Slashdot Mirror

← Back to Stories (view on slashdot.org)

Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security

Posted by Soulskill on from the what-could-possibly-go-wrong dept.

An anonymous reader writes: His wife thinks he's crazy, but this guy got an NFC chip implanted in his arm, where it will stay for at least a year. He's inviting everyone to come up with uses for it. Especially ones that violate his privacy and security. There must be something better to do than getting into the office or unlocking your work PC.

He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."

29 of 142 comments (clear)

  1. Small Government Mandate by howzermyhamit · · Score: 4, Funny

    I'm sure our local superhero cold fjord can tell us why a Small, Libertarian-Approved State should mandate the installation of these on all citizens and civilians.

    Well? We're waiting, my friend.

    1. Re:Small Government Mandate by Anonymous Coward · · Score: 2, Funny

      Bennett Hasselhoff, a frequency counter, will be along shortly to provide Insight.

    2. Re:Small Government Mandate by JazzHarper · · Score: 2

      A libertarian state would never permit, much less mandate, such a thing.

    3. Re: Small Government Mandate by Anonymous Coward · · Score: 3, Insightful

      "Why not. It's her money."

      Because principles, motherfucker. If you spent your life whining about how money was taken from you in order to provide yourself a retirement in your old age then you should at the point of old age prove how right you are by completely living without it.

      Retiring by your own bootstraps.

    4. Re:Small Government Mandate by AK+Marc · · Score: 4, Insightful

      A libertarian state would pass laws banning people from having the freedom to implant themselves with an RFID? What a totalitarian distopian libertarian world you long for.

      --
      Learn to love Alaska
    5. Re:Small Government Mandate by Capsaicin · · Score: 4, Insightful

      Hell, even Obama and Nancy Pelosi probably wouldn't approve of gov't implanting chips on citizens.

      Hell, who needs implants when people voluntarily carry around Android and/or iOS devices everywhere they go?

      --
      Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
    6. Re:Small Government Mandate by Anonymous Coward · · Score: 2, Insightful

      Conservatives hate Nancy Pelosi and Hillary Clinton.
      Nancy Pelosi and Hillary Clinton are women.
      Therefore, conservatives hate women.

      Additionally,
      the conservatives I know hate Nancy Pelosi and Hillary Clinton.
      Therefore, ALL conservatives hate women.

      You, my friend, are going into my lecture about logic. I suspect my high school students will do better than you did just here.

    7. Re:Small Government Mandate by Anonymous Coward · · Score: 3, Insightful

      Actually the US has a "pay-behind" Social Security system. Each generation pays for the previous generation's Social Security benefits, so no, it wasn't "her money".

    8. Re:Small Government Mandate by stephanruby · · Score: 4, Insightful

      A chip embedded in your arm is meaningless without context. Take for example, an Holocaust survivor with a tattooed number on his arm. Or take a person with a safety tattoo listing all the things he's deadly allergic to. Neither of those things are the same as a journalist being tattooed with a meaningless number on his arm.

      If those ten volunteers were really serious about testing the technology in a negative light, they should just spent some time as prisoners in a real prison where everything gets tracked and counted by NFC readers at the very least. The Type II tag itself has such a small amount of memory, it can't really be used for any serious authentication outside of a closed loop system like a prison environment.

      At best outside of prison use, this NFC tag could link to a shortened url, or contain such information as a Twitter handle, or a LinkedIn user name.

    9. Re: Small Government Mandate by Altrag · · Score: 2, Insightful

      Being a hypocrite doesn't invalidate what he was saying.

    10. Re:Small Government Mandate by gbjbaanb · · Score: 2

      possibly group bias - same reason women get attacked on twitter.

      If I know there are people out there who will attack women for no reason, then I can happily attack women knowing that I will get a ton of others joining in. It validates my sense of importance within a group and gives me the sense of safety from my actions because they are shared by a large number of others.

      This self-fulfilment is why I think it happens, and why the bully only attacks the weak - they know they will get other bullies joining in. If they attacked someone popular, they know they wouldn't get the same level of support, so they don't.

      I'll leave it to you to decide if politicians are of the same maturity level as school bullies :-)

    11. Re: Small Government Mandate by Anonymous Coward · · Score: 2, Insightful

      I demonstrates he doesn't believe what he is saying.

    12. Re:Small Government Mandate by benjamindees · · Score: 4, Insightful

      Actually, Rand was almost exactly in the middle of the generation that paid for Social Security twice. The first benefits began in 1940. The first generation of retirees were paid directly out of the treasury. The actual SS taxes that Rand paid went into the "trust fund," which was later loaned out to other government agencies, to pay for war mostly.

      --
      "I assumed blithely that there were no elves out there in the darkness"
    13. Re:Small Government Mandate by Wootery · · Score: 4, Insightful

      The fake Libertarians in the Republican party may have other ideas, I wouldn't know.

      Sure you do. You've heard of the Iraq War, right? The principle of minimal government ceases to apply when it's a cause you happen to like, such as pre-emptive war or corporate subsidies.

  2. 888 bytes is a pretty fair amount. by wierd_w · · Score: 5, Interesting

    It seems small, when we think about data these days being in the multi-gigabytes, but 888 bytes is AMPLE to completely destroy the security of your legal identity.

    Say, a social security number: 9 bytes.
    A telephone number, with area code: 10 bytes
    Full name, assuming a null padded, 3 entry struct with 15char max strings and 2 delimiter bytes: 47 bytes
    Address, assuming 4 lines with 20 chars each (with null padding as needed)-- 40 bytes.

    All that, and we are only about 1/7 to 1/8th of the data memory, or about 106 bytes.

    One could squeeze a shortened URL to a facebook page, and quite a bit else in that space, such as DL number, credit card number, cellphone number, email address, and whatnot.

    888 bytes can hold a LOT of very dangerous information.

    1. Re:888 bytes is a pretty fair amount. by mysidia · · Score: 5, Interesting

      Let's change that up slightly, to use 3715 bits out of the 7104 available, approximately 50%:

      • E-mail address = 40 bytes
      • Social Security Number binary encoded - 9 digits = 29 bits.
      • Health Insurance Provider Name - 16 alphanumeric characters = 12 bytes
      • Health Plan ID - Encoded 6 bits per symbol 8 symbols = 48 bits.
      • ZIP CODE of City of birth = 15 bits
      • GPS Latitude and Longitude of current primary workplace (two 32-bit floats) = 64 bits
      • Employer company name - 16 alphanumeric characters (encoded 6 bits per character) = 12 bytes
      • Driver's License Number - 10 digits = 32 bits.
      • Driver's license State (number from 00 to 49)= 6 bits
      • Driver's license Expiration date (Number of days Since Jan 1, 1970) = 15 bits
      • Current vehicle license plate 9 alphanumeric characters (encoded 6 bits per character) = 54 bits
      • Current vehicle VIN number 17 alphanumeric characters (encoded 6 bits per character) = 102 bits
      • Job Title - 16 alphanumeric characters = 12 bytes
      • Annual Income in US Dollars - 1 to 14 digits = 47 bits
      • Mother's maiden name (max: 20 characters) = 15 bytes
      • Date of birth = 15 bits
      • Telephone number with area code - 10 digits = 34 bits
      • Full name - Encoded using 6 bits per character, Uppercase alphabetic characters, digits, spaces, field separator, and NULs only 50 characters = 37 bytes
      • ZIP CODE of Previous residence = 15 bits
      • Date moved into current residence = 15 bits
      • ZIP CODE of Current residence = 15 bits
      • GPS Latitude and Longitude of current residence (two 32-bit floats) = 64 bits
      • Street name and house number of current resident Address (6 bits per character ) = max 20 bytes
      • Apartment number or suite number = max 20 bytes
      • Bank1 - Account number = 29 bits
      • Bank1 - Routing number 12 digits = 37 bits
      • Bank2 - Account number = 29 bits
      • Bank2 - Routing number 12 digits = 37 bits
      • Credit card 1 - primary account number - 12 digits = 37 bits
      • Credit card 1 - CVV number - 3 digits = 10 bits
      • Credit card 1 - Track 1 data 79 alphanumeric characters = 60 bytes
      • Credit card 1 - Track 2 data 40 digits = 17 bytes
      • Credit card 2 - primary account number - 12 digits = 37 bits
      • Credit card 2 - CVV number - 3 digits = 10 bits
      • Credit card 2 - Track 1 data 79 alphanumeric characters = 60 bytes
      • Credit card 2 - Track 2 data 40 digits = 17 bytes
      • Credit card 3 - primary account number - 12 digits = 37 bits
      • Credit card 3 - CVV number - 3 digits = 10 bits
      • Credit card 3 - Track 1 data 79 alphanumeric characters = 60 bytes
      • Credit card 3 - Track 2 data 40 digits = 17 bytes
  3. Wrong Hand by BlackHawk-666 · · Score: 3, Interesting

    Dude's doing it all wrong, it's meant to go in your right hand or your forehead! ^-^

    --
    All those moments will be lost in time, like tears in rain.
  4. Re:What his wife thinks by Anonymous Coward · · Score: 2, Insightful

    Crazy is pretty low on the "reasons to divorce your spouse"big totem pole after a while. We're all a little crazy by spousal standards, and I've not had papers served to me for thirty years and countin!

  5. Re:What his wife thinks by bobstreo · · Score: 2

    Why does it matter what his wife thinks? And if she truly did suspect he is crazy, wouldn't he divorced right about now and caring a lot less about the chip in his arm?

    You didn't read the part where he put an NFC controlled chastity belt on her.

  6. Re:10cm range? Using what reader? by wierd_w · · Score: 2

    Maybe he has a very large active antenna?

    Even then though, it wouldn't be true NFC-- because the near field is the first 1/4 wavelength of the broadcast frequency.

    Which in this case, is 13.5 mhz-- that gives a total wavelength of about 22meters for the full wave, and 5.5 meters for the 1/4-wave Near Field.

    A large actively coupling antenna could conceivably communicate over that distance by measuring signal drop in the active antenna due to the active coupling with the near field.

    http://en.wikipedia.org/wiki/R...

    you might not be able to tell what the NFC chip "sent", but you could definitely tell that one was nearby.

  7. easy by roman_mir · · Score: 2

    Just install a reader for this chip in the wife and you'll get all of your privacy and security and many other things violated...

    --
    You can't handle the truth.
  8. Re:can chip implants cause cancer? by Anonymous Coward · · Score: 2, Insightful

    The radiation to activate the chip comes from outside. If you get polled 100 times per day by different RFIDs (intended for your phone) it matters very little if the chip inside of you responds 2 of those times. The big source of radiation (which isn't dangerous to begin with) will hit you ragardless if you have a chip implanted or not.

  9. Huh by Hognoxious · · Score: 2

    Didn't some guy (a university professor) in the UK do this about ten years ago? He was a bit of a publicity seeking knob too, IIRC.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  10. Dem speaker of the house, 3rd in line for potus by raymorris · · Score: 2

    Nancy Pelosi was Speaker of the House, and generally considered the second most powerful democrat behind Obama. You can't figure out why conservatives might have a problem with top democrats? You may have noticed Obama wasn't very involved with the drafting of the ACA, that was spearheaded by Pelosi. It would be more accurate to call it Pelosicare rather than Obamacare. The first draft, the last time the Democrats controlled the White House, was called Hillarycare.

    For those conservatives of a more libertarian bent, they may be unimpressed with Bush and Cheney and may see some good in some democrats. Pelosi, however, supported the Patriot Act, currently supports the NSA dragnet, No Child Left Behind - she's the figurehead for the Democrats, except when the republicans have an even worse idea, in which case she gets on board with them.

  11. Re:What his wife thinks by Rashdot · · Score: 2

    Maybe his wife has a chip on her shoulder.

    --
    This is not the sig you're looking for.
  12. Just wait by mwvdlee · · Score: 2

    Just wait 364 days, until he's locked all his authentication to the NFC, then some chloroform and a scalpel will give him all the privacy and security violation he's asking for.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  13. Re:Dem speaker of the house, 3rd in line for potus by azereal · · Score: 3, Informative

    Technically Obamacare IS Rommneycare, a Republican alternative to a single payer system (single payer is a much better system BTW). When the Democrats proposed it the Republicans simply lurched further to the right and declared it terrible.

  14. No fly list by DocSavage64109 · · Score: 3, Funny

    If we can get the reporter's uid on the no-fly-list it should be pretty entertaining to listen to his rants.

  15. Welcome to 10 years ago by Enry · · Score: 4, Informative

    http://geekdoctor.blogspot.com...