Is RFID Really That Scary? 338
tcd004 writes "Defcon participant Chris Paget demonstrated his ability to capture RFID data from people hundreds of feet away for the PBS NewsHour. Paget went through the regular laundry list of security concerns over RFID: people can be tracked, their information accessed, their identities comprimised. Not so fast, says Mark Roberti of RFID Journal. Mark challenges Paget to point to a single instance where RFID was successfully used for nefarious purposes. The signals are too weak and the data is too obscure, according to Roberti. So who is right? Has RFID yet lead to a single instance of identity theft, illegal monitoring, or other security compromise?"
Yes and no (Score:5, Interesting)
Tracking one person around a city with RFID would be a nuisance. You'd need multiple points, signal quality would vary wildly, it'd be painful in a way.
Opposingly, you can get a lot of aggregate data in a semi-closed system. I remember once at a public event I was covering (wearing my journalism hat for a moment) that I thought, "I wish I had an RFID system handy. I could identify all the University students in a moment -- I bet you not a one doesn't have their RFID card on them."
Tracking could be efficiently done in a system such as a mall or subway with exit monitoring.
Re:Yes and no (Score:5, Insightful)
My bank switched their debit cards over to ones with "PayWave". It's an RFID chip that allows me to just magically wave my card around in the air and pay for stuff at the checkout line. I immediately bought an RFID blocking wallet. I'm a lot more concerned about being tracked by the stores and the bank, being marketed to by telescreens on the sidewalk, etc. than I am about cyber-thieves.
Re: (Score:2)
Being spammed by advertising, that's a more legitimate concern in my eyes.
Re: (Score:3, Interesting)
Re:Yes and no (Score:5, Insightful)
I think one of the major turnoffs for me about mass market advertisiing is that it's so off base as to be annoying. I'm not in the market for a car, so to be subjected to ads for cars while I watch tv is a waste of my time.
And targeted ads are even more annoying, because they still don't get it right.
I was in the market for a car and did my research and bought one a week ago. But, I expect that "targeted" ads for cars will keep hitting my monitor and mailbox for at least the next six months, and I expect many of them will be for classes of vehicles that weren't anything I would ever consider.
Two years ago these ads would have been a minor bother, and 2-12 months ago they might have been helpful, but for the next 5-10 years they'll be both wasteful and a major annoyance.
Portable RFID chip Killer (Score:5, Interesting)
If a microwave isn't available
1) Take a cheap camera flash
2) Replace strobe with AWG14 or 15 coiled about (ummmmmm.. say) 10 times around your finger (remove finger)
3) Charge flash (which isn't a flash anymore) and point to your favorite RFID chip, fire.
4) Enjoy your restored privacy
Disclaimer: Do not point towards your pace maker.
Re:Portable RFID chip Killer (Score:4, Informative)
Actually I think you'll need to put that coil in series with the flash.
IIRC, an inverter charges a capacitor up to a few hundred volts D.C. across the flash which doesn't conduct until it is triggered by a brief higher-voltage pulse from a transformer. That pulse causes the gas to ionize (conduct). If the coil were across the flash, the cap would be shorted and couldn't build up a big charge to release in one high-energy burst. Maybe flash designs have changed, but that's how they've worked in the past.
Re:Portable RFID chip Killer (Score:5, Funny)
(remove finger)
Holy shit man, I value my privacy but this seems extreme.
Re: (Score:3, Insightful)
Unfortunately, along with the rest of our debased currency, we've taken most of the copper out of pennies. Eventually I expect plastic penny coins, once the price of zinc goes up.
Re:Yes and no (Score:5, Insightful)
I think you're making a mistaken assumption that ads are intended to drive you to make an immediate purchase. While that's one reason they're aired, another is brand recognition and familiarity. If you happen to be in the market for a car three years from now, it's likely that at least some of what those car companies have communicated in their ads will stick with you.
This is especially true for less-well-known brands. Compare a Toyota ad ("We're having a sale this weekend") to a Hyundai ad ("Our cars are reliable and have feature x). Toyota expects you to already know and recognize the value of a Toyota, they're trying to get you into the showroom now, now! NOW! As a relative newcomer, Hyundai is working to get you comfortable enough to consider their car.
Re: (Score:3, Interesting)
The ad might get them a bit of mindshare, but if they haven't created some brand loyalty amongst owners they c
Re:Yes and no (Score:4, Interesting)
Are you sure?
The problem with targeted ads is that they can be creepy, inappropiate and unaware of context.
For example, imagine you're walking on the street with your friend/boss/old fashined grandmother. Suppose you're into manga/anime. Would you want a billboard to switch to an ad for Miyuki-chan in Wonderland [wikipedia.org] due to your past purchase of the Chobits manga?
There are lots of things for which you'd really hate to see a targeted billboard ad for in the presence of the wrong people, or any people at all. Just for instance: certain kinds of anime/manga (or anime/manga at all, if you're unlucky to be stuck with people convinced that it's all tentacle porn), hygiene products (buy our incontienence pads!), the wrong kinds of magazines or games, music by an artist you'd rather people not know you listen to, and so on.
Be careful with what you wish for. There is no guarantee the advertiser will make any effort not to display anything that could be embarrassing, and even if they try there's no guarantee that they'll succeed. I got a few rather odd recommendations from Amazon and am rather glad they don't pop up on the street at just the wrong moment.
Re:Yes and no (Score:4, Funny)
Re: (Score:3, Interesting)
You can find a perfectly PG ad that would have embarrassing implications to any observers quite easily.
For instance, with anime:
If you try to project an image of being a cultured man, you probably don't want billboards suggest you would be interested in gory things like Elfen Lied [wikipedia.org], Fist of the North Star or Ninja Scroll.
If to your friends you try to appear like a "real man", you probably won't like seeing an ad for things like Ponyo and Chi's Sweet Home [wikipedia.org].
If you know crazy religious people of the kind that ha
Re:Yes and no (Score:4, Insightful)
You're implying that you would like to see ads for things you are interested in. Well fucking wake up mate. There are lies, damn lies and then there are advertisements. Whatever useful information contained in an ad is completely outweighed by the bogus fucking lies they will tell you with the intent on selling you. And if that's not enough, they're obviously going to leave out anything that would encourage you to not buy their shit.
Worst of all, have you ever even watched an ad? If any ads were reality, then chosing the right toothpaste would make you FUCKING HAPPY AS BLISS and using the right condom would get you laid by a supermodel and drinking the right liquor would make you a million dollars.
Seriously, if you are clueless enough to ever even contemplate that you might benefit or enjoy watching an ad; you're already sold mate.
Re: (Score:3, Funny)
Maybe they're trying to tell you something, and you should listen - a little color and shape to your lips might just be what you've been missing. :)
Re:Yes and no (Score:5, Insightful)
Being tracked when you use your card, because that is required just because you used it, and being tracked just because you walked past a checkout counter are two separate and distinct things.
Re:Yes and no (Score:5, Funny)
Wow. If we thought butt dialing was a problem, just wait until butt-buying starts.
In soviet america, ass bankrupts you!
Re: (Score:3, Funny)
Re: (Score:2)
at my dormitory, my absolute favorite way to open the locked door (magnetic strike) controlled by a RFID reader is to open the door with my ass
So nice to see the fruit of higher education.
Re: (Score:3, Informative)
DC metro turnstiles went smartcard + RFID a few years back. It's actually pretty nice to be able to open the gates by sidling up to the sensor while your arms are full.
All the same, I keep a traditional disposable magstripe card that I bought with cash in my wallet, in case I need to go somewhere without being tracked. Haven't really used it yet other than for guests, but I'm sure someday I'll be trying to dispose of a body and I'll curse it for not being able to use the ass trick.
Re: (Score:3, Funny)
Pelvic thrust is the way to go.
Re:Yes and no (Score:5, Funny)
But *only* after a jump to the left and a step to the right
Re:Yes and no (Score:4, Funny)
But do you have to put your hands on your hips?
Re: (Score:3, Funny)
...ass bankrupts you!
The anthem of divorced men everywhere.
Re: (Score:2)
If you can feel where the RFID chip is in the card you can crush it (assuming it is the only chip that your card has of course). I've done this accidentally with my ID card at work, a simple pair of pliers should do the trick and you'll never have to worry about it again.
Re:Yes and no (Score:5, Insightful)
It's hardly vendors that I would be concerned about. Given the increase in skimmers for magnetic readers at ATMs and cash registers how long do you really think before the concept spreads to RFID skimmers?
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
You actually have to pull your card through a magnetic strip skimmer in order for it to work and even a cursory glance can generally spot them. An RFID skimmer on the other hand can be out of sight, even inside the actual reader itself if there is enough room.
Re:Yes and no (Score:4, Informative)
No it is not, your RFID equipped credit card could be skimmed when you simply walk by a hidden reader. I wouldn't be hard for someone to walk around a city with a RFID skimmer in their backpack and read cards all day long. If you read the title you'd know that you can do this from over 100 feet away.
Re:Yes and no (Score:4, Funny)
You mean you lined it with tinfoil? Yeah, me too. I've also got a stylish hat and matching suit made of the same material. The underwear is a little itchy at times, but you'll get used to it.
Re:Yes and no (Score:5, Informative)
Instead of setting my head on a swivel and looking around suspiciously I need only keep my gaze directed at my open book (hiding my tracking device) while I walk around keeping track of my subject.
Yes, alone, the device is useless; however, people in the business might find plenty of uses for it that you and I cannot imagine.
Re: (Score:2)
Re: (Score:2)
These days, it will be a smartphone.
Re: (Score:2)
These days people NOT looking at smartphones constantly are the suspicious ones
Re: (Score:2)
Re: (Score:2)
I heard that once RFID's are in place, the only things that need to upgrade are the actual reading technology, not the signal emission. The RFID itself doesn't need to broadcast any further than a couple meters - its the scanners who pick up the stuff that need improving.
So - right now, we have those issues with signal quality and and obscurity - but thats only going to improve. Would you want to adopt this kind of technology solely on how its going to be used now or are people going to start thinking long
Re: (Score:3, Insightful)
Answer is YES (Score:5, Informative)
RFID-enabled credit cards broadcast all the data on the front of the card in plaintext when energized. So I'd say the answer is YES.
http://www.youtube.com/watch?v=vmajlKJlT3U [youtube.com]
Look how old that video is.
It's like a vaccination... (Score:2, Insightful)
Prevention is a better method of addressing an identified legitimate security concern than "waiting to see what happens."
I view it like vaccinations. I don't plan on getting measles this month, but I still had my MMR...
Re: (Score:3, Interesting)
Yeah the other guy is basically saying: "There haven't been known cases of identity theft from RFID use, therefore the system is secure and we should expand it!" despite being shown conclusively that it is not secure and widespread use of RFID could be a disaster.
Re: (Score:2)
Yeah the other guy is basically saying: "There haven't been known cases of identity theft from RFID use, therefore the system is secure and we should expand it!" despite being shown conclusively that it is not secure and widespread use of RFID could be a disaster.
There HAVE been case of cash and credit cards being stolen and/or duplicated. Should we do away with all forms of cash and credit? After all, it seems that these are more insecure than RFID since they have already been breached. Hell for that matter, homes have been broken into and things stolen and people killed. Should houses be banned?
Seriously, just because something has been or could be used for nefarious uses doesn't mean it should be avoided. Just be careful with it and keep it monitored (if pos
Just like many other things of this nature... (Score:3, Insightful)
RFID really is something that needs to have an eye kept on, but sensationalist headlines make it seem worse than it is.
Of course, if you're really worried about it, there are options [thinkgeek.com] depending on what you need to protect [thinkgeek.com].
Re: (Score:2)
but sensationalist headlines make it seem worse than it is.
OGM!! Facebook now has RFID!!
Re: (Score:2)
I can see a hypothetical situation now:
Re: (Score:3, Funny)
Both those RFID-blocking wallets are out of stock. Are you just a dupe of the Vast RFID Conspiracy, or was that deliberate disinformation? Wait, ThinkGeek is related to SlashDot, too, so Cmdr Taco must be in on it, too! And I ran out of aluminum foil in my kitchen, just last night. Oh, God! I must be in on it, too! We're all doomed!
Ah, paranoia. The Delusion of the Gods!
Hmm (Score:2)
I dunno if RFID isn't something to be worried about, but there is definitely a misunderstanding around here about how trackable it is.
It wasn't all that long ago that there was a story on Slashdot about how school uniforms were going to have RFID tags embedded in them and there were +5 comments about how pedophiles were going to sit in their van with a little screen showing the position of where each child in the city is. There's some impression that RFID tags broadcast their GPS co-ordinates into space o
Re: (Score:2)
Re: (Score:2)
Yes and no. If the technology was invasive enough it could potentially track your location by what reader you were near.
You say that as if that's a trivial thing to do. If we were talking about one entity rolling out RFID readers across the country and tying those to something you're likely to carry, sure, be afraid. Just remember to stop carrying a cell phone and credit cards, those are betraying you RIGHT NOW.
Re: (Score:2)
Re: (Score:2)
The point isn't that they contain personal information, but that they broadcast it to the world.
No, they broadcast it about 20 feet.
When I use my credit card it goes into a database, that's fine I control when I use it, with an RFID card I lose the control over who can read that information. That's the difference.
You don't take the card with you, then. Heck, wrap it in a small faraday cage. From a practical standpoint you haven't saved yourself much.
Re: (Score:2)
Re: (Score:3, Insightful)
Figures that somebody whining about capitalism and libertarians in their sig would spread such FUD.
Re: (Score:2)
The standard reader certainly can't get coordinates, but there is absolutely no reason the RFID tags can't be used like a radar transponder. Use a directional antenna to send out the needed signal and use the response time to get distance. There's no need for it to send GPS coordinates.
That may be going a bit far considering the range is currently only proven out to 100 feet or so (still a long way for a "proximity device") but it's not technically impossible.
Re: (Score:2)
That may be going a bit far considering the range is currently only proven out to 100 feet or so (still a long way for a "proximity device") but it's not technically impossible.
From what you just said, it is technically impossible. Heh.
Re: (Score:2, Troll)
Dozens of RFID detectors that do broadcast GPS coordinates into space will be responsible for that part.
You mean the RFID's with huge batteries that need constant charging and aren't called "RFID"s anymore?
Just because you don't know... (Score:3, Interesting)
Re: (Score:3, Insightful)
From my understanding RFID usually don't carry that much data except for a unique identifier. Ok so I se a Hex value. However you may not know what type of RFID it is is for. Eg. Is it for your credit card or is it just that book you got out of the campus book store. Perhaps it is for your medical history that you got implanted in you skin. Maybe it is your Dogs virtual ID Tag implanted.
Say if I dropped a Passord of a vital system in the Middle of New York City and you pick it up. And that password is
Yes and no... (Score:5, Interesting)
Is RFID, as described in the article really all that scary? No, not really. E.g.
30 to 40 million people carry RFID tags on their windshields to allow them to cross bridges, and more carry them in their wallets, and there is not a single example of anyone who had their privacy infringed because of the tags.
So the fear that the government would use RFID to gain data that they already have is likely debunked. Also the tracking is largely moot. They can do that in all sorts of other ways...
This is the part that scares me:
Taken as a whole, Roberti asserts, the benefits of RFID tags -- to track merchandise and packages, and keep track of drugs and food -- far outweigh any downside.
Where I bought my specific pair of shoes for today likely is not in a database anywhere. With RFID it wouldn't need to be. You just scan the tag and ask the shoes. This potential privacy issue also lacks an implementation, but still represents more information than anyone specifically needs to have. I fear the unintended (or secretly-intended) consequences of all this consumerist stuff in our lives suddenly having a history.
Re: (Score:2)
The tags are in the tags, not the shoes. Do you leave your tags on your shoes? And how often do you walk across networked RFID transceivers, anyway?
Re: (Score:2)
The tags are in the tags, not the shoes.
Maybe at present, but not always. They put them in tires, do they not? And tires have stickers, not tags. Further this could change at any time with the simple excuse of 'sometimes tags fall off', so I'm not seeing that as a meaningful rebuttal.
And how often do you walk across networked RFID transceivers, anyway?
Not very often. Not yet, anyway.
Re:Yes and no... (Score:4, Interesting)
there is not a single example of anyone who had their privacy infringed because of the tags.
Other than the cases of people's tags' movements being used against them in divorce proceedings and stuff? http://www.msnbc.msn.com/id/20216302 [msn.com]
Oh wait, as long as the privacy goalposts can be moved at a whim, there is not a single example of anyone who had their privacy infringed because of the tags.
Not yet attacked != not attackable (Score:2)
Re:Not yet attacked != not attackable (Score:4, Insightful)
Ummm, we can't be sure if nobody has attacked RFID. I seem to remember an international incident, not too long ago, where 50+ passports were successfully cloned - including those from countries implementing RFID on passports. At this time, there is zero information on whether the cloning was someone compromising the primary databases of the respective countries or whether it was done more directly by lifting information from passports in the open. It is extremely doubtful that we will ever be given that information, as no government is going to want to admit that people can access secure databases OR admit that the security on their passports is useless. (It has to be one of the two.)
Since we cannot know where the vulnerability was, it is prudent to assume that ANY part of the chain could be broken. Only a complete fool would do otherwise. This means that whilst we cannot be certain RFID has been compromised, we MUST believe that it might have been. To assume, blithely, that of course it couldn't be RFID is stupid. Why? Because that results you in only looking at facts that meet your theory. A very bad practice, and one that no reputable journal would be caught dead doing. Of course, a trade magazine isn't really a reputable journal. No trade magazine is ever going to question the assumptions of those who both pay for the advertising and then pay for the journal afterwards.
(Those familiar with certain works of Jeremy Brett may be familiar with the cry of "Data! I cannot work without data!")
That's not the point... it's that it can be easily (Score:3, Insightful)
The point that's being made about RFID is that the encryption method is not good enough for most uses when it comes to private information. If it becomes mainstream someone could EASILY begin to collect this information using a remote reader and collect it later without every touching the device again.
Imagine someone takes a small box about the size of sandwich. It could hold enough battery power to collect every single RFID scan for quite some time and then come by perhaps the next day with a laptop and receive it remotely as to never touch the device again in case it was found and being watched.
RFID tags are GREAT to identify you by an ID #... not hold SS # or other private information. Keep that stuff in a more secure manner. I'm no alarmist, and not even a hacker. But this is something someone with almost no tech experience could do... and make bank.
Here's a better Defcon RFID story... (Score:5, Interesting)
Many Federal agents walked by the table. They were not pleased when they found out the nature of the experiment. The data was destroyed, but the point was made. RFID protective wallets sold *real* well that year...
Re: (Score:2)
Re: (Score:2)
Re:Here's a better Defcon RFID story... (Score:5, Insightful)
Ok how about this.
US passports contain RFID tags.
1. Is it possible to detect, from the RFID tag, at a distance, the presence of a US passport and to distinguish a US passport from other passports fitted with RFID tags?
2. Is it possible to determine roughly how many US passports are within range?
3. Is it possible to engineer such an RFID tag detector into the detonator of an explosive device while keeping said explosive device small enough and low powered enough to be easily concealable? (ie doesn't need mains electricity nor obvious antenna).
I am just asking the question, I have no wish to see US passport holders blown to bits; but there *are* people who *would*.
Potential (Score:4, Insightful)
My Challenge for Mark (Score:4, Insightful)
Mark challenges Paget to point to a single instance where RFID was successfully used for nefarious purposes
I challenge Mark to point to a single instance where Intercontinental Ballistic Missiles with Nuclear Warheads were successfully used for nefarious purposes.
Nothing?
Well then, I guess we can just stop all this silly nonsense about non-proliferation, missile defense shields, and international nuclear arms reduction treaties.
-Rick
Re: (Score:2)
Mark seems to live in a world where,
"Guns don't kill people - no one does".
he's right (Score:2)
Last week, I removed the blade guard from my saw, taped down the safety lever on my lawnmower and cut the ground pin from all of my power tools and I'm just KZERRRRT!
If only the chips worked! (Score:4, Informative)
I am extremely skeptical of the current generation of RFID tags when used in practice out there in the wild.
About three years back I set up software to support a recycling scheme, whereby every household in a community (ca 10,000) were given a couple of plastic boxes in which to place recycled goods. The boxes where chipped *and* barcoded, and there were scales on the collection lorry to weigh the box and automatically scan the rfid chip at the same time, thus collecting usage data.
Three years on it turns out that the one thing we were not expecting - the rfid chips not to be reliable - has proven a major issue. The failure rate is not high, but we consistently have a score or more boxes needing replacing every month, which is a far higher rate than we were lead to expect. We did think it might be the manufacturer, but we've talked to several people doing similar things now and everyone has similar stories - the chips do fail.
Perversely - the barcodes, which we sealed in transparent plastic but didn't expect to last (hence going with rfid tags as major impact) have given us less than a dozen damaged to the point we can't scan them in the whole three years.
Re: (Score:2)
Wait: you RFID scan peoples' garbage when you collect it? Do you take photos, too? That would be some really interesting data.
Re: (Score:2)
The boxes are for particular recyclables - plastic bottles, tin cans, newspaper etc. We record weight against household so we can track who recycles and who doesn't (we give out prizes for participation), and look at it on an are level to see what differences there are and so how we could improve performance.
Not as fun as snapping garbage :-)
so let me get this straight (Score:2, Interesting)
Roberti's big thing is that nobody's yet used RFID data in a crime. So the upshot is that as long as people just break it for research, it's still secure. And people wonder why the blackhats make out like bandits on the first breaches of any given protocol, because nobody protected against them when it was merely a subject of research. Good luck with that, tell me how that works out for you.
Why is there no link to the article? (Score:2)
Fixed it: http://www.tombom.co.uk/blog [tombom.co.uk] Chris Paget's Blog
Compare with a mobile phone (Score:3, Insightful)
Conclusion: RFID tagging is less scary than existing privacy intrustions we gladly accept.
Re: (Score:2)
You assume that we accept cell phones. You also forget that cell phones can be turned off.
Sigh, usual bait and switch crap. (Score:2)
First thing to do when reading someone's defence arguments is to consider if they actually are related to the original complaint. Here we see trade body/corporate/politician PR defence #1: deflect criticism by confusing the public about the original complaint simply by defending something related but different. As long as you can control the conversation, you're always going to come out smelling of roses.
Nobody cares about using RFID to track shipping. The concern is about using RFID to track personal data,
Credit cards (Score:2)
Do your credit cards come with EZ Pass or similar? Does your bank mail them to you with little metallic stickers affixed to the front of them? What makes you think it's any more secure in your wallet than in an evnelope? Why are banks doing this extra step if there's no security risk?
Re:Credit cards (Score:4, Informative)
Yes, some banks don't do so. Most do, however.
An idiotic statement. Mass market RFID readers need to be within about 6 inches. However, there's NOTHING stopping someone from cranking up the power and getting far more distance out of it. How does 11 meters sound? http://www.foodproductiondaily.com/Supply-Chain/Long-distance-RFID-reader [foodproductiondaily.com]
With enough money on the line, they will be... Criminals go to great lengths to get credit card numbers with skimmers, fake ATMs, and the like. A tine scanner in a post office would be relatively easy and low-risk.
Cookies readable from orbit. (Score:2)
RFID chips need to be right up close in order to charge, (assuming they don't have their own battery, which the ones attached to higher ticket items do), but once they transmit, the read distance is only limited by the sensitivity of your receiver. To me, that means, "From Orbit".
Maybe I'm over-simplifying, but 200 feet with home brew technology is pretty impressive. I have a feeling that the military has invested a few more pennies in radio technology over the years than Chris Paget.
But that's not the po
signal strength antenna size (Score:2)
If you were on pluto with you cell phone there are antennas on earth that could receive you. Sure the scanner in the store may have a range of a couple of inches. If some black hat wants to hide an antenna in the back of a white van he is going to be able to read RFID tags from across the street.
Arguments about "small signal strength" are only relative. If the information is important enough someone is going to find a way to access it from the distance they need. The problem of isolation of a signal from a
Irrelevant (Score:2)
The IBM PC first appeared in 1981. It was not until 1986 that the first PC virus appeared. It was not until many years after that before malware aimed at theft of data -- as opposed to mere vandalism -- became widespread. There's often a lag between the existence of a gaping security hole and the day when someone finally drives the first of many Mack trucks through it.
The RFID in everything you buy at Wal*mart (Score:4, Interesting)
Wal*mart says if a company wants to sell its product in Wal*mart it must have an RFID in it. It also seems that they do not intend to disable these RFIDs once you buy the product - one of the goals is to identify the specific item when you want to return it. (stopping the "My X broke but it's out of warranty so I'll buy a new one and return the old one" ploy).
I'll just use cash you say? If you bought anything with your credit card or with you ATM card each of those things is "pinned" to you. Things you get with cash get pinned to you by being associated with things you bought with plastic next time you walk through the door. You will be identified by the cloud of RFID devices one or two in each article of clothing you wear - in each item you carry. (each pinned to you)
Next time you walk into Wal*mart it's "Welcome Back Pentalive" need more jeans? t-Shirts? Since the data belongs to walmart, the next time you walk into another business that bought the database from WM they also will be "Welcome to McDonald's, Pentalive".
Hope you -never- go anywhere where you want to be anonymous (or at least never wear anything from WM.)
Yes we are in public and thus have no expectation of privacy. But is it Wal*mart's business if you have been shopping at Target recently? And if Wal*mart knows where you have been - all the Government has to do is ask nice and they know too. Remember the Government can setup RFID readers too. Then they don't have to ask. You walk through the metal detector at the airport, a loop of wire built right in can read all your RFIDs at the same time.
Arguments aside of "Well I will just microwave everything" does that really work or do you end up ruining that $100 pair of "Air Jordans" by melting parts? How about the RFID built into that nice laptop or netbook, or cell phone or iPad? Can't microwave those.
Also if Wal*mart demands RFIDS in everything, perhaps it will just be easier for companies to put RFIDS in any products that might be sold at Wal*mart or might be sold somewhere else? That nice new polo shirt you got at Target, no RFID there right? You sure? They also sell that kind of shirt at WM.
Iris scanning like Minority Report? Wear dark glasses, turn away from the sensor. RFID cloud? ? ? Wear your tinfoil spacesuit! I suppose it should be "I, for one, welcome my new location-tracking overlords."
Re:first (Score:4, Funny)
AC used RFID to steal my first post!
Re:Great Idea (Score:5, Insightful)
RFID isn't a security concern NOW. If they start putting them on, say, driver's licenses it's another story. Why would anyone think RFID is a good idea when every other system that can be abused IS abused? The new barcode like scanning squares (WTF are they called?) can hold plenty of information and can only be read when the cardholder deliberately presents the card for scanning.
What is the advantage of RFID?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What would really be secure is some sort of smart electronic device for payments that does, like, real cryptography over RFID. Part of your next-gen Japan-style mobile phone, perhaps. Which is already as trackable as its GSM and 802.11 radios.
The signals are too weak... (Score:3, Insightful)
The signals are too weak and the data is too obscure
Both of which are solvable with ingenuity, time, work, and people. Some things both-colored hats have in ample supply.
Re: (Score:3, Informative)
Re: (Score:2)
also try an anti-static bag and let us know how it goes. most geeks have loads of those we're saving
Re: (Score:2)
http://xkcd.com/649/
Re: (Score:2)
Re: (Score:2)
Completely different scenario. In the current situation the cloned card submits information to a valid terminal. That valid terminal then talks to a server to complete the transaction. In the second RFID instance a valid card submits information to an invalid terminal. This terminal then has to talk to a server to complete the transaction. The crux is that the invalid terminal must be validated by the server before it will be able to submit information. Even if they could get a merchant id and password it w