PDA

View Full Version : RFID tags



Czar Soonerov
6/17/2004, 12:03 PM
http://www.spychips.com/what-is-rfid.html


RFID stands for Radio Frequency IDentification, a technology that uses tiny computer chips smaller than a grain of sand to track items at a distance. RFID "spy chips" have been hidden in the packaging of Gillette razor products and in other products you might buy at a local Wal-Mart, Target, or Tesco - and they are already being used to spy on people.

http://www.spychips.com/images/gillette_tag_closeup.jpg
Above: Magnified image of actual tag found in Gillette Mach3 razor blades.

Each tiny chip is hooked up to an antenna that picks up electromagnetic energy beamed at it from a reader device. When it picks up the energy, the chip sends back its unique identification number to the reader device, allowing the item to be remotely identified. Spy chips can beam back information anywhere from a couple of inches to up to 20 or 30 feet away.


Some of the world's largest product manufacturers have been plotting behind closed doors since 1999 to develop and commercialize this technology. If they are not opposed, their plan is to use these remote-readable spy chips to replace the bar code.

RFID tags are NOT an "improved bar code" as the proponents of the technology would like you to believe. RFID technology differs from bar codes in three important ways:


1. With today's bar code technology, every can of Coke has the same UPC or bar code number as every other can (a can of Coke in Toronto has the same number as a can of Coke in Topeka). With RFID, each individual can of Coke would have a unique ID number which could be linked to the person buying it when they scan a credit card or a frequent shopper card (i.e., an "item registration system").

2. Unlike a bar code, these chips can be read from a distance, right through your clothes, wallet, backpack or purse -- without your knowledge or consent -- by anybody with the right reader device. In a way, it gives strangers x-ray vision powers to spy on you, to identify both you and the things you're wearing and carrying.

3. Unlike the bar code, RFID could be bad for your health. RFID supporters envision a world where RFID reader devices are everywhere - in stores, in floors, in doorways, on airplanes -- even in the refrigerators and medicine cabinets of our own homes. In such a world, we and our children would be continually bombarded with electromagnetic energy. Researchers do not know the long-term health effects of chronic exposure to the energy emitted by these reader devices.


Many huge corporations, including Philip Morris, Procter and Gamble, and Wal-Mart, have begun experimenting with RFID spy chip technology. Gillette is leading the pack, and recently placed an order for up to 500 million RFID tags from a company called "Alien Technology" (we kid you not). These big companies envision a day when every single product on the face of the planet is tracked with RFID spy chips!

As consumers we have no way of knowing which packages contain these chips. While some chips are visible inside a package (see our pictures of Gillette spy chips), RFID chips can be well hidden. For example they can be sewn into the seams of clothes, sandwiched between layers of cardboard, molded into plastic or rubber, and integrated into consumer package design.

This technology is rapidly evolving and becoming more sophisticated. Now RFID spy chips can even be printed, meaning the dot on a printed letter "i" could be used to track you. In addition, the tell-tale copper antennas commonly seen attached to RFID chips can now be printed with conductive ink, making them nearly imperceptible. Companies are even experimenting with making the product packages themselves serve as antennas.
Walmart has already started to put these out in Texas. Some people think they have already been put in US notes (http://www.prisonplanet.com/022904rfidtagsexplode.html).

Maybe I have been listening to Art Bell too much. Some of those pictures of the protests are primed to be farked though. :D

GrapevineSooner
6/17/2004, 12:05 PM
I love conspiracy theorists. They're so amusing.

SoonerInKCMO
6/17/2004, 01:10 PM
2. Unlike a bar code, these chips can be read from a distance, right through your clothes, wallet, backpack or purse -- without your knowledge or consent -- by anybody with the right reader device. In a way, it gives strangers x-ray vision powers to spy on you, to identify both you and the things you're wearing and carrying.

3. Unlike the bar code, RFID could be bad for your health. RFID supporters envision a world where RFID reader devices are everywhere - in stores, in floors, in doorways, on airplanes -- even in the refrigerators and medicine cabinets of our own homes. In such a world, we and our children would be continually bombarded with electromagnetic energy. Researchers do not know the long-term health effects of chronic exposure to the energy emitted by these reader devices.


2. Yeah, read from a distance - of about 3 feet. So I guess if one is really worried about someone running up and pointing a reader at them to see what's in their pockets, then yeah, one should be worried about RFID tags.

3. Continually bombarded with electromagnetic energy? You mean like radio waves... yeah, we don't have any of that now. :rolleyes:

Mjcpr
6/17/2004, 01:12 PM
One of these days we'll be able to push a button on the wall of our kitchen and a plate of food will come out.

Frozen Sooner
6/17/2004, 01:13 PM
Um, yeah, we are aware of the long-term effects of being bombarded with electromagnetic radiation. Pretty much 0. The earth itself is a huge EM generator. Good thing, too, or compasses wouldn't work.

Apparently EM radiation makes me unable to write comprehensibly.

Frozen Sooner
6/17/2004, 01:14 PM
IT'S THE MARK OF THE BEAST, I TELL YOU! THE BEAST!!!!

Er, uh, wait-UPCs were the mark of the beast last week, right?

salth2o
6/17/2004, 01:21 PM
So will Gillette now know when I am shaving? I fail to see the importance of tracking a razor.

Ike
6/17/2004, 01:22 PM
looks like I got beat to debunking the health risk thingy....but its true....heck, even the whole "living near power lines is bad for your health" argument has been thoroughly discredited....you need very high energy EM waves to do this....which means a good deal higher frequency than visible light...UV, Xray, and on up ...that kinda stuff...radio waves are much much much much lower in energy than visible light, and thus have no ability to break chemical bonds in your body, which is the thing that causes health problems...

TopDawg
6/17/2004, 01:25 PM
You guys are right where the RFID tag manufacturers want you.

Howzit
6/17/2004, 02:42 PM
So will Gillette now know when I am shaving? I fail to see the importance of tracking a razor.

Supply chain. Huge benefits in terms of inventory management, but the costs are too high still. I think that average cost per tag is somewhere around 50 cents currently, but need to be downwards of around a nickel a tag before the benefits are realized.

colleyvillesooner
6/17/2004, 03:01 PM
Supply chain. Huge benefits in terms of inventory management, but the costs are too high still. I think that average cost per tag is somewhere around 50 cents currently, but need to be downwards of around a nickel a tag before the benefits are realized.

I work for a company that supplies to Wal-Mart. They want their top 100 suppliers to have this ready in 2 years or so. They can put entire shipments into the computer system instantaneuosly using RFID's. PLus, in Europe they have refrigerators that scna your RFID's and send an email to your computer telling you what you need to get at the store. Personally, I could care less if someone is tracking what i buy. Right now they'd be able to "track" that I'm not having sex (no condom purchases) and I occasionally liked to dabble in the drug known on the streets as Aleve.

Boarder
6/17/2004, 03:06 PM
This from my buddy, who is a Wal Mart Manager:
Wal Mart is wanting to do this for checkout reasons, too. In the near future, you will go fill your basket, pull up to the reader, and it will tell you how much you owe. Then you pay, and leave. No waiting for checkers.

Ooooh, now you LIKE the idea, huh? :D

Howzit
6/17/2004, 03:08 PM
I work for a company that supplies to Wal-Mart. They want their top 100 suppliers to have this ready in 2 years or so.

Wasn't the original deadline this year? I think they were demanding their top 100 have this in place in 2004, but there was no way it could have been met.

RacerX
6/17/2004, 03:30 PM
This from my buddy, who is a Wal Mart Manager:
Wal Mart is wanting to do this for checkout reasons, too. In the near future, you will go fill your basket, pull up to the reader, and it will tell you how much you owe. Then you pay, and leave. No waiting for checkers.

Ooooh, now you LIKE the idea, huh? :D

Uh, no.

Must people can't follow instructions....illiterates, etc. Don't you see the people struggle with self checkout?

That and my stuff won't be bagged.

TopDawg
6/17/2004, 03:33 PM
There will be a guy with an RFID tag in his brain and when the scanner tells you how much you owe it'll also send a signal to the RFID tag in the bagger's brain which will set off a little electric charge that will send him into convulsions. Then it'll put things into perspective for you and you won't be such a cry baby about not having your things bagged.

RacerX
6/17/2004, 03:35 PM
No it won't. That guy should get a better job.

SoonerInKCMO
6/17/2004, 03:35 PM
Uh, no.

Must people can't follow instructions....illiterates, etc. Don't you see the people struggle with self checkout?

That and my stuff won't be bagged.

I agree - gotta have my stuff bagged for me. If I wanted to bag my own crap I'd get a job at a grocery store.

colleyvillesooner
6/17/2004, 03:36 PM
Wasn't the original deadline this year? I think they were demanding their top 100 have this in place in 2004, but there was no way it could have been met.

Yeah, I think it came and went, but I'm not totally sure when the deadline is now, because I'm not on the team. But I know we are not ready to roll it out.

TopDawg
6/17/2004, 03:37 PM
No it won't. That guy should get a better job.
Yeah, you talk all tough now, but just wait until you see the guy having convulsions. The focus group thought the same way you did...but seeing it changed their life.

Ike
6/17/2004, 03:45 PM
and I occasionally liked to dabble in the drug known on the streets as Aleve.


mmmmm....arm candy....

RacerX
6/17/2004, 03:47 PM
I'll step over him if I have to.

I'd much rather the chip in his head cause him to sack my purchases.

Convulsing on the ground only cleans the floor. I'm guessing they'll dress him in a suit made of dust mops.

RacerX
6/18/2004, 08:41 AM
http://www.informationweek.com/story/showArticle.jhtml?articleID=22100511

Wal-Mart Outlines RFID Expansion Plans June 17, 2004

The retailer says that by June 2005, it expects to have the project live in up to six distribution centers, and as many as 250 Wal-Mart and Sam's Club locations.
By Laurie Sullivan


Wal-Mart Stores Inc. on Thursday publicly released expansion plans for its electronic product code and radio-frequency identification technology initiative. It met with its top 100-plus suppliers participating in the RFID project gathered in Bentonville, Ark., on Monday to provide an update on the January 2005 implementation, and hear feedback from suppliers on which of the 120 distribution centers in the United States should make the list next. The next 200 suppliers convened in Bentonville on Wednesday to hear similar updates.
By June 2005, Wal-Mart expects to have the project live in up to six distribution centers, and as many as 250 Wal-Mart and Sam's Club locations. By October of next year, that number will jump to approximately 13 distribution centers and as many as 600 Wal-Mart and Sam's Club stores. The next 200 suppliers will begin tagging cases and pallets in January 2006. "We discussed implementation plans with our next top 200 suppliers," Linda Dillman, Wal-Mart's executive VP and CIO, said in a prepared statement. "Over the next 16 months, we also plan to significantly increase the number of Wal-Mart stores and Sam's Club locations where customers can benefit from this revolutionary technology."

Wal-Mart is working with suppliers to determine the next geographical region to take the project. Cases and pallets of 21 products from eight suppliers now are being shipped to Wal-Mart's Sanger, Texas, distribution centers and then onward to seven local stores with RFID tags attached. Wal-Mart said the technology gives retailers greater inventory visibility from supplier to distribution center to a store's back room.

Wal-Mart said its Dallas pilot is progressing as planned, and expects the number of suppliers tagging cases and pallets for the pilot to expand every few weeks. Consumers may soon see additional products displaying the EPCglobal symbol, including electronic products or other large items such as bicycles or lawnmowers. "We're seeing the positive results we expected," Dillman said. "We also anticipated hitting a few minor bumps in the road, which has happened. The whole reason for a pilot is to fix any last-minute issues and clear the path for a smooth implementation. That's what we're doing, and we're looking forward to January 2005 with great expectations."

Czar Soonerov
7/7/2004, 10:48 PM
Big Brother is watching...

http://news.myway.com/odd/article/id/413266|oddlyenough|07-06-2004::09:04|reuters.html

Japan Firm's Chip Tells Mom if Kids Out of School

Jul 6, 8:58 AM (ET)

TOKYO (Reuters) - Forget the notebook and the multicolored pen, a Japanese firm has developed the latest in school supplies -- chip-embedded student ID cards.

The cards make it easier for parents to keep tabs on their youngsters, said Toru Hasegawa, a spokesman for software firm NAJ Corp, based in western Japan.

Students scan ID cards on passing through the school entrance and the time is recorded and sent via email to their parents' mobile phones or computers, he said. Parents are also alerted if their child fails to arrive at school.

The same happens when school is over, so parents know when to expect their children to arrive home, Hasegawa said.

The system, which will go on sale in August, was conceived in response to growing concern about violence in Japan, he said.

"Being able to quickly get the information that their kids are leaving school is a relief for parents," he said.

Japan has long prided itself on being relatively crime-free but has been horrified in recent years by increasingly violent crimes committed by ever-younger children.

Despite safety worries, many education-obsessed parents send small children to late-night cram schools. It is not unusual for primary or junior high school students to be returning home at 10 p.m., Hasegawa said.

batonrougesooner
7/7/2004, 10:55 PM
The only question I have is is this "Alien" company publicly traded?

Cha-Ching.

BajaOklahoma
7/7/2004, 11:52 PM
One of our Senior High Schools requires the students to scan their ID card on entering the classroom. That's how attendence it taken. It will probably spread to the other schools within a year or two, depending on the cost.

Parents can already check their child's grades, lunch accounts and attendence online. They may be adding info over the summer.

SOONER44EVER
7/8/2004, 12:05 AM
This from my buddy, who is a Wal Mart Manager:
Wal Mart is wanting to do this for checkout reasons, too. In the near future, you will go fill your basket, pull up to the reader, and it will tell you how much you owe. Then you pay, and leave. No waiting for checkers.

Ooooh, now you LIKE the idea, huh? :D
Like that would ever work! Price check on lane 3.

Sooner_Bob
7/8/2004, 07:53 AM
No waiting for checkers.





This statement and Wal-Mart in the same post . . . :eek:

Sooner_Bob
7/8/2004, 07:56 AM
One of our Senior High Schools requires the students to scan their ID card on entering the classroom. That's how attendence it taken. It will probably spread to the other schools within a year or two, depending on the cost.

Parents can already check their child's grades, lunch accounts and attendence online. They may be adding info over the summer.



Sounds like a summer project for some hacker just got created . . . :D

Rhino
7/8/2004, 09:51 AM
This from my buddy, who is a Wal Mart Manager:
Wal Mart is wanting to do this for checkout reasons, too. In the near future, you will go fill your basket, pull up to the reader, and it will tell you how much you owe. Then you pay, and leave. No waiting for checkers.

Ooooh, now you LIKE the idea, huh? :D DAY TUUK ERR JERBS!!

OUDoc
7/8/2004, 10:02 AM
That second article proved that a foil hat will keep the government/WalMart from reading our thoughts.

Sexy Sooner Angel
7/8/2004, 10:09 AM
One of our Senior High Schools requires the students to scan their ID card on entering the classroom. That's how attendence it taken. It will probably spread to the other schools within a year or two, depending on the cost.

Parents can already check their child's grades, lunch accounts and attendence online. They may be adding info over the summer.
Which High School? That sounds like something PWHS would do.

Beano's Fourth Chin
7/8/2004, 10:15 AM
I like teh rfids they put on runners' feet so that you can watch their progress on the internet and so you can cheer them on from a pub instead of standing on the curb all day long.

OUDoc
7/8/2004, 11:42 AM
How long before they put those in pieces of flair? You know who made people wear flair. :mad:

Beano's Fourth Chin
7/8/2004, 11:44 AM
the microwaves generated by cell phones are sufficient to increase the temperature in your brain by 1/10 of a degree.

BajaOklahoma
7/8/2004, 12:09 PM
Which High School? That sounds like something PWHS would do.

The attendence scanning is at POSH :D (Plano's Other Senior high, AKA PSHS). It has the smallest Junior and Senior classes of the three. They have had it for at least a year and a half.

PWSH will probably have something so the kids won't have to be bothered scanning their ID - too much trouble you know.
As for the grades, the parents do not view the official grade book program. They are given the current class grade, but do not have the individual paper/test grades. :)

Czar Soonerov
5/6/2006, 12:25 PM
I warned you all, the end times are here... (http://www.wired.com/wired/archive/14.05/rfid_pr.html)

The RFID Hacking Underground


They can steal your smartcard, lift your passport, jack your car, even clone the chip in your arm. And you won't feel a thing. 5 tales from the RFID-hacking underground.
By Annalee Newitz
http://c.lygo.com/s.gif

James Van Bokkelen is about to be robbed. A wealthy software entrepreneur, Van Bokkelen will be the latest victim of some punk with a laptop. But this won't be an email scam or bank account hack. A skinny 23-year-old named Jonathan Westhues plans to use a cheap, homemade USB device to swipe the office key out of Van Bokkelen's back pocket. "I just need to bump into James and get my hand within a few inches of him," Westhues says. We're shivering in the early spring air outside the offices of Sandstorm, the Internet security company Van Bokkelen runs north of Boston. As Van Bokkelen approaches from the parking lot, Westhues brushes past him. A coil of copper wire flashes briefly in Westhues' palm, then disappears.
Van Bokkelen enters the building, and Westhues returns to me. "Let's see if I've got his keys," he says, meaning the signal from Van Bokkelen's smartcard badge. The card contains an RFID sensor chip, which emits a short burst of radio waves when activated by the reader next to Sandstorm's door. If the signal translates into an authorized ID number, the door unlocks.
The coil in Westhues' hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen's card for processing. Then, satisfied that he has retrieved the code, Westhues switches the cloner from Record mode to Emit. We head to the locked door.
"Want me to let you in?" Westhues asks. I nod.
He waves the cloner's antenna in front of a black box attached to the wall. The single red LED blinks green. The lock clicks. We walk in and find Van Bokkelen waiting.
"See? I just broke into your office!" Westhues says gleefully. "It's so simple." Van Bokkelen, who arranged the robbery "just to see how it works," stares at the antenna in Westhues' hand. He knows that Westhues could have performed his wireless pickpocket maneuver and then returned with the cloner after hours. Westhues could have walked off with tens of thousands of dollars' worth of computer equipment - and possibly source code worth even more. Van Bokkelen mutters, "I always thought this might be a lousy security system."
RFID chips are everywhere - companies and labs use them as access keys, Prius owners use them to start their cars, and retail giants like Wal-Mart have deployed them as inventory tracking devices. Drug manufacturers like Pfizer rely on chips to track pharmaceuticals. The tags are also about to get a lot more personal: Next-gen US passports and credit cards will contain RFIDs, and the medical industry is exploring the use of implantable chips to manage patients. According to the RFID market analysis firm IDTechEx, the push for digital inventory tracking and personal ID systems will expand the current annual market for RFIDs from $2.7 billion to as much as $26 billion by 2016.
RFID technology dates back to World War II, when the British put radio transponders in Allied aircraft to help early radar system crews detect good guys from bad guys. The first chips were developed in research labs in the 1960s, and by the next decade the US government was using tags to electronically authorize trucks coming into Los Alamos National Laboratory and other secure facilities. Commercialized chips became widely available in the '80s, and RFID tags were being used to track difficult-to-manage property like farm animals and railroad cars. But over the last few years, the market for RFIDs has exploded, driven by advances in computer databases and declining chip prices. Now dozens of companies, from Motorola to Philips to Texas Instruments, manufacture the chips.
The tags work by broadcasting a few bits of information to specialized electronic readers. Most commercial RFID chips are passive emitters, which means they have no onboard battery: They send a signal only when a reader powers them with a squirt of electrons. Once juiced, these chips broadcast their signal indiscriminately within a certain range, usually a few inches to a few feet. Active emitter chips with internal power can send signals hundreds of feet; these are used in the automatic toll-paying devices (with names like FasTrak and
E-ZPass) that sit on car dashboards, pinging tollgates as autos whiz through.
For protection, RFID signals can be encrypted. The chips that will go into US passports, for example, will likely be coded to make it difficult for unauthorized readers to retrieve their onboard information (which will include a person's name, age, nationality, and photo). But most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5. It's just not cost-effective for your average office building to invest in secure chips.
This leaves most RFIDs vulnerable to cloning or - if the chip has a writable memory area, as many do - data tampering. Chips that track product shipments or expensive equipment, for example, often contain pricing and item information. These writable areas can be locked, but often they aren't, because the companies using RFIDs don't know how the chips work or because the data fields need to be updated frequently. Either way, these chips are open to hacking.
"The world of RFID is like the Internet in its early stages," says Ari Juels, research manager at the high tech security firm RSA Labs. "Nobody thought about building security features into the Internet in advance, and now we're paying for it in viruses and other attacks. We're likely to see the same thing with RFIDs."
David Molnar is a soft-spoken computer science graduate student who studies commercial uses for RFIDs at UC Berkeley. I meet him in a quiet branch of the Oakland Public Library, which, like many modern libraries, tracks most of its inventory with RFID tags glued inside the covers of its books. These tags, made by Libramation, contain several writable memory "pages" that store the books' barcodes and loan status.

Brushing a thatch of dark hair out of his eyes, Molnar explains that about a year ago he discovered he could destroy the data on the books' passive-emitting RFID tags by wandering the aisles with an off-the-shelf RFID reader-writer and his laptop. "I would never actually do something like that, of course," Molnar reassures me in a furtive whisper, as a nonbookish security guard watches us. Our RFID-enabled checkout is indeed quite convenient. As we leave the library, we stop at a desk equipped with a monitor and arrange our selections, one at a time, face up on a metal plate. The titles instantly appear onscreen. We borrow four books in less than a minute without bothering the librarian, who is busy helping some kids with their homework.
Molnar takes the books to his office, where he uses a commercially available reader about the size and heft of a box of Altoids to scan the data from their RFID tags. The reader feeds the data to his computer, which is running software that Molnar ordered from RFID-maker Tagsys. As he waves the reader over a book's spine, ID numbers pop up on his monitor.
"I can definitely overwrite these tags," Molnar says. He finds an empty page in the RFID's memory and types "AB." When he scans the book again, we see the barcode with the letters "AB" next to it. (Molnar hastily erases the "AB," saying that he despises library vandalism.) He fumes at the Oakland library's failure to lock the writable area. "I could erase the barcodes and then lock the tags. The library would have to replace them all."
Frank Mussche, Libramation's president, acknowledges that the library's tags were left unlocked. "That's the recommended implementation of our tags," he says. "It makes it easier for libraries to change the data."
For the Oakland Public Library, vulnerability is just one more problem in a buggy system. "This was mostly a pilot program, and it was implemented poorly," says administrative librarian Jerry Garzon. "We've decided to move ahead without Libramation and RFIDs."
But hundreds of libraries have deployed the tags. According to Mussche, Libramation has sold 5 million RFID tags in a "convenient" unlocked state.
While it may be hard to imagine why someone other than a determined vandal would take the trouble to change library tags, there are other instances where the small hassle could be worth big bucks. Take the Future Store. Located in Rheinberg, Germany, the Future Store is the world's preeminent test bed of RFID-based retail shopping. All the items in this high tech supermarket have RFID price tags, which allow the store and individual product manufacturers - Gillette, Kraft, Procter & Gamble - to gather instant feedback on what's being bought. Meanwhile, shoppers can check out with a single flash of a reader. In July 2004, Wired hailed the store as the "supermarket of the future." A few months later, German security expert Lukas Grunwald hacked the chips.
Grunwald cowrote a program called RFDump, which let him access and alter price chips using a PDA (with an RFID reader) and a PC card antenna. With the store's permission, he and his colleagues strolled the aisles, downloading information from hundreds of sensors. They then showed how easily they could upload one chip's data onto another. "I could download the price of a cheap wine into RFDump," Grunwald says, "then cut and paste it onto the tag of an expensive bottle." The price-switching stunt drew media attention, but the Future Store still didn't lock its price tags. "What we do in the Future Store is purely a test," says the Future Store spokesperson Albrecht von Truchsess. "We don't expect that retailers will use RFID like this at the product level for at least 10 or 15 years." By then, Truchsess thinks, security will be worked out.
Today, Grunwald continues to pull even more-elaborate pranks with chips from the Future Store. "I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!"
Aside from pranks, vandalism, and thievery, Grunwald has recently discovered another use for RFID chips: espionage. He programmed RFDump with the ability to place cookies on RFID tags the same way Web sites put cookies on browsers to track returning customers. With this, a stalker could, say, place a cookie on his target's E-ZPass, then return to it a few days later to see which toll plazas the car had crossed (and when). Private citizens and the government could likewise place cookies on library books to monitor who's checking them out.
In 1997, ExxonMobil equipped thousands of service stations with SpeedPass, which lets customers wave a small RFID device attached to a key chain in front of a pump to pay for gas. Seven years later, three graduate students - Steve Bono, Matthew Green, and Adam Stubblefield - ripped off a station in Baltimore. Using a laptop and a simple RFID broadcasting device, they tricked the system into letting them fill up for free.
The theft was concocted by Avi Rubin's computer science lab at Johns Hopkins University. Rubin's lab is best known for having found massive, hackable flaws in the code running on Diebold's widely adopted electronic voting machines in 2004. Working with RSA Labs manager Juels, the group figured out how to crack the RFID chip in ExxonMobil's SpeedPass.
Hacking the tag, which is made by Texas Instruments, is not as simple as breaking into Van Bokkelen's Sandstorm offices with a cloner. The radio signals in these chips, dubbed DST tags, are protected by an encryption cipher that only the chip and the reader can decode. Unfortunately, says Juels, "Texas Instruments used an untested cipher." The Johns Hopkins lab found that the code could be broken with what security geeks call a "brute-force attack," in which a special computer known as a cracker is used to try thousands of password combinations per second until it hits on the right one. Using a home-brewed cracker that cost a few hundred dollars, Juels and the Johns Hopkins team successfully performed a brute-force attack on TI's cipher in only 30 minutes. Compare that to the hundreds of years experts estimate it would take for today's computers to break the publicly available encryption tool SHA-1, which is used to secure credit card transactions on the Internet.

ExxonMobil isn't the only company that uses the Texas Instruments tags. The chips are also commonly used in vehicle security systems. If the reader in the car doesn't detect the chip embedded in the rubbery end of the key handle, the engine won't turn over. But disable the chip and the car can be hot-wired like any other. Bill Allen, director of strategic alliances at Texas Instruments RFID Systems, says he met with the Johns Hopkins team and he isn't worried. "This research was purely academic," Allen says. Nevertheless, he adds, the chips the Johns Hopkins lab tested have already been phased out and replaced with ones that use 128-bit keys, along with stronger public encryption tools, such as SHA-1 and Triple DES.
Juels is now looking into the security of the new US passports, the first of which were issued to diplomats this March. Frank Moss, deputy assistant secretary of state for passport services, claims they are virtually hack-proof. "We've added to the cover an anti-skimming device that prevents anyone from reading the chip unless the passport is open," he says. Data on the chip is encrypted and can't be unlocked without a key printed in machine-readable text on the passport itself.
But Juels still sees problems. While he hasn't been able to work with an actual passport yet, he has studied the government's proposals carefully. "We believe the new US passport is probably vulnerable to a brute-force attack," he says. "The encryption keys in them will depend on passport numbers and birth dates. Because these have a certain degree of structure and guessability, we estimate that the effective key length is at most 52 bits. A special key-cracking machine could probably break a passport key of this length in 10 minutes."
I'm lying facedown on an examination table at UCLA Medical Center, my right arm extended at 90 degrees. Allan Pantuck, a young surgeon wearing running shoes with his lab coat, is inspecting an anesthetized area on the back of my upper arm. He holds up something that looks like a toy gun with a fat silver needle instead of a barrel.
I've decided to personally test-drive what is undoubtedly the most controversial use of RFIDs today - an implantable tag. VeriChip, the only company making FDA-approved tags, boasts on its Web site that "this ‘always there' identification can't be lost, stolen, or duplicated." It sells the chips to hospitals as implantable medical ID tags and is starting to promote them as secure-access keys.

Czar Soonerov
5/6/2006, 12:26 PM
Pantuck pierces my skin with the gun, delivering a microchip and antenna combo the size of a grain of long rice. For the rest of my life, a small region on my right arm will emit binary signals that can be converted into a 16-digit number. When Pantuck scans my arm with the VeriChip reader - it looks sort of like the wand clerks use to read barcodes in checkout lines - I hear a quiet beep, and its tiny red LED display shows my ID number.
Three weeks later, I meet the smartcard-intercepting Westhues at a greasy spoon a few blocks from the MIT campus. He's sitting in the corner with a half-finished plate of onion rings, his long blond hair hanging in his face as he hunches over the cloner attached to his computer.
Because the VeriChip uses a frequency close to that of many smartcards, Westhues is pretty sure the cloner will work on my tag. Westhues waves his antenna over my arm and gets some weird readings. Then he presses it lightly against my skin, the way a digital-age pickpocket could in an elevator full of people. He stares at the green waveforms that appear on his computer screen. "Yes, that looks like we got a good reading," he says.
After a few seconds of fiddling, Westhues switches the cloner to Emit and aims its antenna at the reader. Beep! My ID number pops up on its screen. So much for implantable IDs being immune to theft. The whole process took 10 minutes. "If you extended the range of this cloner by boosting its power, you could strap it to your leg, and somebody passing the VeriChip reader over your arm would pick up the ID," Westhues says. "They'd never know they hadn't read it from your arm." Using a clone of my tag, as it were, Westhues could access anything the chip was linked to, such as my office door or my medical records.
John Proctor, VeriChip's director of communications, dismisses this problem. "VeriChip is an excellent security system, but it shouldn't be used as a stand-alone," he says. His recommendation: Have someone also check paper IDs.
But isn't the point of an implantable chip that authentication is automatic? "People should know what level of security they're getting when they inject something into their arm," he says with a half smile.
They should - but they don't. A few weeks after Westhues clones my chip, Cincinnati-based surveillance company CityWatcher announces a plan to implant employees with VeriChips. Sean Darks, the company's CEO, touts the chips as "just like a key card." Indeed.

BigRedJed
5/6/2006, 12:42 PM
http://images.dancingmokey.com/humor_SFW/foil_hat.jpg

BigRedJed
5/6/2006, 12:43 PM
http://home.no.net/holodoc/ordinary1.jpg

BigRedJed
5/6/2006, 12:44 PM
http://www.geckotales.com/horoscopehomer1.jpg

Sooner_Bob
5/6/2006, 12:52 PM
I see dead RFID tags.