Slashdot Mirror

← Back to Stories (view on slashdot.org)

Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security

Posted by Soulskill on from the what-could-possibly-go-wrong dept.

An anonymous reader writes: His wife thinks he's crazy, but this guy got an NFC chip implanted in his arm, where it will stay for at least a year. He's inviting everyone to come up with uses for it. Especially ones that violate his privacy and security. There must be something better to do than getting into the office or unlocking your work PC.

He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."

3 of 142 comments (clear)

  1. 888 bytes is a pretty fair amount. by wierd_w · · Score: 5, Interesting

    It seems small, when we think about data these days being in the multi-gigabytes, but 888 bytes is AMPLE to completely destroy the security of your legal identity.

    Say, a social security number: 9 bytes.
    A telephone number, with area code: 10 bytes
    Full name, assuming a null padded, 3 entry struct with 15char max strings and 2 delimiter bytes: 47 bytes
    Address, assuming 4 lines with 20 chars each (with null padding as needed)-- 40 bytes.

    All that, and we are only about 1/7 to 1/8th of the data memory, or about 106 bytes.

    One could squeeze a shortened URL to a facebook page, and quite a bit else in that space, such as DL number, credit card number, cellphone number, email address, and whatnot.

    888 bytes can hold a LOT of very dangerous information.

    1. Re:888 bytes is a pretty fair amount. by mysidia · · Score: 5, Interesting

      Let's change that up slightly, to use 3715 bits out of the 7104 available, approximately 50%:

      • E-mail address = 40 bytes
      • Social Security Number binary encoded - 9 digits = 29 bits.
      • Health Insurance Provider Name - 16 alphanumeric characters = 12 bytes
      • Health Plan ID - Encoded 6 bits per symbol 8 symbols = 48 bits.
      • ZIP CODE of City of birth = 15 bits
      • GPS Latitude and Longitude of current primary workplace (two 32-bit floats) = 64 bits
      • Employer company name - 16 alphanumeric characters (encoded 6 bits per character) = 12 bytes
      • Driver's License Number - 10 digits = 32 bits.
      • Driver's license State (number from 00 to 49)= 6 bits
      • Driver's license Expiration date (Number of days Since Jan 1, 1970) = 15 bits
      • Current vehicle license plate 9 alphanumeric characters (encoded 6 bits per character) = 54 bits
      • Current vehicle VIN number 17 alphanumeric characters (encoded 6 bits per character) = 102 bits
      • Job Title - 16 alphanumeric characters = 12 bytes
      • Annual Income in US Dollars - 1 to 14 digits = 47 bits
      • Mother's maiden name (max: 20 characters) = 15 bytes
      • Date of birth = 15 bits
      • Telephone number with area code - 10 digits = 34 bits
      • Full name - Encoded using 6 bits per character, Uppercase alphabetic characters, digits, spaces, field separator, and NULs only 50 characters = 37 bytes
      • ZIP CODE of Previous residence = 15 bits
      • Date moved into current residence = 15 bits
      • ZIP CODE of Current residence = 15 bits
      • GPS Latitude and Longitude of current residence (two 32-bit floats) = 64 bits
      • Street name and house number of current resident Address (6 bits per character ) = max 20 bytes
      • Apartment number or suite number = max 20 bytes
      • Bank1 - Account number = 29 bits
      • Bank1 - Routing number 12 digits = 37 bits
      • Bank2 - Account number = 29 bits
      • Bank2 - Routing number 12 digits = 37 bits
      • Credit card 1 - primary account number - 12 digits = 37 bits
      • Credit card 1 - CVV number - 3 digits = 10 bits
      • Credit card 1 - Track 1 data 79 alphanumeric characters = 60 bytes
      • Credit card 1 - Track 2 data 40 digits = 17 bytes
      • Credit card 2 - primary account number - 12 digits = 37 bits
      • Credit card 2 - CVV number - 3 digits = 10 bits
      • Credit card 2 - Track 1 data 79 alphanumeric characters = 60 bytes
      • Credit card 2 - Track 2 data 40 digits = 17 bytes
      • Credit card 3 - primary account number - 12 digits = 37 bits
      • Credit card 3 - CVV number - 3 digits = 10 bits
      • Credit card 3 - Track 1 data 79 alphanumeric characters = 60 bytes
      • Credit card 3 - Track 2 data 40 digits = 17 bytes
  2. Wrong Hand by BlackHawk-666 · · Score: 3, Interesting

    Dude's doing it all wrong, it's meant to go in your right hand or your forehead! ^-^

    --
    All those moments will be lost in time, like tears in rain.