D-G: W Fwd: RF-ID tags, fascism and William Henry
- Hello Frits:
When reading the fascist article in the following link, remember there are 2
fasci hanging on the laurel backdrop behind and on either side of the USA
corporate president as he addresses the senate.
Subject: RFID tags become hacker target
RFID tags become hacker target
Published: July 28, 2004, 5:40 PM PDT
By Robert Lemos ZZZ
Staff Writer, CNET News.com
LAS VEGAS--Privacy advocates may not be the only people taking issue with
the current crop of radio-frequency identification tags--merchants will
likely have problems with a lack of security as well, a German technology
consultant said Wednesday.
Low-cost RFID tags--many which are smaller than a nickel and cost less
too--are already being added to packaging by retailers to keep track of
inventory but could be abused by hackers and tech-savvy shoplifters, said
Lukas Grunwald, a senior consultant with DN-Systems Enterprise Solutions
GmbH. While the technology mostly threatens consumer privacy, the new
technology could allow thieves to fool merchants by changing the identity of
goods, he said.
"This is a huge risk for companies," Grunwald said during a discussion at
the Black Hat Security Briefings here. "It opens a whole new area for
shoplifting as well as chaos attacks."
While expensive RFID reader hardware and hard-to-use software have hindered
security research in the area, Grunwald said that's no longer a hurdle. The
security expert announced during the session a new software tool that he
helped create that can be used to read and reprogram radio tags.
When such tools become widely available, hackers and those with less pure
motives could use a handheld device and the software to mark expensive goods
as cheaper items and walk out through self checkout. Underage hackers could
attempt to bypass age restrictions on alcoholic drinks and adult movies, and
pranksters could create confusion by randomly swapping tags, requiring that
a store do manual inventory.
Grunwald's software program, RFDump, makes rewriting RFIDs easy. While there
are significant malicious uses of the program, consumers could also use it
to protect themselves, he said.
"Everyone should have the right, once they leave the store, to erase the
RFID tags," he said. Deleting information on the tags would allow people to
stop RFID checkpoints in stores and other places from tracking which
products they are carrying, or which have been inserted under their skin.
Solving the business security issues may not be easy. While encryption could
be used to hide data from unauthorized snoopers, not many RFID chips can
handle the more-involved task of crunching cryptographic keys.
Moreover, the RFID tags that can handle those tasks are among the most
expensive on the market and not something you would stick on a cream cheese
box at the grocery store, Grunwald said.
Store owners could have a database server that they program to track their
goods using the unchangeable serial number on the RFID tag, however that
adds a lot more complexity to the adoption of such technology, Grunwald
"The people who will be using this (shopkeepers) don't know much about
technology," he said.
Date: Thu, 29 Jul 2004 12:30:02 -0800
From: "Jeff Bowman" <jbowman@...>
Subject: FW: Anti-spy chip hack
From: Tee [mailto:eagle11@...]
Sent: Thursday, July 29, 2004 10:17 AM
Subject: Anti-spy chip hack
Anti-spy chip hack
p2pnet.net News:- RFID (radio-frequency identification) spy chips are hot.
Retailers and manufacturers say the tags can be used as security devices to
stop theft, as well as for stock inventories and similar purposes.
But civil rights advocates say spy chips can also be used to track and
Germany's Lukas Grunwald and Boris Wolf have, however, devised and developed
RFDump to detect RFID-Tags and show their meta information: Tag ID, Tag
Type, manufacturer etc.
"The user data memory of a tag can be displayed and modified using either a
Hex or an ASCII editor," says Grunwald on the RFDump site
"In addition, the integrated cookie feature demonstrates how easy it is for
a company to abuse RFID technology to spy on their customers."
Are Grunwald and Wolf alarmists?
Activists in Rheinberg, Germany, <http://p2pnet.net/story/871>protested
outside the Metro Extra Future Store, the world's fifth largest retailer and
a test site for RFID tracking and other technologies. "Metro failed to
notify customers that they were being tracked," a Wired story said.
"Although Metro told activists the chips worked only while customers were
inside the store, activists discovered that a kiosk used to deactivate the
chips didn't completely disable the tags."
Researchers who scammed official badges at theWorld Summit on the
Information Society were shocked to find badges given to dignitaries
including presidents and prime ministers were
RFID is set to replace bar codes, courtesy of
<http://p2pnet.net/story/538>VeriSign, with all that implies. IBM and
Philips plan to work <http://p2pnet.net/story/636>together in RFID. Kids at
a school in Japan will be riffed and Microsoft is preparing to get into RFID
in the first half of 2005.
And there are other considerations.
Spy chips are systems, systems can be hacked and, "as the technology is
adopted more widely a thief could conceivably mark down the price of an
expensive piece of jewelry before paying for it at an automated checkout
counter, underage hackers could purchase alcohol or adult movies, and
pranksters could simply reprogram the inventory of an entire store by just
walking up and down the isles," suggests simoniker on /.
RFDump works with the ACG Multi-Tag Reader or similar card reader hardware
and comes as a:
* Java application for Windows and Linux with an intuitive GUI
* Gtk application for Linux with a GUI similar to the Java
* Rudimentary Perl script for Linux (PC or PDA) with a console-based
* ANSI C / GTK port of Java Application
* Support for additional protocols and reader hardware (e.g. 125 KHz
* Brute-Force TAG-Password Cracker
* Build-environment / CVS
If you're interested in helping on the project, contact Grunwald and Wolf
<mailto:rfid@...>here, or go
Here is also a heads up for William Henry and Richard Hoagland this saturday
----- End forwarded message -----