Announcement

Collapse
No announcement yet.

RFID Abuse, Human Tracking, and more...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • RFID Abuse, Human Tracking, and more...

    Originally posted by Deviant Ollam
    well, this certainly makes me terrified enough to take a shit right where i'm sitting.]
    Who left this warm apple pie in my chair?...at least i hope it is pie....

    I will agree and leave it at that in the interest of maintaining the politics rule......
    <rant
    On another note: walmart now going widespread with rfid tags in their merch, complete disregard to privacy i smell coming young jedi? They will of course say they will disable them at the checkout with some pad they swipe over it, but how do we know that it is even on? They can track you by your groceries, it will become more and more popular in commerce, with the savings cards combined it is information/ anti-privacy goldmine. They will be able to determine when you throw out your box of lucky charms and send you a damn coupon for buy 1 get one free. It is simply insane. Those damn safeway cards, I have one myself, i am cheap, but i have found out some things that will scare the hell out of you. Finding and gathering information about a person is so seriously easy with all of our convinces available to us in 30 minutes or less. Next time you forget your club card and put in your phone number think really hard about how many people know your phone number, that will get you started. I could talk for hours on this stuff.../rant.
    "Haters, gonna hate"

  • #2
    Originally posted by TheCotMan
    Issues of individual privacy (like the walmart citation) are quite on-target for Defcon and defcon presentations. With an updated RFID database, it would be possible for citizens to spy on each other and determine what any target is buying without walking up to them to look in their cart.
    ..........................

    There is opportunity for on-topic discussion.
    I suggest we open a new thread. Let's continue the on topic portion whilst allowing this one to die out/or move it. Thus eliminating the potential for rehashing polital no no's. I will be happy to write endlessly about the possiblities and how much danger is involved in globalising rfid in commercial products etc. etc.
    "Haters, gonna hate"

    Comment


    • #3
      RFID and its endless possiblities for positive/negative is something that the average citizen should be more aware of. Goverments (RFID: The Right Frequency for Government) and big biz have the ability to spin for it to become socially acceptable but the security risks are just crazy. A smart person with enough time ( apparently not long?) can easily get full access to the digitized personal and product data as well as any other shoddy encrypted and ptext data on RFID tags. Anyone out there doing anything with rfid? Play with it? Have some good stories to tell?

      This Guy is worth reading about. I do believe what he did is cool, and had to fight the urge to get one myself, But i am frightened at what will happen when it becomes mass produced and sellable, your hand could end up containing your entire medical, national id, shopping history, passwords and who knows what else. What will have to be done to secure this? Maybe it is just my femine fashion sense/ sci fi imagination but will we have to wear a fingerprint key bracelet that disables a rfid firewall of sorts?
      Although our review process is not nearly complete at this time there is a talk reserved that i am eager to hear. It is regarding the US-VISIT Program I don't think i should go much more into that because it is not my talk but perhaps he is listening.

      And i know there is someone on here with a book on it.........................
      "Haters, gonna hate"

      Comment


      • #4
        <PIMP Mode>
        If you want to learn more of the frightening possibilities with RFID, Buy my book through the link in my sig! I wrote chapters 4,5, and part of 6 about the risks associted with RFID tags
        </PIMP Mode>
        Never drink anything larger than your head!





        Comment


        • #5
          Well, that answers that then. *sigh*
          "Haters, gonna hate"

          Comment


          • #6
            RFID In Kids toys

            New RFID toys. How could these be minipulated. Oh if i had the money.

            qoute: "With the removable Batlink, kids can hear secret messages from Batman and download villains, weapons and upgraded Batmobile features from the TV. Later, those can be used in customizable adventures, Batman missions, and much more!"

            Link 1

            Lets go younger.
            "Haters, gonna hate"

            Comment


            • #7
              Originally posted by Nikita
              New RFID toys. How could these be minipulated. [/URL]
              External attacks may allow for unlocking of easter eggs through reverse engineering of code in on toy. I would bet that the RFID tag works in this system as a key to a table lookup. This means, without upgrade, the toy is limited to react to only certain RFID.

              Easter eggs? I would not be surprised, if they have special RFID tags they use to test these toys in the factory. Perhaps one RFID will activate the voice of someone in chinese saying, "This toy did not pass," or maybe something vulgar if the engineers are prone to that kind of thing, and code is not checked. (There are plenty of examples, of products that included in-house humor that was never meant to be available to the general public.)

              Firmware? If they have an upgrade path for firmware, then it may be possible to reprogram these toys to respond in inappropriate ways with new content.

              Comment


              • #8
                My employer issues RFID "badges" to every employeee that needs to access our main office building. We are a medical facility, and the cards are used to unlock every door that you may need to open, or to restrict access to certain areas as well. The set up is really simple, the card readers authenticate against a bank of controlers that are located in the server room where my office is. There is a server that runs software and it is linked up to the controlers, and the software runs a real time monitor of the doors that are opened and by who. It seemed really convenient at first...until we were asked by HR to run reports on an employee that they were about to terminate. As you all know, web activity, phone use, and attendance is usually taken into consideration when reports are run in a buisiness. The software that monitors the RFID cards was used to generate a report an an individuals movement through out a given number of days. It was able to show the amount of time that it takes a person to walk from door to door, the number of times the person went outside to smoke, etc. Like all software, it has it's weekness. Because we were curious, we have learned that the dates and times can be manipulated, or even deleted from the record, as well as the card ID.
                It's really scary that technology like this can be used against the public.

                Comment


                • #9
                  The problem with doors that have card readers is that unless there are strict security policies in place (being a medical facility you probably do have), people tend to let each other in. You recognise your collegue with his/her hands full or dont want to let door swing shut in their face, so they get into the building with out being on the system. Can make for some interesting logs!
                  Obviously this can be overcome with security cameras and staff awareness, but it is still something that needs to be considered.
                  Also people might not take 5minutes to walk down that corridor, they might have been stopped by thier boss half way etc.

                  This information is "useful", but you have to be careful as to what you can assume from it.


                  On the toys point, features will be enabled over TV as Nikita and TheCotMan said. Effectively you are buying these toys with the functionality, but with it crippled until you watch tv/do something. I can see this extending to paying for features. Parents are not going to be happy buying a toy that can do some thing but before it will you have to pay for the "Batman extended cape with flashing light pro set only $99.99". And kids will see it on TV, with the toy in their hands potentially telling them to buy the upgrade too. A very powerful advertising tool has just been created, hitting a soft spot (children). I would watch this space.
                  Twigman

                  Comment


                  • #10
                    Originally posted by Twigman
                    The problem with doors that have card readers is that unless there are strict security policies in place (being a medical facility you probably do have), people tend to let each other in. You recognise your collegue with his/her hands full or dont want to let door swing shut in their face, so they get into the building with out being on the system. Can make for some interesting logs!
                    Obviously this can be overcome with security cameras and staff awareness, but it is still something that needs to be considered.
                    Also people might not take 5minutes to walk down that corridor, they might have been stopped by thier boss half way etc.

                    Actually this is one of the problems that RFID tags solve with keyed entries. Whoever walks through the door is recorded regardless if you put your butt with keycard in your wallet on the door pad or not.

                    I'm not thrilled with the potential abuses of the technologies but can see some useful applications.

                    gg

                    Comment


                    • #11
                      Originally posted by geekgurl
                      Actually this is one of the problems that RFID tags solve with keyed entries. Whoever walks through the door is recorded regardless if you put your butt with keycard in your wallet on the door pad or not.

                      I'm not thrilled with the potential abuses of the technologies but can see some useful applications.

                      gg
                      Alot tends to depend on the particular technology. There are some cards that can be read at several feet (the width of a door) or just a few inches (the wierd butt-up-to-the-reader required).

                      As with anything there are benifits as well as problems. The cards make key control easier and can lead to a decent audit trail, but can also cause problems (skimming, idiots reading the logs and making false judgements).

                      I've seen a number of installations that were put in without asking "why do we need this?" and it usually ends up costing too much and not being used to it's potential.
                      Never drink anything larger than your head!





                      Comment


                      • #12
                        Originally posted by Twigman
                        On the toys point, features will be enabled over TV as Nikita and TheCotMan said.
                        And this isn't a particularly new technology, though the use of RFID to do it is. Nintendo's R.O.B. (Robotic Operating Buddy) packaged with the original Nintendo Entertainment System could respond to commands issued by 'flashing' the screen. Change the flash intervals and ROB would carry out a different action. I also seem to remember that there was a toy robot that could something similar, except by interpreting RF signals - though my memory may be off on that one.

                        Anyone who lived in the UK in the mid- to late-'80s probably remembers being able to download software via Teletext and an appropriate external adapter capable of receiving Telesoftware transmissions.

                        Closest equivalent to this point in the US (since teletext never really caught on here) was probably the Mattel Intellivision's PlayCable service - basically, order a certain channel from your cable company and download games directly to the console. Not bad for 1982, though it didn't last long after the videogame market crash in 1983.

                        Effectively you are buying these toys with the functionality, but with it crippled until you watch tv/do something.
                        I don't know that it's so much that you're buying them 'crippled' as you're buying them with functionality that can't be used without watching the programme - after all, you can still stick Batman in the car and push it around, but it won't be as interesting as if it can pick up the RF signal. Basically, this isn't a lot different to buying a computer, taking it home, and trying to use it without a monitor. You can do it, but it's nowhere near as useful. Besides, knowing how kids love to carry their toys around with them, chances are it'll wind up down the street where it's out of range of the RF transmitter while your kid shows it off to their friends.

                        I can see this extending to paying for features. Parents are not going to be happy buying a toy that can do some thing but before it will you have to pay for the "Batman extended cape with flashing light pro set only $99.99". And kids will see it on TV, with the toy in their hands potentially telling them to buy the upgrade too. A very powerful advertising tool has just been created, hitting a soft spot (children). I would watch this space.
                        I think the advertising is more crucial here. The toy manufacturers, animation companies, and TV stations all know this is a good way to get more young eyeballs in front of the set for longer - which will in turn lead to more demands for new and different toys. As for charging (say, on a per-viewing basis) to enable or extend the functionality... That probably won't go over so well with parents, who are just as likely to not buy the toy if it requires a subscription to keep going. They're probably willing to eat the $49.95 (or whatever it is) cost of the transmitter, but not spend $2 per episode of <insert cartoon here> to make it do its dance.

                        Also, one other thing to consider here: this appears to be a one-way RF device - that is, each device does not report back on its usage, nor does each device have an RFID number past a generic one that identifies it as being a certain make and model. The complexities involved with tracking the latter would be difficult to overcome to say the least (the cable company being able to support two-way communication being one of the major ones), and as regards the former - well, consider that if you're on digital (and some analogue) cable your viewing habits are already being collated and demographed, so the fact that you're watching the Batman cartoon is already known and being resold to the advertisers. They don't need the Bat-Car to tell them that.

                        Comment


                        • #13
                          Just a quick thought, What if this becomes mainstream? If the Tech was expanded upon, would that be a way to target your audience geographically? Then being able to use the signals to place different features and messages based on the location/culture of your customers? I Don't think that this is far from the minds of big companys. More and more products these days have gps/other ablities that the end user is unaware of.
                          "Haters, gonna hate"

                          Comment


                          • #14
                            Originally posted by Nikita
                            Just a quick thought, What if this becomes mainstream? If the Tech was expanded upon, would that be a way to target your audience geographically?
                            Yes and no. I can see the advantages to being able to receive an accurate GPS signal in an urban environment, but the approach they're taking probably isn't the best.

                            - WAAS. The Wide-Area Augmentation System already does what's proposed by the above unit, though you need a WAAS-capable receiver to be able to make use of it. Virtually every receiver sold in the US these days does WAAS, though.

                            - This is doing signal differentiation somewhat similarly to how cellphones already do it: the GPS coordinates of the tower are known, and calculations determining position are made by differentiating signal strengths. This can lead to a fairly wide margin of error (usually greater than the local GPS accuracy offset) based on availability of towers, signal reflections, and other factors. While this isn't a huge deal for street-level navigation (assuming the person in front of the receiver's screen is keeping their eyes open), for anything requiring accurate positioning such as E911, it's not always workable.

                            - Their approach requires the use of yet another chipset to support yet another standard in hardware.

                            If they'd done this as a retransmitter akin to a microcell, that would kick ass. I'd love to be able to stick one of these up on the top of a canyon, for example, and have it rebroadcast back down into it on regular GPS frequencies.

                            Then being able to use the signals to place different features and messages based on the location/culture of your customers? I Don't think that this is far from the minds of big companys. More and more products these days have gps/other ablities that the end user is unaware of.
                            This is kind of happening here already, but without the use of GPS. We've got advertisements in billboards and bus stops that advise you to tune to a particular station, usually on the AM band. A low-power transmitter gives you advertising or local event info for a few blocks. Sucks if you're trying to tune it on the freeway, since you're usually out of range of the transmission by the time you get the frequency dialled in. Cable television has targetted advertising based on locale for decades as well - I always love it when the ad for the local strip joint runs a couple of seconds short and I get to see the end of the My Little Pony ad it replaced that went out over the network, or when the cable company screws up and I'm offered a 0% financing deal on Kias in Nebraska.

                            Interestingly, something similar (though also non-GPS-based) has been in use in other parts of the world for close to two decades now: RDS, the Radio Data System. Basically, it's a separate receiver built in to your existing radio that works in parallel with the radio's tuner to not only pull up stuff like station IDs and the time automatically, but also to automatically switch to things like traffic or weather reports if enabled. This is one of the things I wish had had a better adoption rate here; it's really useful and I miss having it.

                            It's also capable of doing some interesting stuff: let's say you're listening to a station that's received in multiple areas on different frequencies. It'll automatically re-tune the station based on which frequency is stronger as you move around, and can also be used to localise content during commercial breaks. The EON (Enhanced Other Networks) capabilities let you select stations by genre and other criteria. Really cool (and useful) stuff.

                            Now, if you want to see something that's really open to abuse in the wrong hands, look into some of OnStar's surveillance capabilities (from archive.org as original has expired). Interestingly, that particular case was ruled to be an illegal wiretap, but not because of privacy concerns. Why anyone would order this system is beyond me to begin with, but this just makes it even worse.
                            Last edited by skroo; June 5, 2006, 16:36.

                            Comment


                            • #15
                              Just for info, there is a service built on top of RDS called RASANT, which broadcasts RTCM corrections to GPS receivers. Today, with WAAS and SA switched off, it has become a nice toy.

                              Back in the days where SA was on, the system made a big difference. Basically, the accuracy we now have without SA could be achieved with RASANT.

                              IMHO, this TV-signal idea is something they want to sell to some dumb investor to get funding for a few years. With GPS available for almost pennies, and in really small form factors, there is really no reason to try and invent something new. Besides, TV signals are usually designed not to overlap, so how can one get the signal from the same station, off different transmitters? Are they going to get all the TV operators to agree on something?

                              Regards,

                              Mother
                              Keyboard not found. Press any key to continue.
                              Asshat thinks: "where's the any key?"

                              Comment

                              Working...
                              X