Doesn't matter if the "chip" isn't clonable. Once you've read the chip you can emulate the chip's response with software.

I give a week till some hacker figures it out.

A week?
That long, you think?

The guys over at Mythbusters would love to get their hands on this one. Oh wait, there tied by the handcuffs of the advertising that pays their salarys....BUSTED!!!

As they're PUFfing and PUFfing away, passing around the ceremonial cigar, basking in the cloud of their own success, someone, somewhere, will break this and then they'll say, "Well, it's unhackable and unclonable, it's just that we didn't think of this one little flaw, but if we did, it'd truly be unhackable then!"

As they say, there are no foolproof locks because fools are so ingenious.

call me when some schmuck in the back of the room yells out "Eureka!" ... in the meantime, I'll be down the street enjoying the "scenery".

cant apple just make these chips???

Then they would work flawlessly.

PUF the magic RFID chip claims unhackability
just wait till the haxors of the world make an ass of thee!

When will companies learn: The physical configuration of RFID will _never_ matter as long as it's transmitting an RFID signal. An RFID signal is easy to tamper with and reproduce.

RFID is insecure and dumb. We should have dumped it long ago.

As I understand it basically this is the same trick as they used on DVD's, they add a bit of info that normal readers don't read and isn't part of the industry-standard response so over-the-counter RFID's don't send it.
So yeah it'll take a bit to find a way to get something to send the code, and to jury-rig a reader that also reads the extra ID, if needed.
The bit about the wires is just for show to dazzle the press and senators and assorted naïve technonubs , obviously nobody checks RFID's under an electron microscope under normal circumstances.
The idea here is that since it's not using industry standards it can nicely sell tons of readers at inflated monopolistic prices which won't help for long but that's where the wires and DNA nonsense comes in, the appropriations commissions of governments eat that kind of thing up.
Maybe I'm just cynical though, hah.

@ Balam Herrera

If Apple made them, we'd have to purchase everything through iTunes.

It looks like a carpet sample.

Unless their new security feature involves RFID chips rubbing eachother down to check for wires, I'm going to have to call shenanigans on this.

There essentially is no real way to make RFID hack proof. I know when I request anything that has the option i will do anything I can to avoid the RFID chips.

To me, until something much more secure comes along I would like to see a biometric add-on to any RFID swipe. So to make the card work you have to use a fingerprint [or retina] scanner and also swipe the card or item. That way it prevents any random passerby stealing the numbers and getting it to work. It is not perfect and can be faked [mythbusters did it]. But hey. it is better than what they have now.

So if you're planning on using biometrics anyway, why not simply drop the RFID nonsense and go with biometrics?

Without handshaking (so a two ways communication) its almost impossible to be hacker proof.

My guess is that they will use technique similar to the CD/DVD protection mechanism (like someone mentioned) which involves a designed physical imperfection to the chip/signal, which can't be reproduced/simulated (at least easily). I'm talking about a signal that cannot be reproduced without specific physical qualities of the transmitter... So the only way to hack it would be to steal materials or technology of reproducing those chips.
Had anyone considered that they might know what they are doing?

Except that they are a bit too late. Steinberg syncrosoft and interLok are already proved to be unlockable.

PUF will go puff in no time

Try reading the paper. Their technique isn't bulletproof, but it's better than you're giving them credit for. The device is sent a challenge and computes a response; the value of the response depends on the physical parameters of the device that are hard to control (difference in circuit delays between two paths, for example). The usage model is that you issue a some random challenges at the factory and store the responses for that chip; later, someone wants to know "Is this the real thing?" They ask the server for a challenge string, send it to the chip, and send the response back to the server, which tells you if it's good or not.

It's true that you could record and replay these challenges and responses, so the intent is to use them as one-time passwords; this is expected to be used when, say, a Walgreen's gets a shipment of Viagra and wants to be sure it's the real thing and not a cheap substitute that was swapped in overnight at a warehouse somewhere. Thus, only getting a few uses out of it is enough. The space of challenges is also pretty large (they prototyped 64 bits), so you can't make a practical attack by making a device that knows all the answers.

The biggest risk is that the "randomness" of the PUF can be characterized by a small number of well-chosen queries, and that the function just isn't as random as they want it to be. It's possible, but that might still push the difficulty of making a "clone" version of this high enough that it's no longer worth it for a bottle of pills or similar-scale item.