Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security

An anonymous reader writes: His wife thinks he's crazy, but this guy got an NFC chip implanted in his arm, where it will stay for at least a year. He's inviting everyone to come up with uses for it. Especially ones that violate his privacy and security. There must be something better to do than getting into the office or unlocking your work PC.

He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."

Small Government Mandate

[howzermyhamit]

I'm sure our local superhero cold fjord can tell us why a Small, Libertarian-Approved State should mandate the installation of these on all citizens and civilians.

Well? We're waiting, my friend.

Re: Small Government Mandate

"Why not. It's her money."

Because principles, motherfucker. If you spent your life whining about how money was taken from you in order to provide yourself a retirement in your old age then you should at the point of old age prove how right you are by completely living without it.

Retiring by your own bootstraps.

Re:Small Government Mandate

[AK+Marc]

A libertarian state would pass laws banning people from having the freedom to implant themselves with an RFID? What a totalitarian distopian libertarian world you long for.

Re:Small Government Mandate

[Capsaicin]

Hell, even Obama and Nancy Pelosi probably wouldn't approve of gov't implanting chips on citizens.

Hell, who needs implants when people voluntarily carry around Android and/or iOS devices everywhere they go?

Re:Small Government Mandate

Actually the US has a "pay-behind" Social Security system. Each generation pays for the previous generation's Social Security benefits, so no, it wasn't "her money".

Re:Small Government Mandate

[stephanruby]

A chip embedded in your arm is meaningless without context. Take for example, an Holocaust survivor with a tattooed number on his arm. Or take a person with a safety tattoo listing all the things he's deadly allergic to. Neither of those things are the same as a journalist being tattooed with a meaningless number on his arm.

If those ten volunteers were really serious about testing the technology in a negative light, they should just spent some time as prisoners in a real prison where everything gets tracked and counted by NFC readers at the very least. The Type II tag itself has such a small amount of memory, it can't really be used for any serious authentication outside of a closed loop system like a prison environment.

At best outside of prison use, this NFC tag could link to a shortened url, or contain such information as a Twitter handle, or a LinkedIn user name.

Re:Small Government Mandate

[benjamindees]

Actually, Rand was almost exactly in the middle of the generation that paid for Social Security twice. The first benefits began in 1940. The first generation of retirees were paid directly out of the treasury. The actual SS taxes that Rand paid went into the "trust fund," which was later loaned out to other government agencies, to pay for war mostly.

Re:Small Government Mandate

[Wootery]

The fake Libertarians in the Republican party may have other ideas, I wouldn't know.

Sure you do. You've heard of the Iraq War, right? The principle of minimal government ceases to apply when it's a cause you happen to like, such as pre-emptive war or corporate subsidies.

888 bytes is a pretty fair amount.

[wierd_w]

It seems small, when we think about data these days being in the multi-gigabytes, but 888 bytes is AMPLE to completely destroy the security of your legal identity.

Say, a social security number: 9 bytes.
A telephone number, with area code: 10 bytes
Full name, assuming a null padded, 3 entry struct with 15char max strings and 2 delimiter bytes: 47 bytes
Address, assuming 4 lines with 20 chars each (with null padding as needed)-- 40 bytes.

All that, and we are only about 1/7 to 1/8th of the data memory, or about 106 bytes.

One could squeeze a shortened URL to a facebook page, and quite a bit else in that space, such as DL number, credit card number, cellphone number, email address, and whatnot.

888 bytes can hold a LOT of very dangerous information.

Re:888 bytes is a pretty fair amount.

[mysidia]

Let's change that up slightly, to use 3715 bits out of the 7104 available, approximately 50%:

• E-mail address = 40 bytes
• Social Security Number binary encoded - 9 digits = 29 bits.
• Health Insurance Provider Name - 16 alphanumeric characters = 12 bytes
• Health Plan ID - Encoded 6 bits per symbol 8 symbols = 48 bits.
• ZIP CODE of City of birth = 15 bits
• GPS Latitude and Longitude of current primary workplace (two 32-bit floats) = 64 bits
• Employer company name - 16 alphanumeric characters (encoded 6 bits per character) = 12 bytes
• Driver's License Number - 10 digits = 32 bits.
• Driver's license State (number from 00 to 49)= 6 bits
• Driver's license Expiration date (Number of days Since Jan 1, 1970) = 15 bits
• Current vehicle license plate 9 alphanumeric characters (encoded 6 bits per character) = 54 bits
• Current vehicle VIN number 17 alphanumeric characters (encoded 6 bits per character) = 102 bits
• Job Title - 16 alphanumeric characters = 12 bytes
• Annual Income in US Dollars - 1 to 14 digits = 47 bits
• Mother's maiden name (max: 20 characters) = 15 bytes
• Date of birth = 15 bits
• Telephone number with area code - 10 digits = 34 bits
• Full name - Encoded using 6 bits per character, Uppercase alphabetic characters, digits, spaces, field separator, and NULs only 50 characters = 37 bytes
• ZIP CODE of Previous residence = 15 bits
• Date moved into current residence = 15 bits
• ZIP CODE of Current residence = 15 bits
• GPS Latitude and Longitude of current residence (two 32-bit floats) = 64 bits
• Street name and house number of current resident Address (6 bits per character ) = max 20 bytes
• Apartment number or suite number = max 20 bytes
• Bank1 - Account number = 29 bits
• Bank1 - Routing number 12 digits = 37 bits
• Bank2 - Account number = 29 bits
• Bank2 - Routing number 12 digits = 37 bits
• Credit card 1 - primary account number - 12 digits = 37 bits
• Credit card 1 - CVV number - 3 digits = 10 bits
• Credit card 1 - Track 1 data 79 alphanumeric characters = 60 bytes
• Credit card 1 - Track 2 data 40 digits = 17 bytes
• Credit card 2 - primary account number - 12 digits = 37 bits
• Credit card 2 - CVV number - 3 digits = 10 bits
• Credit card 2 - Track 1 data 79 alphanumeric characters = 60 bytes
• Credit card 2 - Track 2 data 40 digits = 17 bytes
• Credit card 3 - primary account number - 12 digits = 37 bits
• Credit card 3 - CVV number - 3 digits = 10 bits
• Credit card 3 - Track 1 data 79 alphanumeric characters = 60 bytes
• Credit card 3 - Track 2 data 40 digits = 17 bytes

Wrong Hand

[BlackHawk-666]

Dude's doing it all wrong, it's meant to go in your right hand or your forehead! ^-^

Re:Dem speaker of the house, 3rd in line for potus

[azereal]

Technically Obamacare IS Rommneycare, a Republican alternative to a single payer system (single payer is a much better system BTW). When the Democrats proposed it the Republicans simply lurched further to the right and declared it terrible.

No fly list

[DocSavage64109]

If we can get the reporter's uid on the no-fly-list it should be pretty entertaining to listen to his rants.

Welcome to 10 years ago

[Enry]

http://geekdoctor.blogspot.com...