's box that has been gathering dust in the corner of our 'smart' warehouses and home.

    This is not true. There is no Pandora's box. Read the paper and you'll see why.

    Tanenbaum and his co-authors exploited vulnerabilities in RFID middleware - the software that connects to an RFID reader. What makes this less interesting is that they wrote the middleware. Yes, they deliberately built in vulnerabilities like SQL injection, then crafted RFID tags to exploit them.

    Tanenbaum's team did not find any weaknesses in any commercial RFID middleware. And their entire premise is flawed. The weaknesses they scanned for, such as SQL injection, are not going to exist in the dominant RFID system, which is EPC. An EPC tag contains a binary number (frequently 96 bits). This bit vector is divided into fields for manufacturer, part number, and serial number. It is binary, not text. There is no way a malformed number could trigger an SQL injection vulnerability.