Slashdot Mirror
RFID Guardian Protects Your Privacy
An anonymous reader writes "A new device devised by Amsterdam graduate student Melanie Rieback is designed to serve as a portable firewall for RFID tags. The portable battery-powered RFID Guardian uses an access control list to filter RFID queries, blocking queries that aren't approved. Rieback, who is also known for being the first researcher to develop a proof of concept RFID virus, hopes to offer version 3.0 of the RFID Guardian to the public at cost."
You go girl
Is this like some sort of "jacket" you put your already existing RFID card into that blocks signals unless told otherwise, or is it something that would have to be added to new cards?
"I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
So does that mean you could theoretically create a virus that would make all RFID enabled passports identify themselves as belonging to known/suspected terrorists? That would make for a million laughs on April 1...
Support the mob or mysteriously disappear.
this seems to me like they are trying to sweep the flaws of rfid uder the rug.- fix the main system and this wont be needed.
Sigs are too short to say anything truly profound so read the above post instead.
or the radar detector, will this remain legal? Why have an RFID vs. the same info on a barcode, unless the design is to be able to read said info without your knowledge?
We are all just people.
Considering the fact that this technology is so new, why can't we start by making RFID more secure in the purest sense? Today's other article about the "unimportance" of IT in a world without viruses is crazy to discuss when a majority of the world uses inherently insecure systems. Let's lock this one down now before it gets out of control.
Life is rarely fair. Cherish the moments when there is a right answer.
FAggots.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
One of these days, someone should invent something that can convey information like RFID, but not anyone can read it. In fact, make it so that it can be only read when I take it out and present it to the reader, rather than readable by anyone without be uncovering it. That makes sure only those I want can read it, and keeps it safe from being read without my knowledge, much less consent.
I think I have an idea! I'm gonna go patent it now. I'll call it a "barcode"! Yeah, that's the ticket!
"Convictions are more dangerous enemies of truth than lies."
Here's the link to the official RFID Guardian website:
http://www.rfidguardian.org/
RFID Personal Firewall Dec 07, '06
What would really be fun is to have a little credit card sized radio that would play with the various RFID tags it found.
Put it in your pocket and then walk down the aisles of your local WalMart.
Prediction: This device will be made illegal by the US government (in the name of terrorism prevention) in 5..4..3..
Seven puppies were harmed during the making of this post.
I've found an even simpler RFID blocking solution.
Hey, this sounds a lot more convenient than that Faraday cage that I made for my wallet.
The genius part was proving their was a threat, then inventing the solution to that threat.
Fantastic business model.
This is a really interesting device, I wonder if it has some darker uses, though...
Could you use this device to assist shoplifting by having it in your pocket when you walk past the RFID readers at the store entrance? This would effectively block the readers from being able to "see" the RFID security tags on the merchandise.
Depending on how low-cost these devices are (they are planning to sell them at cost, after all), could someone attach one surreptitiously to the bottom of a modern car preventing the RFID tag built into the ignition key from being read, thereby disabling the car?
Here in New Zealand, they recently passed a law requiring that all pet dogs have RFID chips implanted in them. It would be laughable if a small version of this were made which would could be attached to the collar of the dog to effectively disable the RFID chip implanted in them (admittedly I can't see this particular usage being helpful the the dog or the owner in any way, but it is funny to think about).
Other issues:
Since this is a powered transmitting device, it might not be legal to have it turned on while on board an airplane in flight. Since it can't be effective while turned off, it would still be possible to read passports of people in-flight unless protected by some other means (aluminum foil, farraday cage).
Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.
I understand the significance and potential privacy issues connected with RFID tags, but in the larger scheme of things, it seems like a minor threat, and one that wouldn't cause me to lose any sleep at night, at least not yet.
to prE3ict *BSD's
I have a better solution, scrap RFID all together.
... my "kidnap me I'm an American Citizen!" broadcasting passport is arriving any day now.
w _2190.html and understand that Tagum City (where the two American children were kidnapped) is the nearest city from my permanent home and where my son is.
See http://www.travel.state.gov/travel/cis_pa_tw/tw/t
need to scream that Open platform, = 1400 NetBSD provide sodas, won't vote in reciprocating bad Of reality. Keep you need to succeed move any equipment a super-organised faster than this from one folder on getting together to personal rivalries FreeBSD used to long term survival netBSD posts on need your help! *BSD is dying Yet 'first post' during play, this you should bring posts. Therefore Declined in market
It's nice to see that this technology will be available, but I won't be long before it's regulated to the point of uselessness I think. RFIDs are going into too many things, and while 1 metre can be nice covering in some situations, it will be intrusive in others. First off Passports and Drivers licenses of many states carry RFID tags now. I can't imagine customs officials wanting to wait around while you turn off your jamming device or if a police officer would be happy if he tried to read the tag at your car instead of in the patrol car. Further, what if you're standing in line getting groceries and accidentally block the RFID of the person in front of you cause your standing too close. People better take the time to make sure they're set up correctly. A hack that increases the output power will probably be put to use by someone. I guess it boils down to that I don't trust legislators to let me keep my privacy and I don't trust non-technical people to properly set up a technical device.
I saw Melanie's talk at What The Hack in summer 2005, and got to speak with her a little afterwards. That was before the virus made news, but her interests in RFID were in strong evidence. Here's the abstract: program.whatthehack.org Here's video (MP4) of her talk, "Fun and Mayhem with RFID:" rehash.whatthehack.org You can find other videos from WTH at the same site (disclosure: I'm there, too!)
For reasons I can't quite identify, the new Dutch RFID-equipped passports have NO shielding. I kid you not, they're readable from a distance, and no tinfoil in sight.
:-).
Somehow Dutch people don't seem to be entitled to privacy, but this could be a EU directive so I'd be interested to hear from other EU residents.
However, the upside is that it makes accidental damage much more plausible. If you microwave your US passport it'll be pretty clear that it was you, the lack of protection on the passport means that anyone working anywhere near a transmitting dish is going to be able to say "oops, got too close" and get away with it, even though it was in reality a 2 sec microwave visit
(note to wannabee zappers: do it in seconds at a time otherwise it'll burn and be visible..).
On a side note, making a five-finger discount just got easier...
I picture this going on somewhere... "But sir, I didn't want anyone doing haxorz to my IDs, honest... I only forgot the merch was in my jacket."
The reason bar codes are not sufficient is that once they are read, they can be easily copied. The same goes for any static message transmitted by an RFID tag. Also, the database can obviously be corrupted by an evil government or disgruntled worker. If you really want to have a forge-proof solution you will need to implement something like OpenPGP in every passport. I can't wait until the day where politicians and media will have to be careful with their creditability or risk having a significant number of people revoke their certificate... Want people to trust you about the foreign policy? Well lets just have a look at that signature of yours...
I used to work in retail, not all boxes of the same product had RFID on them. We still had to do a visual inventory.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
The reason this device is so complex appears to be
the desire to allow reponses selectively.
Wouldn't it be easier and cheaper to make a simple jamming device?
Say in a small pouch for storing the passport, etc. with even weaker
power so that only 1 foot radius is covered.
When you need to use the passport, take it out of the pouch.