RFID More Hackable Than Retailers Think? 411
Iphtashu Fitz writes "Lukas Grunwald, a senior consultant with DN-Systems Enterprise Solutions GmbH, is warning retailers that the RFID technology that they are quickly adopting can easily be hacked with the appropriate tools. Grunwald has written a program called RFDump which lets you read and display all metadata within an RFID tag and also modify the user data using a text or hex editor. He wrote this program to demonstrate how consumers can protect themselves by wiping out RFID data after purchasing a product but he acknowledges that it would be trivial to abuse this behavior. What, you might ask, can you do if you hack an RFID tag? Well as the technology is adopted more widely a thief could conceivably mark down the price of an expensive piece of jewelry before paying for it at an automated checkout counter, underage hackers could purchase alcohol or adult movies, and pranksters could simply reprogram the inventory of an entire store by just walking up and down the isles. 'The people who will be using this (shopkeepers) don't know much about technology,' Grunwald warned."
No Tech is safe (Score:5, Insightful)
Re:No Tech is safe (Score:4, Insightful)
Re:No Tech is safe (Score:2)
With RFID, it's likely possible to do all this without ever displaying any out-of-the-ordinary behavior. If you've got the re-pricer in your pocket, just getting near the item would be enough to rebrand it, while simultaneously rebranding items you happen to walk close to. Of course, people will probably start looking at things funny when the stores oversells all their $5 DVDs while having enormous shrinkage on new releases....
Re:No Tech is safe (Score:5, Interesting)
Reprogrammed RFID-Chips are not to spot without the proper equipment. And if you use the self checkout lane, there is no one to spot anything except the machine which is programmed to look solely at the RFID chips.
A way to prevent some misuses would be to ask the customer to scan at least the bar code too, so the check out machine can do a match between the RFID information and the bar code information. But THEN your argument holds true that the fraudulent customer could also relabel the good before going to the check out. A label scanner is not able to difference between a printed on bar code and a bar code that got stuck on by someone.
Re:No Tech is safe (Score:5, Informative)
you set them once and they stay that way forever.
The story is nothing but high brow FUD.
not all RFID tags are the rewriteable type. most are the single write read many variety. and nothing is to stop a manufacturer like coke from ordering their rfid tags preprogrammed. not every can of coke needs a different tag. (just like hoe they dont have different barcodes on them.
Re:No Tech is safe (Score:5, Insightful)
It depends on what you're trying to accomplish. If you're attempting to take inventory by using RFID tags, having a product ID and serial number in the tag is a good thing. You can wave the reader around a shelf and know how many cans of Coke you have in six packs, 12 packs, 20 oz, etc (each different form factor would have a unique product ID).
Similarly, a drink machine could contain a reader coil around the inside of the refrigerated box that could poll the contents of the machine and set prices accordingly (today I have 20oz Coke bottles - they're $1. The Red Bulls are $2, etc). The machine could also 'call home' when a particular item runs low. There are lots of reasons to have unique IDs on otherwise identical products.
Your logic is flawed. (Score:2, Informative)
Since each column is limited to one type of drink the machine can easy test how many of each brand are left and notify 'home' that they are running low. Which won't necesarily mean it will be filled quicker, it just means they know exactly what to bring to the machine.
Re:Your logic is flawed. (Score:2)
You forget, sir, that the RFID companies would like to make money. Therefore, logical arguments such as yours are thrown out for "LOOK HOW MUCH EASIER IT IS WITH RFID!"
Re:Your logic is flawed. (Score:3, Insightful)
They can serve some new purposes, allowing future drink machines to be designed differently.
RFID-enabled machines can have smaller granularity of product choices. Suppose machines hold 320 drinks. If it's split into 8 columns, you can only put 8 different things in there, limiting marketing opportunities. (Can't have 5 kinds of expensive, rarely purc
Re:No Tech is safe (Score:2, Insightful)
the 16oz cans all need the same RFid tag exactly how they do it right now with barcodes.
then have different rfid tag's for the case package.
Stores then can see that johnny-public bought a item that has a Case identifier tag and 12 can identifiers... making one complete case of coke.
serializing is still simple and is part of the manufacturing process in most chips anyways.
Re:No Tech is safe (Score:5, Insightful)
Its a TAG which contains METAdata, not data.
It does not contain item prices or consumer behavior. Its an ID for crying out loud. the actual ID number is fixed and not changeable. Plus most have a crypto mode, which can be locked on permanantly. Once locked, the data can still be changed, but you need the special key and whatnot, which means you need to break the encryption. Its not trivial.
The space on the tag is used for identification purposes ONLY. The tracking is done by a database elsewhere.
We be tagging whales and wild animals for years, but you dont put the info in the tag, you put it in a database, duh.
Re:No Tech is safe (Score:2)
You obviously have never heard of DeCSS...:) It would be trivial to crack the key if look to previous commercial encryption systems.
Audits (Score:3, Interesting)
Re:Audits (Score:3, Insightful)
If you remap every item in the store, everything everyone buys on that day will be wrong. Narrowing it down to the Black Hat who did it is hard.
If you swap ID's between components, the inventory (which they also take with RFID's, of course) comes out right, and the problem shows up when a pack of gum has the RFID of a $50 item...
Re:No Tech is safe (Score:2)
It's a tricky process to do surreptitiously. You have to align a label correctly over the barcode of the product and flatten it down so that it can be scanned properly.
Reprogramming an RFID tag could be done using hidden equipment while merely holding the item in front of you. You could do it right in front of a security camera and not be noticed.
The solution: (Score:5, Insightful)
We'll just release poorly thought out technology that promises things older tech's can't deliver, but make sure not to put in the press releases that mayhem can ensue from its use. Then when someone discovers this, we'll just see to it that it's illegal to own equipment capable of performing these operations (despite their otherwise legitimate uses), and so we have protected our customers by giving them a false sense of security while sacrificing another tiny bit of essential liberty.
Re:No Tech is safe (Score:3, Insightful)
There was also the case of a cashier who rang up expensive meats for her friends at a fraction of the s
Re:No Tech is safe (Score:3, Interesting)
Unless there's a problem getting a particular item to scan, you can go through the whole process without speaking to a store employee once.
If you're going to go changing the bar codes, though, you can't make it too obvious; they might clue in that the $25 package of steaks should not be scanning in as $0.49 green onions.
Re:No Tech is safe (Score:5, Interesting)
Re:No Tech is safe (Score:3, Informative)
BJ's Wholesale
Home Despot
Shaw's or Stop & Shop (Grocery)
All of these have their pro's and cons.
Of all the one's I've used, I like the BJ's ones the best. The only con I've seen with them is that intervention is needed for really heavy and really light items.
The Home Despot ones are fine, provided you are buying small items. Attempting to self checkout 60lb bags of quickcrete or a dozen 2x4's would probably cause you proble
Barcodes (Score:2, Funny)
Reminds me of my plan to stick condom barcodes on boxes of oatmeal.
Xix.
Reprogramming (Score:5, Insightful)
What quicker way to make life insanely difficult for a retailer who forces the use of these things upon customers.
How much would it cost to re-manualise their systems if they keep on just losing track of the info in their RFID tags. Hw many would even bother after the 2nd time.
Looks good
Re:Reprogramming (Score:3, Insightful)
Re:Reprogramming (Score:2)
it matters because... (Score:3, Insightful)
Re:it matters because... (Score:3, Insightful)
That, and when we switched from "customers" to "consumers".
--Jeremy
Its easy (Score:5, Insightful)
just my 0.02
You answered your own question (Score:2)
http://example.com/ [example.com]
Re:Its easy (Score:5, Insightful)
if the description doesn't fit the checkout assistant won't allow the sale.
if you use an automated checkout, then why bother even changing it? you won't have the correct item on your receipt so no proof of purchase if stopped by security.
all it would allow is you to claim someone else did it if you get caught. but if you have the RFID writer on you that won't work. you'll have to get rid of it but with security cameras everywhere that won't necessarily work.
Re:Its easy (Score:5, Insightful)
So you have an accomplice do the remarking, he walks out after purchasing a chocolate bar, then it's your turn with the expensive stuff. Or you just go into the store twice, once with the RFID writer, and once to collect the stuff.
Re:Its easy (Score:2)
if the description doesn't fit the checkout assistant won't allow the sale.
When was the last time you were in a large dept. store?
The mindless zombies that work at the checkout barely even look at the register while they ring up the items. And even if they did, how trivial would it be to swap a no-name brand model for a ultra high quality model, and how likely would they notice the subtle difference?
Re:Its easy (Score:3, Insightful)
You have never really been IN a big store, have you?
You walk up to the counter at Target or Wal Mart.
You hand the checkout person the MP3 player you want to buy. It's an ABC corp 512 meg MP3 player with inegrated everything, $300.
However, you have switched the RFID codes with the ABC Corp's *bottom* end product, a 32 meg crap Mp3 player @ $14.99.
The checkout person (9 times out of 10 a new immigrant who probably can't read engl
Re:Its easy (Score:2, Insightful)
No search can be performed and then it will be by the Police. They won't search you unless they arrest you first (for shoplifting). More to the point the store will have to prove you or your accomplise mismarked the items, near impossible unless you confess.
More to the point, why would we warn the retailers of this flaw in the system they have spent millions to create?
Are these the same people that go shopping and then tell Management they can't believe how low their prices are
Re:Its easy (Score:2)
Well, the thing is, it's the consumers who will pay for it, be it through higher prices, or bankrupts reducing competition, or problems caused by more unemployed people...
Stealing and natural selection have about as much to do with each others as homicide and natural selection (interpret that however you wi
Re:Its easy (Score:4, Insightful)
Marking it down doesn't mean marking THAT item down, it simply involves making one item look like another.
For example... if you program a $50 shirt to look to the scanner like a $14 shirt, instant discount.
What would be funny though is a pack of balloons being remarked as a package of condoms or some other such amusing change of ID.
Re:Its easy (Score:2)
But i guess read-only tags will appear soon, as well as tag-writer-scanners or blockers
Re:Its easy (Score:2)
Four words: digitally signed MD5 checksum (Score:3, Insightful)
circle (Score:3, Insightful)
Re:circle (Score:2)
W-O-R-M (Score:4, Interesting)
Is there any advantage for embedding prices in the tag?
Re:W-O-R-M (Score:5, Interesting)
Re:W-O-R-M (Score:5, Insightful)
First of all, there are no widely adopted international standards for RFID but there is work on ISO 18000, so it all depends on whether your reader/forger supports a given tag's vendor protocol.
The next problem is that RFID systems can operate at different frequencies, the most common ones are 125KHz - 148KHz, high at 13.56 MHz, UHF 850-915MHz and even at 2.45 GHz in the ISM band.
The tags that will be used in retail at automated checkout counters all have a scheme for preventing tag-collision that occurs when tags respond simultaneously to the reader. In order to hide a $800 digital cam-corder the following would have to happen:
You bring the forger into the store and operate it where it is not in view of the many security cameras staring at you
You research the store for a low price article that matches within tolerance what the cam-corder weighs. What that tolerance is,will be open to your own research. Setting the forger to lowest sensitivity / lowest transmit power you read the RFID data of the low-price article. Make double sure the data you read is from the low-price article and not from one of the thousands of tags surrounding you.
The low-price article may have individual identifying RFID data that must NOT be scanned at the checkout counter, not even after you and maybe your helper have left the store (Remember the security cameras, they could potentially match up your face at the automatic checkout with the article!). Also, again if the RFID data uniquely identifies the article another customer could take it to the automatic checkout and the system could mark the article as already sold in its database meaning you can't purchase it in lieu of the cam-corder. You must disable / destroy the low-price article's RFID tag either physically or with the forger.
You set the forger to the lowest sensitivy / lowest transmit power to read out the RFID data of the cam-corder. Make sure you get the right RFID data because you will be surrounded by tons of RFID tags. (BTW, it may be safer to read out the RFID data of the cam-corder you want one day and maybe have someone else get it the next day, but if you do that then make sure you mark the box some way that you or your helper takes the right cam-corder to the checkout. This may be because each cam-corder may have unique RFID data).
You take the cam-corder to the checkout and flip the forger into forge-mode. The forger monitors the radio communication at the reader forcing the transmission of the low-price article's RFID data utilizing the vendors tag-collision protocol to quiet the cam-corders tag. After transmitting the low-price article RFID data the forger jams the reader making the automatic checkout believe this is the only article being presented for purchase.
Complete the purchase with cash or with credit/debit cards not linked to you.
Re:W-O-R-M (Score:2)
and it's not like you can't slap a sticker with a fake barcode on a product either, so what's the deal? rfid is just a wireless barcode, a barcode that's easier to read(no need to swipe it across a reader with the right side pointed toward the sensor). nothing more nothing less...
Re:W-O-R-M (Score:2)
Jason
ProfQuotes [profquotes.com]
Re:W-O-R-M (Score:2)
Re:W-O-R-M (Score:2)
Yes, but if you want to forge the price, just change the item identification to a similar but cheaper one. Would work especially well with clothes, hard to spot by the cashier, but also on other stuff.
Re:W-O-R-M (Score:5, Informative)
In addition each rfid has a unique number, which cannot be changed. If the store wanted to they could record thoses individual numbers instead of the product code and that would solve the problem. However that would be a major problem, since instead of having a single product code for 1000 items you now have to store thoses 1000 item in the database.
Re:W-O-R-M (Score:2)
Never thought I'd be "working" at Walmart... (Score:3, Funny)
Crypto? (Score:4, Interesting)
With a simple database, this is not a problem, since it is computationally infeasable to forge a signature like that.
Re:Crypto? (Score:3, Insightful)
The way to fix this is to make the tag only accept new data (or erase commands) when it's signed with the same key as existing data. But crypto hardware is more expensive and power hungry than simple storage, so it may not even be technically
Re:Crypto? (Score:3, Interesting)
Easier Solution? (Score:2)
There must be some sort of EOT packet in the RFID communications stream - the tag just blows a fuse when it sees the tag, like an FPGA can.
There would have to be some global namespace assignments so each store could use the RFID from the manufacturer, but I thought that was the plan anyhow. I can't see any reason for a retailer to reprogram an RFID tag - everything beyond the ID will be in their database.
Re:Crypto? (Score:2)
Re:Crypto? (Score:2)
they've got it covered... (Score:5, Funny)
Barcodes are unsafe too. (Score:5, Insightful)
However, when you can automate something, that is an differend story. With tag swapping, you can play the percentage game, usually the number of individual swappers is small. With automated swapping (esp. wireless), one individual can swap everything. That is a true risk.
However like the step from label to printon bar code. There is only a small window of opportunity.
In the near future, we will see read-only tags, embedded during the production fase.
Re:Barcodes are unsafe too. (Score:4, Informative)
here in michigan it's a LAW that all items must be priced. so I see price stickers on every item in the store every single day I go to one... they are manually priced by some 15 year old kid that hate's his job.
Re:Barcodes are unsafe too. (Score:2)
Remember when they were? My parents used to own a small village shop - I remember pricing stuff myself...
Re:Barcodes are unsafe too. (Score:2)
Yet with age comes wisdom - I remember when the big problem at the local grocery store was when people would peel off the price tags in the dairy section from one item (say a quart of milk) and put it on a higher-priced item (say a quart of heavy cream).
The moisture condensed on the smooth cartons made the stickers' glue less sticky, so the dairy section was most vulnerable. On dry goods one of the quadrants of the sticker
interesting article in Dr Dobbs this month as well (Score:3, Interesting)
Here's a summary:
The scanner basically gets all the RFID tag info from all the tags at once, on the same frequency, which as you can imagine creates a lot of noise. In order to find out what tags are in the area, you have do a binary search. First ask all the tags that have a 1 in the first digit of their serial numbers to reply. Then the ones with zero. Then all of the "10's", the "11"'s, etc. And so on down the line, pruning empty subtrees as it goes, until it knows all the nearby RFID tags.
The article described a custom RFID tag that just always responds to all serial numbers. Tying up the scanner for 1^64 (or is it 1^64 factorial?) iterations of the algorithm (forever, basically).
Pretty neat. I will definitely be carrying one of those in the future. "Hey, whenever that guy comes in the store, all our inventory disappears"
Re:interesting article in Dr Dobbs this month as w (Score:3, Funny)
i hope you're trolling, because both numbers are 1
Re:interesting article in Dr Dobbs this month as w (Score:2)
Actually, that's base 2 (2^64, also known as binary. 1^n where n=any number equals 1.
That sounds trivial to counter (Score:2)
possible without RFID also (Score:3, Informative)
Competitors (Score:5, Insightful)
Any data you can get on your competitors is certainly better than none at all.
Re:Competitors (Score:2)
Using EAN and RFID to shop ethically (Score:5, Insightful)
I have an idea that I've been thinking about for a while.
Some of us choose what to buy on the basis on how well-behaved the producing company is. Nothing new here. Some "bad" companies and their products are easy to indentify: I try to not buy anything from Nestle (breastmilk substitute in Africa), McDonalds (cutting down rainforests), and so on. As you can see from my reasons, they are probably a bit outdated as it can be hard to get good consumer information through the media noise.
Ok, heres the thing: most products these days have an EAN/UCC [ean-int.org] code. The number in that code includes an identifier for the selling company. What if the Internet community would create a database of companies and start setting grades on them with regards to product quality, environment concern, workforce treatment, and so on?
"But it would be too much of a hassle to query the database each time one buy cerials" you say. Sure, but consider two things:
How do RFID fit into this? Well, imagine a clock that vibrates when you are about to touch some ethically questionable item! :-D
RFIDs have been creating a lot of interest in the industry as it gives them better control over where items are, who buys them, if they return, etc. Now, if consumers could easily boycott a company due to bad quality or unethically behavior, the whole idea could backfire on them!
Re:Using EAN and RFID to shop ethically (Score:3, Insightful)
Re:Using EAN and RFID to shop ethically (Score:2)
Re:Using EAN and RFID to shop ethically (Score:3, Funny)
So when wouldn't it vibrate?
Re:Using EAN and RFID to shop ethically (Score:3, Interesting)
It should be pointed out that scanning the barcode is NOT photographing it and the shops would have difficulty arguing against the practice. If anything, it might direct shoppers to the ethical goods shelves where margins are higher...
I think there is a case for aids for the partially sighted that would scan barcodes to report back what is on the shelf. Adding an ethical score to the internal database wo
Re:Using EAN and RFID to shop ethically (Score:2)
Even more fun! (Score:3, Interesting)
I really can't wait until we have time bombs that are a result of the number of times a given person walks by with their RFID tag on. 10, 11, 12, booom.
Food for thought anyway.
Non-issue for store tags (Score:4, Insightful)
Concerning stores, this is stupid. Retailers don't need expensive reprogrammable tags and don't use them. Cheap tags are just a unique ID number which can't be changed. Any decent retailer saves money on tags and increases security by using cheap tags (no data storage, just a fixed number) and keeping their price and product data in a database keyed to these ID numbers. So talk of walking through Wal-mart and saving money or causing chaos is fantasy.
Conclusion: it is only the medium price (storage but no crypto) tags which are and always have been a risk. The only contribution of this program is raising wider awareness and thus breaking illusory security through obscurity.
Would you like a sticker? (Score:2)
Yes, I know they don't 'tag' each item,.....yet.
This is plain hype (Score:3, Insightful)
In any secure application you don't keep the important info on the portable device! You put it in a secure database where all the security risks are known. The RFID tags should have a non-programmable, non-erasable fixed unique code.
The scaremongering that this thread typifies is both stupid and done to death.
Hack the Power!! (Score:3, Funny)
If they try to kick you out, dump the zapper in some old ladies trolley. She'll march about for hours, wiping any spy gadgets in the buliding. Some might construe this as vandalism, but I construe reading dozens of RFID tags, covertly embedded in every item I buy, an illegal search.
Of course execs will find some law (can you say DMCA) to label any such defenders of privacy evil criminals who seek to undermine the economy and of course the usual line, RFID helps fight terrorism or some such rubbish. They're probobly looking for a way to make RFID blocker tags illegal as well.
Unfortunatly, the solution may be simply to make RFIS tags read only, further compounding the privacy issue.
A simple solution? (Score:2)
Yes! (Score:2)
COOL!
Not everyone can really write to tags (Score:5, Informative)
In order to write data to the tag you needed to know a 64bit number that was programmed into the tag. The standard didn't say how you set that number; that was policy reserved to the tag programmer. But in order to have a write command accepted, you needed to match the previously programmed number.
So if commercially deployed tags really are generally writeable it is more of an administration problem (like leaving telnet enabled on public facing servers) than a failure to consider the problem at all.
Why these people are fucked. (Score:5, Informative)
"Oh, yeah, we have it."
I get there, and it turned out they didn't have it. They had an AC Adapter.
A clerk who cannot tell the difference between something that lets you go on the internet and something that plugs into the electric socket will be easily fooled by the RFID swap. Even if someone DOES check your bag, do you think "Joe Walmart" is really going to be acute enough in his observation to recognize that you've got the high end ATI card, and not the 9600? Doubtful.
It'll be great to watch Wal-Mart reap the fruit of the seed they've sown - lost merchandise, lost profits, etc. And it's quite fitting that this really has nothing to do with RFID, but their unwillingness to go the extra mile to spend a few more bucks to get employees who know what they are doing.
Adult movies? (Score:2, Funny)
Some SCO's, maybe. (Score:5, Informative)
Some SCO's (namly those by ACM/IBM) have a secondary server that handle the interactions with the cash register controllers (sometimes called the BOSS server). They have a 'security profile' that lets a SCO learn pieces of information about an item (dimensions, weight, that kinda thing) and if the item doesn't match a security profile, it'll kick it back, until a cashier scans their card to get it to learn the item.
Other SCO's use a weight-based system. I'm not totally sure if the scales weigh all items and go from item to item specifically, or from item to item just to see if the item's been placed in the 'bagging' area (if not a pass around item).
A properly set-up SCO won't allow things like this anyway. Really, nothing more than barcode switching.
" shopkeepers don't know much about technoligy " (Score:2)
What an incredibly patronising, stupid, and, just plain wrong thing to say.
Walmart, Tescos, Carrefour (pick your local mega retailer) are incredibly sophisticated in thier use of technoligy. They all have first class inventory managment, ordering and distribution systems. With the advent of customer loyalty cards they drove data warehousing technoligy to new heights. In addition the "old" retailers have significant market share in e-commerce.
And this guy thinks they will have problems implementing what is
RFID Tags (Score:5, Insightful)
More crazy laws... (Score:3, Insightful)
RF detectors
Calculators
pencils
human brain
words
-I'm not the troll you're looking for.
encryption (Score:3, Insightful)
Some people have already looked in to this, although of course retailers don't pay attention anyway.
Can be secured (Score:3, Interesting)
By the way, the
For mass retailers like Walmart, RFID will work much better than barcodes and it will probably be first implemented in the distribution system, not the sales system. One RFID tag will keep track of a single shipment lot, case, box, whatever.
RFID tags will NOT replace barcodes in the forseeable future. But they can accomplish some things better than barcodes so they will coexist.
True, but not really new... (Score:3, Insightful)
What is cool about the RFID stuff is that I bet with the right antenna, you could do the reprogramming from the parking lot, and do a whole shelf full (store full?) at once. Suddenly, everything in the store is a 50 cent pack of Wrigley's...
Cheap for home use (Score:4, Insightful)
Seems the discussion here has been mainly about ripping off the retailer. I think the idea of erasing them after purchase for privacy reasons is far more improtant.
However, another way to look at it is as a cheap way to get tags to use at home. I've got large collections of CDs, videos, and books in my house, and it's always a real pain in the ass trying to find something I haven't used in a couple years. If I'm getting all these RFID tags for free in the products I buy anyway, and I'm able to erase and rewrite them easily, then perhaps I can remove them from the products and redeploy them into my books, CDs, etc, and then use an RFID reader to more easily find things.
Sure, it would be a long-term project to get everything tagged and inventoried, but so what? I'd be able to easily find things I'd already tagged, and if I have to search for something that wasn't tagged, it would be easy enough to tag it once I find it.
Re:More intrusive technology (Score:2)
it isn't about technology, it's about data. you need something like the UK Data Protection Act which means you have access to any data about yourself and restricts what companies can do.
Tin Foil Hats Keeps The RFID away (Score:5, Insightful)
Now, could RFID be used to track your movements? Potentially, but so could a camera with facial recognition. RFID chips could simply be implanted with the ability to deactivate once the transaction is complete.
Even taking the worst case scenario, all the evil corporations collaborate to track what you buy and where you go, what do you think they are going to do with that data, send in a corporate death squad to off you? At worst, they are going to take all that data, shove it into a computer, decide what it is you seem to be inclined to buy, and try and sell you stuff some computer algorithm thinks you are likely to want. Annoying if it results in more spam in your mail box? Sure. The end of liberty? Hardly.
Honestly, corporations worry me the least. When I deal with a corporation, it is generally a voluntary transaction. Abercrombie can't put a gun to my head and force me to pay double the price to buy a shirt with their ugly corporate logo smeared across it. If I am dumb enough to buy it, well, I was dumb enough to buy it. If anything gives me pause, it is the government. If I tell the government I don't feel like paying for social security this year because I would rather invest that money myself, they CAN point a gun to my head and tell me that I am mistaken and I in fact DO want to buy social security this year.
Re:Burn that baby (Score:2)
1) Walk past product that you want to pay for.
2) Walk to item that you want to take home
3) *zap* the embedded RFID tag just got zapped (13.56MHz isn't microwave, is it?)
4) Program a new RFID tag with the item in step 1
5) Insert that new RFID tag into the item's packaging
6) "Buy" item 2
I like this. So easy and so fun
Re:Burn that baby (Score:3, Informative)
If you plan to generate enough RF at that frequency to "burn that baby", the power supply you tow behind you will give you away - moreover, any significant RF power in that range calls for -gasp- TUBES - say a pair of 6LQ6
Re:Japanese already using RFID in cellphones (Score:5, Informative)
There's no sane reason why RFID should have a feature added that would allow wireless re-writes. It costs more and it only adds a security issue. RFDump doesn't overwrite data stored in any RFID. It's just a spreadsheet program, and of course it can modify the data in the spreadsheet cells, but it's not changing the data stored in the original source! Note that on RFDump's webpage itself [rf-dump.org], they claim that it only works with RFID READERS - that is, it can't MODIFY the source RFID data. RFDump can import RFID data to a computer, and change the RFID data within the computer's memory - no RFID chip modified! RFDump can't do that. But apparently it's good enough for creating a hyped up CNet article. I think CNet is only covering RFID obsessively because it's a buzzword and it can bring in alot of eyeballs to their website - that's why they like to write so many super-exaggerated RFID articles.
Re:Japanese already using RFID in cellphones (Score:3, Interesting)
While I agree with you for certain bits of data, I think you are over-generalizing. Data like item identifiers used to say "this is a 12-pack of Pepsi" should be static. But other bits of data, like the date the item was last inventoried, and the ID of the employee who performed the inventory would be valuable rewritable fields. Sure, some jackass could come i
Re:Easy detectable (Score:2)
Re:Easy detectable (Score:5, Interesting)
Having done some research into metal detectors for -ahem- covert operations some years ago, I can assure you that there are ways and means within the scope of home build.
Supermarkets would just love to ban people from bringing in mobile phones, palmtops, laptops in standby mode, and all the other gadgets that create background RF noise, wouldn't they? The whole object is to make it look as if you can just walk in, load up and walk out.