RSA Creating RFID Blocker Tag

burgburgburg writes "RSA is introducing a new RFID cloaking system to guard secret data. The RSA Blocker Tag technology uses a jamming system designed to confuse RFID readers and prevent those devices from tracking data on individuals or goods outside certain boundaries. At its security conference, RSA demonstrated the blocking technology in a pharmacy setting. The pharmacist provides your prescription in a special bag with the Blocker tags. When the drugs are in the bag, RFID readers are blocked. Take them out, they're readable. The tags work by emitting radio frequencies that fool RFID readers into thinking they're receiving unwanted data, causing them to shun data from that source. RSA promises that this new technology will not interfere with the normal operation of RFID systems or allow hackers to use security technology to bypass theft-control systems or launch denial-of-service attacks." Maybe it's just me, but this seems to not address any of the important RFID issues at all.

It's Time...

[Captain Large Face (559804)]

OK paranoid people, now you've got something to line the inside of your tinfoil beanies!

Re:It's Time...

[SillySnake (727102)]

Or at least something that matches the rest of my outfit. This foil stuff just clashes with my attire.

Re:It's Time...

[Kenja (541830)]

I use the Trepan-A [goats.com] series of tools.

The EPA won't be happy...

[LurkerXXX (667952)]

I guess soon we will all want to start using lead paint again on our houses.

Work part time from parking lots.

[Godeke (32895)]

I see a new business opprotunity! Several states decided a while back to make a profit off of the backs of the citizens by selling government databases to spa^H^H^H marketers. One of those databases was the registration data from the DMV.

Combine that with RFIDs scanned as they leave the store, returning to the car, and I think we will have an incredible insight into the nature of those people's purchases. I'm sure some clever individuals will be able to build a portable scanner and have some underpaid kids key in the corresponding plates... won't this be wonderful!

Re:Work part time from parking lots.

[gnu-generation-one (717590)]

"Combine that with RFIDs scanned as they leave the store, returning to the car, and I think we will have an incredible insight into the nature of those people's purchases."

You think that's bad? Imagine a bomb which explodes when it detects the RFID tag in an American passport nearby.

Arms race

[Anonymous Coward]

After this, of course, Wal-Mart comes up with the RFID-blocker-blocker. And then RSA develops the RFID-blocker-blocker-blocker. And so on.

Not necessary...

[Dimensio (311070)]

...I'm sure that they'll find some law, like the DMCA, to use against anyone who dares try to assert this bizarre "privacy right". If no law can currently be manipulated into supporting their agenda, they'll write a new one and pay Congress to enact it.

Re:Arms race

[Alan Cox (27532)]

And I claim my RFID tag is for rights management and you go to jail. Easily solved. Come to think of it if you look suspicious I'm sure something like "going equipped to steal" would do for the carrier or nonsense like "accessory to a crime" to the manufacturer 8)

Strange how DVD copying software is being ruled illegal as it might be used to commit a crime while high velocity rifle rounds that penetrate police armour and kill people are not.

I guess Mickey Mouse is worth more than a pile of dead fbi men.

Re:Arms race

[the_mad_poster (640772)]

Strange? No. The firearms industry has lots of money, the movie industry has lots of money, and politicians want lots of money. It makes perfect sense to me.

In the meantime, I'll continue buying both as I damn well see fit (although to date I've not seen fit to buy either).

Re:Arms race

[Richard_at_work (517087)]

The DVD copying software (DVD Xcopy i presume, as thats the one that was in the news recently) was ruled illegal because it circumvented copy protection measures, and under current statutes (DMCA) its an open-and-shut case, there isnt much else the Judge could have done. It didnt make 1:1 backup copies, because it did two things: transcoded the contents to make it fit, and allowed you to choose what you wanted copied. If it could make 1:1 copies, and that was all it did, then it would probably have passed ok, as it didnt surcumvent any acts. Dont blame me, dont blame the judge, blame the person who signed the law.

Re:Arms race (Off topic, just like its parent)

[Tjp($)pjT (266360)]

Armor piercing rounds generally have steel cores. The main use of steel core ammunition in the US is for cheap surplus rounds sold and mainly used for target practice.The don't make good rounds for hunting (or assassination) as they tend to pass through the target without shedding much energy. Good rounds for hunting are soft-tipped or hollow core and expand and stay in the animal. That way they transmit the most energy and create a more lethal wound channel.

If you consider the size of a buck deer, moose, or elk it quickly becomes apparent that if you allow sportsmen to hunt these animals, then you must have appropriate ammunition available that will dispatch them with a high probability with one shot. If you look at the rounds used in the past to hunt elephants you'll see they are huge are in fact not very common, and the rifles that can fire them are quite expensive, and even more uncommon. And, if you disallow hunting, then you have to reintroduce natural predators for game animal population control; look at New Jersy's experiment with elimination of deer hunting. Famine in the deer population as it grew, increase in disease in the deer population and increase in related vectors that directly and adversly affect other animals and humans.

If you want to change the rights of gun ownership in the US have the courtesy to attack the problem head on. Make an attempt to change the 2d amendment. Legislation that violates the 2d Amendment is just an affront to the legal basis that supports all our laws. When you do, remember that over 50% of US housholds own guns, legally. Guns are _so_ easy to manufacture that a plant in NJ was set up by organized crime and operated for years creating blackmarket firearms. We dropped (in WWII) leaflets showing how with simple mechanics tools a reliable fully automatic weapon (the so called "grease guns") could be made my resistance fighters. Make sure you address all the potential avenues for criminal creation of firearms when you try to make a legal ban of them. And then consider what other rights you have to give up to allow enforcement of those provisions to assure crimminals don't have firearms. And consider those who legally use a firearm in self-defense and assure a way to protect all the citizens all the times. I see very large budget increases for the new police state you'll need to implement this.

Feel free to mode this down along with the parent. Now if only he'd have suggested RFIDs in bullets or handguns ...

abuse

[stonebeat.org (562495)]

RSA promises that this new technology will not interfere with the normal operation of RFID systems or allow hackers to use security technology to bypass theft-control systems.

I think this kind of technology is asking to be abused. Just like the cell fone signal jammers.

Re:abuse

[Temporal Outcast (581038)]

I think this kind of technology is asking to be abused. Just like the cell fone signal jammers. That could be said of any and all kinds of technologies, for the most part.

goody bag

[Mordac the Preventer (36096)]

So once stores are using automated RFID-reading-Visa-charging tills instead of employing humans, you be able to get one of these bags, fill it with goodies, and walk out without paying?

Sounds good to me.

Think Geek

[WormholeFiend (674934)]

I hope they start selling a t-shirt with a giant version of those tags printed on the front.

If I'd tried it...

[robslimo (587196)]

I probably would wind up getting sued. I guess you have to have a business plan to be able to jam signals without fear of prosecution (mostly kidding here).

It does seem like a reasonable application but, as the story says, isn't intended to address the broad range of objections. Still, protecting privacy of medical information is a step in the right direction... and what's to prevent me from applying it elsewise?

Re:If I'd tried it...

[C10H14N2 (640033)]

We have spent billions of dollars and centuries of research and development on a technology to prevent this kind of abuse. It can be embedded or layered onto another invention called "paper." Using a portable delivery device known as a "pen," pricing information can be recorded at the point of delivery. This technology can also be combined with device we call a "printer" to produce "bar-codes" that are machine readable. The resulting data-carrier, referred to as a "label," can be enclosed in another device known as a "bag" or "envelope," thus preventing any unwanted scanning by third-parties.

Seriously, why the hell does your medical information need to be transmitted by radio to a fscking cash register? We can't train people to fscking READ anymore? Christ.

Low Tech Version

[lionchild (581331)]

Why not simply make the bag out of a material that simply dampens radio signals, opposed to sending out additional, confusing signals? It's a technique used to keep security sensors from detecting RFID security tags. And the substances that work are ..reasonably commonplace.

Re:Low Tech Version

[SpyPlane (733043)]

We have a stupid FastTrak system here in California for the carpool lanes where you can pay even if you are by yourself in the car. They give you a transmitter box and it debits your account when you get in the lane. Long story short, they give you a bag made out of silver to put your transmitter in if you actually do have a passenger with you, so your account won't get debited.

Seems like one of these silver bags would work perfect to put RFID enabled items in.

Re:Low Tech Version

[donutz (195717)]

Wired did an article on this: Is RFID Technology Easy to Foil? [wired.com]

Re:Low Tech Version

[KingKire64 (321470)]

I believe those bags are called Booster Bags and the are a felony to possess, in PA at least. My sister works in a retail outlet and they have caught ppl using them. Throw clothing in bag walk out store no annoying alarms.

Simple Solution

[sunami (751539)]

Why not just pull out the RFID?

Next up- RFID blocker blockers

[wowbagger (69688)]

RSA's next annoucment will be tags that will block the operation of the tags that block the operation of the tags on the things you buy. This will be offered as a security enhancement to stores to prevent the RFID system from being jammed.

Re:Next up- RFID blocker blockers

[j-turkey (187775)]

RSA's next annoucment will be tags that will block the operation of the tags that block the operation of the tags on the things you buy. This will be offered as a security enhancement to stores to prevent the RFID system from being jammed.

Circumvention of circumvention technology.
ERROR: DMCA buffer overflow

I'll take one bag

[Anonymous Coward]

About 6'2" tall, maybe... 2 feet wide... with a breathing hole if possible, and maybe some plastic towards the top to see out of.

Why Indeed

[ackthpt (218170)]

Maybe it's just me, but this seems to not address any of the important RFID issues at all.

Oh, I don't know about that. Seems this is just the thing to keep those guys wearing RayBans and black macks, lurking in an arcane sea-green Dodge Dart parked in the far corner of the drugstore parkinglot from discovering which medication you're on this week for your schizophrenia and irrational paranoia.

new restrictions

[theMerovingian (722983)]

The pharmacist provides your prescription in a special bag with the Blocker tags. When the drugs are in the bag, RFID readers are blocked.

"Excuse me sir, could you please leave your stack of empty Walgreen sacks here at the counter"
--Best Buy employee

RFID Blocker? No, RFID Nuker!

[MattT (130844)]

What I want is to be able to disable the damm tags on anything I've already purchased and taken home!

IBM has this

[John Harrison (223649)]

IBM in conjunction with a German supermarket chain has developed a way to disable tags en masse as you leave the store. This gives the store all the benefits of RFID without giving the customer any of the negatives.

I submitted an article on this to /. a few weeks ago but it was rejected. Typical of /. to print every anti-RFID piece of FUD they get but to ignore anything that might indicate that some companines get it.

How about foil-lined bags?

[Bob Cat - NYMPHS (313647)]

That's what shoplifters use right now to defeat the currently used radio tags. 60 minutes did a segment on professional shoplifters [cbsnews.com] last Sunday. It's a $10 billion a year industry.

Who told the criminals about Faraday cages? Did they learn it on the Internet? We need to remove this dangerous physics information from places kids and robbers can get it!

Couldn't you just always carry a blocker tag?

[thesolo (131008)]

Essentially, the blocker tag system works by tricking readers that all the possible RFID tags are present at a given time. Because RFID readers can communicate with only one tag at a time, when multiple tags reply to a single query, the reader detects a collision.

When that happens, the reader tries to communicate with each tag individually, asking each for its next bit, which identifies the portion of a binary tree the tag resides on. However, when queried in the presence of a blocker tag, the blocker tag also responds, but with a "0" and a "1" bit, confusing the reader and preventing it from getting valid responses.

So couldn't you just always have a blocker tag with you at all times? Say you build one of these into your watch, for instance. Wouldn't that make a store's entire RFID system useless for the items you're carrying?

Also, blocker tags in bags don't do anything to protect your privacy once you take the item out of the bag; so if the RFID tag is on clothing, it would still be active while you're wearing it, but not while you're walking out of the store with it. Something about that definitely doesn't seem right.

Someone's trying too hard...

[Stone Rhino (532581)]

You don't need a special chip to stop RFID tags from functioning. Look at the EZPass/FastPass/etc. systems in use on highway systems across the country. They come with a metallized plastic bag, similar to the antistatic ones that your hard drive came in, that blocks the signal from the EZPass so that you won't register when you don't want it to. All you need is your standard Anti-static bag. Drop your RFID tags in there and watch the readers try to find them. Signals won't penetrate: no chip necessary.

Re:Someone's trying too hard...

[jjshoe (410772)]

My rfid badge still works at work in an anti-static bag. I just tested it. Could have something to do with the fact that EZpass, etc. are ACTIVE rfid's and the rfid in my badge is PASSIVE much like the kind that will be used in stores.

Cloaktec(TM) EMI / RFI Shielding Material (fabric)

[Anonymous Coward]

blocks from 10 MHz to 20 GHz mobilecloak [startsimple.com]

RFID on drugs?

[SuperBanana (662181)]

The pharmacist provides your prescription in a special bag with the Blocker tags. When the drugs are in the bag, RFID readers are blocked.

Uh...why would you need to put RFID tags on drugs or on drug containers in the first place?

If you're talking about prescription filling errors, that would be solved overnight by two things:

a)making doctors fill out prescriptions similarly to how most government forms are- one box per letter,capital letters(and when a prescription is rejected- the pharmacy makes it clear to the patient, AND the hospital, WHY. Doctors who can't be bothered to write clearly for the safety of their patient find themselves on the street).

b)training pharmacists better, holding them and their employers accountable for mistakes, and FDA(or state) conducted spot checks(we check health codes at restaurants to make sure Jenny the short order cook doesn't store that pot in the wrong place, but we can't be bothered to have someone fill a prescription a few times a month and check the results at a lab?)

If we're talking about theft(gillette's supposed reason for doing RFID), the major source of theft is armed(or claiming to be armed) robbers stealing powerful painkillers that have value on the black market.

RSA is grasping at straws here, finding a solution to the problems with a solution that was invented out of thin air(for a real problem). Say that 5 times fast.

Stupid example

[tomhudson (43916)]

Stupid example. Since when do pharmacists put rdif tags in your pill bottle? Sheesh.

Not to mention a whole host of other problems. Seems RSA is looking for a new business model, seeing as their compression patent expired.

RFID nuking

[BritGeek (736361)]

One of the main complaints about RFID - that RSA's announcement doesn't address - is that consumers should have the right to have the tags "nuked" at point of sale. That implies that:

1. The tags themselves have to be designed with fusible links (so that they can be overloaded & die), and
2. The POS devices have the option of tag nuking, or maybe some area at the POS where tagged goods can be placed that will nuke them. (Many stores already have those pads that wipe out inventory control tags to prevent theft - same kind of notion.)

So, the question at a practical level is - is the industry actually responding to this, or is RSA's announcement just bandwagon hopping?

Interesting, but unlawful (in the U.S.)

[Eric Smith (4379)]

FCC regulations prohibit deliberately interfering with radio communication. 47 CFR 15.5(b)

ESD bags?

[Laurion (23025)]

Odd. When I want to block an RFID tag, I put it an ESD bag. (Electrostatic bag, the kind that come with many computer components). When I ordered an RFID based automated toll-booth system, it came with an ESD bag, and in their FAQ they explicitly state that if you don't want your tag read and your account charged, just put the device in the bag, easy as that. Presumeably, an ESD bag (which has enough metal in it to accomodate a random static discharge) would create a Faraday cage around the tag, and keep the radio signals from getting in or out of the bag. Now all I have to do is make a shopping bag out of ESD bags.... or just line a backpack, and _bam_. Shoplifter's dream. just remember to close the bag first....

Why would it?

[TheCabal (215908)]

Maybe it's just me, but this seems to not address any of the important RFID issues at all.

Why would this address any of the important issues. The important issues are based in policy, not technology. Technology enforces policy.

A pack of Marlboros will do the same thing.

[akmolloy (686919)]

We've tested it here at the UCONN Library. We use RFID tags on our books, and if you know where the tag is and hold a pack of cigarettes in front of it when you leave, it will block the tag from being read. In this case, tinfoil really WILL protect you!

Like voting machines: why should I believe?

[dpbsmith (263124)]

The problem with all of this stuff is that I have no way to check any of it for myself. How do I know that the "blocker bag" they gave me works? How do I know that someone won't start a business of supplying cheap substitutes, for businesses that want to pacify their customers, that look like real blocker bags but don't do anything? What do I look for? The genuine RSA seal? What if the pharmacist hands me a bag that has some other company's seal on it? Do I trust it?

Will there be a TRUSTe seal on the bag to tell me that I can trust the company that made the bag... just like the TRUSTe seal that certified that eToys would never sell their customer list?

Suppose I have a genuine RSA-branded blocker bags with an authentic non-counterfeitable TRUSTe hologram on it. How do I know it's working properly? Will the pharmacy supply a "blocker bag scanner," like the price-checking guns in Walmart, that let me verify that the blocker bag is actually working? Will the blocker bag scanner have a Commonwealth of Massachusetts weights-and-measures sticker on it to assure me that it's working properly?

If the answer is that I should just trust the pharmacist to be telling the truth when he says it's a blocker bag... well, why shouldn't I just trust the pharmacy not to do anything bad with the data they are capturing from all the RFID tags I'm wearing?

Just because CVS/Pharmacy gave a marketing firm a list of diabetic customers to sell to companies marketing products for diabetics doesn't mean they'd ever do such a thing again. Heck, that was way way back in dark ages... 1998.

These companies are all like Lucy holding the football for Charlie Brown. Trust us, trust us, trust us... even though we've betrayed your trust over and over again in the past, we'll never do it again.

Open-content solution?

[ggwood (70369)]

Just let all information formats on RFID tags be public. Let anyone buy a reader. Obviously, going in to a store with a RFID tag re-writer would be a problem, but the checkout-register could doublecheck randomly.

Make storing customer personal information on such a tag a felony, even if the customer signs any forms indicating otherwise. Business can still use RFID for quick checkout, inventory management, etc.

Since we all have readers, we can doublecheck that the tags are, in fact, erased. I would suggest having readers all over the store, even on the way out. If they are not properly, totally erased, bring them back to the counter. Even 10% of customers doing it would provide major incentive to get the tags erased correctly, the first time.

In fact, why don't we walk around the store with RFID readers? That way we can check the real price of each item - no confusion or misleading shelf placement. If there is a rebate, that information should be on the tag.

Lastly, to achieve nirvana, all we have to do is require the wages of people who made the item on the RFID tags. That way the (now well informed) consumer can choose between shoes, clothing or other goods made in various countries - and actually be confronted with how little people earn in some places. Sure not everyone will care, but enough will.

Re:Where can I get one of those bags?

[gfxguy (98788)]

The same thing that keeps them from doing it now (hint: it's not RFID).

Re:Where can I get one of those bags?

[gfxguy (98788)]

The most important things that keeps the vast majority of shoppers from stealing DVDs, or anything else for that matter, are honesty and morals.

Re:Actually it's not honesty and morals

[TheCarp (96830)]

I can't speak as to Best Buy Specifically, however, I did some contract work for another Big Dept store a few years back (about 2-3 years before they went out of buisness)... I wasn't doing security but I saw the security offices and whatnot (in fact, I stayed overnight in the store, sometimes with a security person, sometimes with just a manager - only once did we get a request by one of them to check our tool bags at the end of the night, but when we said ok immediatly, she just let us go - but she was just a biutchy manager that gave us an attitude all night long - she was also the only one that complained about me wanting to take a book and sit on one of the futons in the store when I had an hour of downtime waiting for data to copy... bitch)

Anyway... my point... ive seen the way their security operate and talked with them about it a bit.

From the moment you enter the store, you are on tape. They may or may not be watching you specifically... you just don't know. Rest assured they are watching somewhere in the store. They know what to look for, they know how to tell who to watch.

Who is the security guy? Well I will tell you, he is probably dressed well, but not like an employee. He/she wont wear the store colors, or a name tag, and he is watching the cash registers as much as anywhere else.

In fact, the store I saw had a very old system overall that hadn't been upgraed in years, not like all these new Best Buy stores. Yet still with that old system they could watch a cashier (what? you think the shoppers are the only people the security folks watch? notice the camera density by the checkout - those are for watching the clerks as much as you) and on a seprate terminal he could watch the transactions go by as the clerk scanned items and input stuff into he register to make sure the clerk wasn't putting through improper transactions or helping people steal from the store.

-Steve

Re:That's an improvement

[Doesn't_Comment_Code (692510)]

That reminds me of a news special I saw on TV about professional shoplifters. Apparently they had devised a way to smuggle clothing and other goods with RFID tags past those little scanner gates. You wanna know how they did it?

Tin foil lined bags!

According to the show, some of these shoplifting rings take millions of dollars worth of merchanise a year. So this method must be pretty effective. I love when people go through a ton of work and invest billions of dollars while ignoring something simple/stupid like tin foil.

Re:That's an improvement

[stratjakt (596332)]

RFIDs arent meant to solely deter shoplifting. Hell, you can rip the security tags off.

They're more about inventory and process control. Store managers want to be able to walk down the aisle with their RFID-scanning laptop and instantly know how many of each item are there. Or, misplaced items can shout "hey, I'm on the wrong shelf!"

Or honest shoppers can take their stuff up to the self-checkout area, and the screen shows you whats in your bag and you sign off on it, rather than having to scan and rebag everything.

And, of course, the paranoid will tell you its so the CIA can scan you from a plain white van and know what kind of deoderant you use.

Shoplifters and thieves will always find a way around the system, so it doesn't matter.

Re:That's an improvement

[zelphior (668354)]

Conceivably, RFID tags could be constantly tracked in store and raise a red flag to security if they disappear.

Not sure if that would do any good. Someone goes into a store and grabs something with an RFID, places it in their foil lined hidden inner pocket in their jacket, and walks out. When the item goes off the RFID master radar image, it maybe sets off an alert, so then someone has to physically walk to the shelf to see what happened. By then, the thief is long gone. Plus, they aren't exactly super high-power devices, I'm sure they occasionally don't hear the query or respond back in time, so you'd get lots of false alarms.