RFID tags hacked for publicity
by Gareth Edwards 
posted Aug 10th 2004 at 12:20PM
Forbes reports on a German security consultant who's worked out how to hack the RFID tags on products using a PDA
with a tag reader and change the price information that'll be read at the cash register. This sounds like another
example of publicity-seeking under the guise of pointing out a legitimate security issue; as is pointed out later in
the article, the only encryption available for RFID so far is 8-bit, which is precisely why it's not being used to tag
products in shops at the moment (that, and the fact that the cost per tag is still too high). Another flaw in the hack
is that the approach involves replacing the information in one product tag with the data from a cheaper one, so unless
the checkout's automated someone is going to notice when that whole fillet of beef tries to claim that it's a carton of
milk.
[Via the ITU Strategy and Policy Unit
Newslog]
Reader Comments (Page 1 of 1)
Biff Smitty @ Dec 19th 2005 2:23AM
My friend Clankton used to talk to me about this sort of thing all the time. Use a concentrated date flow, and your halfway home. I ought to tell y'all that I never really thought it was possible - heck, it seemed downright unlikely - until I checked it using a second and third helper. And what luck! Plenty of savings. :)
Permanent4 @ Dec 19th 2005 2:23AM
"...unless the checkouts automated someone is going to notice when that whole fillet of beef tries to claim that its a carton of milk."
I think you grossly overestimate how much the average chain superstore cashier pays attention to his/her job. A cashier at a Food Lion here in N.C. once accepted a $200 bill with George W. Bush's picture on it. (http://www.thesmokinggun.com/archive/bushbill1.html) They don't make enough money to care about RFID accuracy. By the time someone notices they sold 8 million gallons of milk in a day, the entire store will already be empty.
Steve Kudlak (chromazine at sbcglobal dot net) @ Dec 19th 2005 2:23AM
If it is this hackable then someone will have fun
with it. Worse yet the punker cashier will have
her friends come in at 3AM for "bargain time".
Note I found on a site a plan for one of these things with encryption protection but seeing as much trouble as my friend has in setting up encryption systems for a branch of IBM and my mind boggles what happens when it doesn't work at 3AM.
Note I regularly go back to the Long's (US California Drug Chain) near me with purchases I have been overcharged for. I have to watch them as they check out items as there is a 10% there will be a foulup on any given day. The computer's price data does not match the paper tags on the shelf many a time.
Have Fun,
Sends Steve
Eric Ipsen @ Dec 19th 2005 2:23AM
Library Automation Technologies, Inc. (LAT) announced today at the Annual Conference of the American Library Association (ALA) that it has developed an encryption envelope for its FlashScan self-checkout and RFID systems. LAT's new product, Flashscan RFID Encryption Envelope, FREE is designed to provide libraries implementing RFID a technical security solution that addresses patron privacy and protection.
ncryption will be vital for protecting retailers from potential surveillance by their rivals. Without encryption, he says, entire shipments to a retail store could be read and tracked by any rival that places an RFID reader close enough to goods being shipped. Encryption could also suitable for high-privacy applications where tags are written to just once and then read many times. One example, says LAT, is using tags to identify blood and other medical samples while ensuring that any patient data stored on the tag is kept confidential.
LAT says its FREE system will be available starting August 10. License pricing, which will include maintenance and updates, will be announced then.
Also from RFID Journal http://www.rfidjournal.com/article/articleview/1027/1/1/
"Our goal in making this solution available is to make it simple and flexible for librarians to implement and use," stated Oleg Boyarsky, CEO of Library Automation Technologies. "FREE is designed to be resource efficient and to solve one important aspect of RFID vulnerability - the communication of data between an RFID reader/write device and the tag, or smart label, as we call it."
FREE provides maximum flexibility for the systems librarian to define the symmetric key and a particular algorithm she wishes to use, otherwise known as a "pair. This scheme allows dynamic changes of the key/algorithm by the administrator. The product also provides for the capability to add additional algorithms.
MochaAddict @ Dec 19th 2005 2:23AM
The approach is flawed.
The RFID should be encloded to a product code/serial number only. The reader would need to just pull the ID number and look up the price and other info. Heaven forbid the retailer consult a price list.
It otherwise needs to be made read-only or write once (like a CD-R).