Slashdot Mirror
Is RFID Really That Scary?
tcd004 writes "Defcon participant Chris Paget demonstrated his ability to capture RFID data from people hundreds of feet away for the PBS NewsHour. Paget went through the regular laundry list of security concerns over RFID: people can be tracked, their information accessed, their identities comprimised. Not so fast, says Mark Roberti of RFID Journal. Mark challenges Paget to point to a single instance where RFID was successfully used for nefarious purposes. The signals are too weak and the data is too obscure, according to Roberti. So who is right? Has RFID yet lead to a single instance of identity theft, illegal monitoring, or other security compromise?"
Instead of setting my head on a swivel and looking around suspiciously I need only keep my gaze directed at my open book (hiding my tracking device) while I walk around keeping track of my subject.
Yes, alone, the device is useless; however, people in the business might find plenty of uses for it that you and I cannot imagine.
We have always been at war with Eurasia!
I am extremely skeptical of the current generation of RFID tags when used in practice out there in the wild.
About three years back I set up software to support a recycling scheme, whereby every household in a community (ca 10,000) were given a couple of plastic boxes in which to place recycled goods. The boxes where chipped *and* barcoded, and there were scales on the collection lorry to weigh the box and automatically scan the rfid chip at the same time, thus collecting usage data.
Three years on it turns out that the one thing we were not expecting - the rfid chips not to be reliable - has proven a major issue. The failure rate is not high, but we consistently have a score or more boxes needing replacing every month, which is a far higher rate than we were lead to expect. We did think it might be the manufacturer, but we've talked to several people doing similar things now and everyone has similar stories - the chips do fail.
Perversely - the barcodes, which we sealed in transparent plastic but didn't expect to last (hence going with rfid tags as major impact) have given us less than a dozen damaged to the point we can't scan them in the whole three years.
Actually I think you'll need to put that coil in series with the flash.
IIRC, an inverter charges a capacitor up to a few hundred volts D.C. across the flash which doesn't conduct until it is triggered by a brief higher-voltage pulse from a transformer. That pulse causes the gas to ionize (conduct). If the coil were across the flash, the cap would be shorted and couldn't build up a big charge to release in one high-energy burst. Maybe flash designs have changed, but that's how they've worked in the past.
RFID-enabled credit cards broadcast all the data on the front of the card in plaintext when energized. So I'd say the answer is YES.
http://www.youtube.com/watch?v=vmajlKJlT3U
Look how old that video is.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Yes, some banks don't do so. Most do, however.
An idiotic statement. Mass market RFID readers need to be within about 6 inches. However, there's NOTHING stopping someone from cranking up the power and getting far more distance out of it. How does 11 meters sound? http://www.foodproductiondaily.com/Supply-Chain/Long-distance-RFID-reader
With enough money on the line, they will be... Criminals go to great lengths to get credit card numbers with skimmers, fake ATMs, and the like. A tine scanner in a post office would be relatively easy and low-risk.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
No it is not, your RFID equipped credit card could be skimmed when you simply walk by a hidden reader. I wouldn't be hard for someone to walk around a city with a RFID skimmer in their backpack and read cards all day long. If you read the title you'd know that you can do this from over 100 feet away.