RFID: Speedpass Hacked
September 26, 2006 | 3 Comments
Johns Hopkins professor Avi Ruben and his graduate students were able to quickly find a way to reproduce an existing Speedpass token. They built a small device that attaches to a laptop, which can then swipe Mobil Speedpass codes just by casually walking by someone who has one in their pocket.
I think these types of things will be increasingly common. My favorite part of this video is when they say that when interviewing companies responsible for creating Speedpass, they say it is a non-issue. Crooks are apparently no sophisticated enough to walk around with laptops and use software to transfer codes between devices…
Thanks to David Skrabal for sending along this YouTube video to me.
Tags: david skrabal, mobil, mobil speedpass, RFID, speedpass
Religious Right Against RFID
March 26, 2006 | 4 Comments
In a recent Wired article titled, RFID: Sign of the (End) Times?, Katherine Albrecht’s stance against RFID is discussed. In short, she is a Christian who believes that RFID is the biblically foretold “mark of the beast” and in turn can be interpreted as the sign of the coming end of days.
I hate to find myself on the same side as someone I look at as a bit nutty, but who am I kidding, I’m just a few conspiracy theories away from wearing a tinfoil hat. Regardless of my distaste for her particular argument against RFID, hopefully it does ring true with the particularly political group of evangelical Christians who seem to have a stranglehold on the country at this point.
So if the leftist paranoid liberals hate RFID and the evangelical conservative right hate RFID, who’s out there pushing it on all of us? Oh yeah, big business…
Tags: business, conservative, evangelical, liberal, privacy, religion, religious, RFID, wired
My Cat Has A Computer Virus!?!
March 16, 2006 | 2 Comments
In a white paper released by the University of Amsterdam and promoted on RFIDVirus.org, an explanation of how RFID is actually vulnerable (in many cases) to simple SQL injection attacks.
How does this apply to your cat (or other pet for that matter)? Well, many veterinarians and the humane society now implant RFID chips in pets to help identify and match strays up with their original owners.
Their research group has developed a proof of concept following this basic scenario:
prankster decides to unwittingly enlist his cat in the fun. The cat has a subdermal pet ID tag, which the attacker rewrites with a virus using commercially available equipment. He then goes to a veterinarian (or the ASPCA), claims it is stray cat and asks for a cat scan. Bingo! The database is infected. Since the vet (or ASPCA) uses this database when creating tags for newly-tagged animals, these new tags can also be infected. When they are later scanned for whatever reason, that database is infected, and so on. Unlike a biological virus, which jumps from animal to animal, an RFID virus spread this way jumps from animal to database to animal. The same transmission mechanism that applies to pets also applies to RFID-tagged livestock.
Hopefully if this gets enough press, wide scale deployment of RFID can be further delayed.
Tags: cat, cats, privacy, RFID, rfid virus, university of amsterdam, virus
RFID Will Be Unavoidable
January 29, 2006 | 8 Comments
In response to my RFID Fears, Jon commented about being able to “zap” RFID as a solution:
Look at the bright side. Electronic devices fail. Sometimes on their own, and sometimes with the help of a little device like this.
This is cool, but short sighted.
Currently a lot of work is going into getting RFID into US Passports. Most proposals so far have failed and we keep getting a delay on the inevitable here, but that’s one you won’t be able to zap. How long before state drivers licenses follow in those footsteps?
American Express has an RFID chip in it, probably zapping that would be bad if you care about the card, me I just switched away from the damn thing. But, if other CC providers get in on the game there may be nowhere to switch.
Or how about Speedpass for the gas station?
Or how about EasyPass to get through toll booths faster?
It’s very important that we realize these things are going to enter our lives on the basis of adding convenience. You’ll be promised a discount, or the ability to do something faster/easier. One potential big market is in replacing the stupid customer appreciation discount tags we all have on our keychain for grocery stores.
The reality is RFID is coming, we’ll all have a few tags, and the potential misuse of this is tremendous.
Tags: american express, credit card, easypass, freedom, passport, passports, RFID, speedpass, toll, toll booth
RFID Fears
January 26, 2006 | 6 Comments
This video is a visual representation of a subset of my worst fears around RFID and digital identity. It takes a second to start, but it’s worth it.
Watching this makes my skin crawl. Don’t fool yourself into thinking this is some sort of extreme paranoid science fiction either. We’re just a few steps away from realizing this as reality. This is the scary 1984 kind of science fiction that is terribly grounded in today’s emerging technologies. I’ve been saying it for months, combining digital identity through federations with RFID and efficient indexing builds just the distopia exhibited here.
I’m glad someone has made a film that so clearly shares my fears.
Tags: 1984, chris oakley, digital identity, federated identity, federation, Fun Whatnot, identity, indexing, oakley, RFID, scary, science, science fiction, technology, tracking, video
RFID in Passports
November 3, 2005 | 3 Comments
I’ve been concerned and generally against RFID since the first time I heard about it. Maybe its because I know a little about security, or identity management, or hell even the way markketing in a digital world works. Anyway, our brilliant US State Department is planning a roll out of RFID in passports for October 2006.
From Wired, Fatal Flaw Weakens RFID Passport:
In 2004, when the U.S. State Department first started talking about embedding RFID chips in passports, the outcry from privacy advocates was huge. When the State Department issued its draft regulation in February, it got 2,335 comments, 98.5 percent negative. In response, the final State Department regulations, issued last week, contain two features that attempt to address security and privacy concerns. But one serious problem remains.
Good that they fixed a couple problems, but a ton more are certain to crop up. I feel my fears aren’t misplaced. I guess I’ll have to keep posting this negative RFID stuff to help promote awareness of this garbage.