Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is RFID Really That Scary?

Posted by timothy on from the relaaaaaax-citizen dept.

tcd004 writes "Defcon participant Chris Paget demonstrated his ability to capture RFID data from people hundreds of feet away for the PBS NewsHour. Paget went through the regular laundry list of security concerns over RFID: people can be tracked, their information accessed, their identities comprimised. Not so fast, says Mark Roberti of RFID Journal. Mark challenges Paget to point to a single instance where RFID was successfully used for nefarious purposes. The signals are too weak and the data is too obscure, according to Roberti. So who is right? Has RFID yet lead to a single instance of identity theft, illegal monitoring, or other security compromise?"

17 of 338 comments (clear)

  1. Yes and no by autocracy · · Score: 4, Interesting

    Tracking one person around a city with RFID would be a nuisance. You'd need multiple points, signal quality would vary wildly, it'd be painful in a way.

    Opposingly, you can get a lot of aggregate data in a semi-closed system. I remember once at a public event I was covering (wearing my journalism hat for a moment) that I thought, "I wish I had an RFID system handy. I could identify all the University students in a moment -- I bet you not a one doesn't have their RFID card on them."

    Tracking could be efficiently done in a system such as a mall or subway with exit monitoring.

    --
    SIG: HUP
    1. Re:Yes and no by morari · · Score: 5, Insightful

      My bank switched their debit cards over to ones with "PayWave". It's an RFID chip that allows me to just magically wave my card around in the air and pay for stuff at the checkout line. I immediately bought an RFID blocking wallet. I'm a lot more concerned about being tracked by the stores and the bank, being marketed to by telescreens on the sidewalk, etc. than I am about cyber-thieves.

      --
      "He who can destroy a thing, controls a thing." --Paul Atreides, Dune
    2. Re:Yes and no by CyberLord+Seven · · Score: 4, Informative
      It seems to me you are assuming that the RFID is the only method being used to track someone. I don't track people but it seems trivial to me that a device that identifies a single person out of a mob would be extremely useful.

      Instead of setting my head on a swivel and looking around suspiciously I need only keep my gaze directed at my open book (hiding my tracking device) while I walk around keeping track of my subject.

      Yes, alone, the device is useless; however, people in the business might find plenty of uses for it that you and I cannot imagine.

      --
      We have always been at war with Eurasia!
    3. Re:Yes and no by sjames · · Score: 4, Funny

      Wow. If we thought butt dialing was a problem, just wait until butt-buying starts.

      In soviet america, ass bankrupts you!

    4. Re:Yes and no by i.r.id10t · · Score: 4, Funny

      But *only* after a jump to the left and a step to the right

      --
      Don't blame me, I voted for Kodos
    5. Re:Yes and no by MozeeToby · · Score: 4, Insightful

      It's hardly vendors that I would be concerned about. Given the increase in skimmers for magnetic readers at ATMs and cash registers how long do you really think before the concept spreads to RFID skimmers?

    6. Re:Yes and no by nabsltd · · Score: 4, Insightful

      I think one of the major turnoffs for me about mass market advertisiing is that it's so off base as to be annoying. I'm not in the market for a car, so to be subjected to ads for cars while I watch tv is a waste of my time.

      And targeted ads are even more annoying, because they still don't get it right.

      I was in the market for a car and did my research and bought one a week ago. But, I expect that "targeted" ads for cars will keep hitting my monitor and mailbox for at least the next six months, and I expect many of them will be for classes of vehicles that weren't anything I would ever consider.

      Two years ago these ads would have been a minor bother, and 2-12 months ago they might have been helpful, but for the next 5-10 years they'll be both wasteful and a major annoyance.

    7. Re:Yes and no by ffreeloader · · Score: 4, Insightful

      Being tracked when you use your card, because that is required just because you used it, and being tracked just because you walked past a checkout counter are two separate and distinct things.

      --
      "while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude." de Tocqueville
    8. Re:Yes and no by blueZ3 · · Score: 4, Insightful

      I think you're making a mistaken assumption that ads are intended to drive you to make an immediate purchase. While that's one reason they're aired, another is brand recognition and familiarity. If you happen to be in the market for a car three years from now, it's likely that at least some of what those car companies have communicated in their ads will stick with you.

      This is especially true for less-well-known brands. Compare a Toyota ad ("We're having a sale this weekend") to a Hyundai ad ("Our cars are reliable and have feature x). Toyota expects you to already know and recognize the value of a Toyota, they're trying to get you into the showroom now, now! NOW! As a relative newcomer, Hyundai is working to get you comfortable enough to consider their car.

      --
      Interested in a Flash-based MAME front end? Visit mame.danzbb.com
    9. Re:Yes and no by Sigmon · · Score: 4, Funny

      But do you have to put your hands on your hips?

  2. Yes and no... by BobMcD · · Score: 4, Interesting

    Is RFID, as described in the article really all that scary? No, not really. E.g.

    30 to 40 million people carry RFID tags on their windshields to allow them to cross bridges, and more carry them in their wallets, and there is not a single example of anyone who had their privacy infringed because of the tags.

    So the fear that the government would use RFID to gain data that they already have is likely debunked. Also the tracking is largely moot. They can do that in all sorts of other ways...

    This is the part that scares me:

    Taken as a whole, Roberti asserts, the benefits of RFID tags -- to track merchandise and packages, and keep track of drugs and food -- far outweigh any downside.

    Where I bought my specific pair of shoes for today likely is not in a database anywhere. With RFID it wouldn't need to be. You just scan the tag and ask the shoes. This potential privacy issue also lacks an implementation, but still represents more information than anyone specifically needs to have. I fear the unintended (or secretly-intended) consequences of all this consumerist stuff in our lives suddenly having a history.

  3. Re:Great Idea by aurispector · · Score: 4, Insightful

    RFID isn't a security concern NOW. If they start putting them on, say, driver's licenses it's another story. Why would anyone think RFID is a good idea when every other system that can be abused IS abused? The new barcode like scanning squares (WTF are they called?) can hold plenty of information and can only be read when the cardholder deliberately presents the card for scanning.

    What is the advantage of RFID?

    --
    I have mod points. The reign of terror begins now.
  4. Here's a better Defcon RFID story... by bradorsomething · · Score: 5, Interesting

    A few years ago a gentleman calling himself Major Malfunction decided to do a proof of concept at Defcon on the dangers of RFID. He set up a table with a box doing RFID queries. When the box got a return and found usable data, it snapped a picture.

    Many Federal agents walked by the table. They were not pleased when they found out the nature of the experiment. The data was destroyed, but the point was made. RFID protective wallets sold *real* well that year...

    1. Re:Here's a better Defcon RFID story... by myowntrueself · · Score: 4, Insightful

      Ok how about this.

      US passports contain RFID tags.

      1. Is it possible to detect, from the RFID tag, at a distance, the presence of a US passport and to distinguish a US passport from other passports fitted with RFID tags?
      2. Is it possible to determine roughly how many US passports are within range?
      3. Is it possible to engineer such an RFID tag detector into the detonator of an explosive device while keeping said explosive device small enough and low powered enough to be easily concealable? (ie doesn't need mains electricity nor obvious antenna).

      I am just asking the question, I have no wish to see US passport holders blown to bits; but there *are* people who *would*.

      --
      In the free world the media isn't government run; the government is media run.
  5. Portable RFID chip Killer by mrops · · Score: 4, Interesting

    If a microwave isn't available

    1) Take a cheap camera flash
    2) Replace strobe with AWG14 or 15 coiled about (ummmmmm.. say) 10 times around your finger (remove finger)
    3) Charge flash (which isn't a flash anymore) and point to your favorite RFID chip, fire.
    4) Enjoy your restored privacy

    Disclaimer: Do not point towards your pace maker.

    1. Re:Portable RFID chip Killer by Anonymous Coward · · Score: 5, Funny

      (remove finger)

      Holy shit man, I value my privacy but this seems extreme.

  6. Answer is YES by GameboyRMH · · Score: 4, Informative

    RFID-enabled credit cards broadcast all the data on the front of the card in plaintext when energized. So I'd say the answer is YES.

    http://www.youtube.com/watch?v=vmajlKJlT3U

    Look how old that video is.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel