Slashdot Mirror

← Back to Stories (view on slashdot.org)

RFID Guardian Protects Your Privacy

Posted by CowboyNeal on from the don't-look-at-me dept.

An anonymous reader writes "A new device devised by Amsterdam graduate student Melanie Rieback is designed to serve as a portable firewall for RFID tags. The portable battery-powered RFID Guardian uses an access control list to filter RFID queries, blocking queries that aren't approved. Rieback, who is also known for being the first researcher to develop a proof of concept RFID virus, hopes to offer version 3.0 of the RFID Guardian to the public at cost."

13 of 65 comments (clear)

  1. proof of concept RFID virus by bulliver · · Score: 3, Funny

    So does that mean you could theoretically create a virus that would make all RFID enabled passports identify themselves as belonging to known/suspected terrorists? That would make for a million laughs on April 1...

    --
    Support the mob or mysteriously disappear.
    1. Re:proof of concept RFID virus by apathy+maybe · · Score: 3, Informative

      Here http://en.wikipedia.org/wiki/RFID#Viruses is a nice little bit, and a link to the original article. http://arstechnica.com/news.ars/post/20060315-6386 .html

      ArsTechnica links to http://www10.nytimes.com/2006/03/15/technology/15t ag.html?_r=5&th&emc=th&oref=slogin&oref=slogin&ore f=slogin&oref=slogin and to the real original webpage http://www.rfidvirus.org/index.html

      Basically, it uses buffer over flows to insert nasty code into a computer. The RFID chips contain the code and when read exploit problems in the reader. You can use commercially available tools to write your own RFID chips. Have fun.

      --
      I wank in the shower.
  2. The advance of technology. by osu-neko · · Score: 4, Insightful

    One of these days, someone should invent something that can convey information like RFID, but not anyone can read it. In fact, make it so that it can be only read when I take it out and present it to the reader, rather than readable by anyone without be uncovering it. That makes sure only those I want can read it, and keeps it safe from being read without my knowledge, much less consent.

    I think I have an idea! I'm gonna go patent it now. I'll call it a "barcode"! Yeah, that's the ticket!

    --
    "Convictions are more dangerous enemies of truth than lies."
  3. RFID Guardian Website by achillean · · Score: 3, Informative

    Here's the link to the official RFID Guardian website:

    http://www.rfidguardian.org/

  4. Even simpler blocker by noidentity · · Score: 5, Funny

    I've found an even simpler RFID blocking solution.

  5. Re:Back-compat? by Sowilo · · Score: 3, Informative
    Is this like some sort of "jacket" you put your already existing RFID card into that blocks signals unless told otherwise, or is it something that would have to be added to new cards?

    From TFA:

    Eventual plans call for the Guardian to be incorporated into cell phones and PDAs, but the current model is a pocket-sized device that runs on its own battery and provides a circular 1m field of control over RFID tags, jamming any tags that the user does not want read.

    TFA goes on to explain exactly how it does it, but in a nutshell it has an internal list of RFID tags along with what it should do for each tag - block everything, only allow certain readers to access it, etc. If it's not allowed, then it blocks the RFID tag's response by jamming the signal.

    But since it works by detecting and jamming the signals sent, and not by any physical connection or link to the RFID tags themselves, it should function with any pre-existing RFID tag.
  6. Genius! by homebrandcola · · Score: 5, Insightful

    The genius part was proving their was a threat, then inventing the solution to that threat.

    Fantastic business model.

  7. Interesting (and not so legal) uses for this... by PAjamian · · Score: 4, Insightful

    This is a really interesting device, I wonder if it has some darker uses, though...

    Could you use this device to assist shoplifting by having it in your pocket when you walk past the RFID readers at the store entrance? This would effectively block the readers from being able to "see" the RFID security tags on the merchandise.

    Depending on how low-cost these devices are (they are planning to sell them at cost, after all), could someone attach one surreptitiously to the bottom of a modern car preventing the RFID tag built into the ignition key from being read, thereby disabling the car?

    Here in New Zealand, they recently passed a law requiring that all pet dogs have RFID chips implanted in them. It would be laughable if a small version of this were made which would could be attached to the collar of the dog to effectively disable the RFID chip implanted in them (admittedly I can't see this particular usage being helpful the the dog or the owner in any way, but it is funny to think about).

    Other issues:

    Since this is a powered transmitting device, it might not be legal to have it turned on while on board an airplane in flight. Since it can't be effective while turned off, it would still be possible to read passports of people in-flight unless protected by some other means (aluminum foil, farraday cage).

    --
    Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.
  8. Re:Back-compat? by wizzahd · · Score: 3, Funny

    It's a hat, duh. Do you realize how long it would take to make a tin foil jacket??

  9. Re:why? by maxume · · Score: 3, Insightful

    This isn't about sweeping something under the rug. It is about RFID coming whether you want it or not and having a straightforward way to avoid many of the issues that it is coming with.

    --
    Nerd rage is the funniest rage.
  10. Re:Like encryption by Anonymous Coward · · Score: 3, Insightful
    Well, in the retail environment, the point is to be able to read them without touching each individual item. Inventory audit your warehouse, ring up an entire cart of stuff without having to pick it all out and set it on a convery and scan it one by one.

    Another big retail selling point is to set up scanners at doors and set off an alarm if an item passes through that is allegedly still in the store's inventory. You can bet retail chains will lobby against Guardian and similar technologies.

    ...not that the FCC would ever approve the device to start with.

  11. Re:Like encryption by JFitzsimmons · · Score: 3, Interesting

    It is harder to forge but not because of some stupid restriction like "the stuff is harder to get". Any fool can write a RFID tag with quite reasonably priced equipment as well. The security actually comes from the cryptographic hash of the digital data also on the RFID tag. Therefore, if the digital data matches the physical printing of the data, and the cryptographic hash checks out, then you have within a good degree of certainty that the passport is legit. Of course, who knows if the secret hashing algorithm has been leaked or not, but that's a totally different concern.

    With that said, a wireless technology is completely stupid for this sort of application. Any official checking a passport is going to be physically handling it anyway, so what's wrong with requiring a physical connection, like that in a smartcard?

    --
    Beware he who would deny you access to information, for in his heart he dreams himself your master. -Anonymous
  12. Melanie @ WhatTheHack by gbnewby · · Score: 3, Informative

    I saw Melanie's talk at What The Hack in summer 2005, and got to speak with her a little afterwards. That was before the virus made news, but her interests in RFID were in strong evidence. Here's the abstract: program.whatthehack.org Here's video (MP4) of her talk, "Fun and Mayhem with RFID:" rehash.whatthehack.org You can find other videos from WTH at the same site (disclosure: I'm there, too!)