No surprise here, but the kids from MIT were (presumably) right all along. The three students who were muffled just before presenting their case at Defcon have finally been freed; the now-revoked gag order had prevented them from exposing insecurities in the Massachusetts Bay Transportation Authority ticket system, but during the same court setting, the MBTA fessed up and admitted that its current system was indeed vulnerable. Of note, it only confessed that its CharlieTicket system was susceptible to fraud, while simply not acknowledging any flaws in the more popular CharlieCard option. Pish posh -- who here believes it doesn't have dutiful employees working up a fix as we speak?

This one's a bit morbid, but the technology behind it all is actually quite interesting. Japan's own Nichiryoku has evidently created a unique urn retrieval system that enables family members with deceased loved ones to return to a reverent storage facility, swipe an RFID card, and watch their late mother / father / etc. emerge from the underground for viewing. Aside from saving space and money, this also provides mourning kin with a sense of security, as we're told that the urns are kept where even minor acts of God won't disturb them. Check out a demonstrative video just after the break.

[Via CScout]

Ah, Black Hat. How we adore you. Each year there's always one speaker who shows up and completely undermines something that most people assume is rock solid. This year, our pals at Hack-A-Day were in attendance to hear Nate Lawson expose California's FasTrak toll system for the security hole that it is. Essentially, toll transponders that are purchased and slapped onto vehicles offer up exactly no authentication, meaning that anyone with an ill will and an RFID reader could wander through a parking lot and lift all sorts of useful information. Think it can't get worse? The transponders reportedly support "unauthenticated over the air upgrading," which means that each tag could be forced to take on a new ID if the right equipment was present. We don't have to spell out "potential disaster" for you, now do we?

[Image courtesy of Mindfully]

It's downright frightening that we've become numb to this news, but here again we're faced with another report of e-passports being hacked within minutes. The University of Amsterdam's Jeroen van Beek was reportedly able to clone and manipulate a pair of British passports in about the time it takes you to sip down your first cup of joe in the morning, and worse still, they were accepted as genuine by the software "recommended for use at international airports." The tests point out a number of vulnerabilities, including the fact that the microchips could be susceptible to having falsified biometrics inserted for use. As expected, talking heads at the Home Office still insist that any chip manipulation would be immediately recognized by the electronic readers, so we'll leave it up to you to decide who's telling the truth here.

It seems like some researchers from Radbound University in The Netherlands took advantage of the recent Four Days Marches of Nijmegen walking race for a little experiment earlier this month, where they convinced ten volunteers to swallow an RFID pill as part of a study to monitor body temperature. Apparently, the pills recorded and transmitted the walkers' core temperature to a receiver in their backpack every ten seconds, which in turn sent the data via Bluetooth to a GPS-enabled phone that then relayed it to the operations center at Radbound. With all that info at their disposal, the researchers were able to monitor each walker and alert them if their temperature was reaching a dangerous level, or even alert others nearby if they weren't responding (which apparently wasn't necessary). As you might have guessed, the researchers are already hard at work planning an even larger test for next year's event, which they hope could eventually lead to the system being used at marathons and other sports events.

[Via picturephoning.com]

Frankly, we're disappointed. It's 2008, the veritable future, and you still don't have an RFID-based automatic sliding doggie door? For shame! The Plexidor Electronic Doggie Door allows for all that nice canine coming and going with none of the less-nice house robbing a regular flap door enables. Your dog gets to wear an RFID chip on his collar, which lets the door know to automatically slide up when he shows up -- hopefully with a sort of squeegee sound to complete the sci-fi effect. Prices range from $700 to $800 depending on configuration.

For better or worse, targeted advertising isn't going anywhere. Seemingly, it's not getting any more discrete, either. NEC's Digital Signage Solution combines a camera, a large display and a FeliCa contactless IC card reader / writer in order to dole out advertisements that cater to certain demographics. The system includes the innate ability to determine "gender, generation and other attributes" of a person in order to serve up advertisements that will cause him / her to spend some dough. From there, the individual can scan their phone in order to access related content on their mobile internet browser. That's all and fine and dandy we suppose, but how on Earth do you convince busy citizens to stop by and have a look at an otherwise uninteresting flat-panel?

[Image courtesy of NEC]

There are all sorts of ways to deal with rising gas prices and public transportation needs, and Montreal is getting in the game with what they're calling the Public Bike System. Utilizing a central inventory and check-out website, solar-powered docking stations, and high-tech RFID-tagged aluminum bikes, the system is a gadget-maxed project that could be amazing or turn into a complete theft disaster. Each station holds six bikes and six docks, and users can find the nearest available bike on a website and then return the bike to any other dock. Payments can be made via credit, debit, or "member" card. Quick question, though -- what if a popular destination has no available docks for a drop-off?

RFID has long since been a pretty common find in your modern day hospital, but now GE and CenTrak are teaming up to make the technology even more useful in those long, winding hallways. Simply hailed as RFID "virtual walls," the creation enables venues to "track tagged mobile medical equipment down to a portion of a single room." By providing sub-room-level distinction, personnel can locate hardware within a monitored area as tiny as 6- x 8-feet, and although it'll likely be used to locate cardiac defibrillators and portable ultrasound machines, patients could theoretically be tracked, too. The new tech will be shown off at the Association for the Advancement of Medical Instrumentation (AAMI) Conference in San Jose next week, though there's no word on how soon the duo will roll this stuff out en masse.

[Via medGadget]

RFID clothing is far from revolutionary, but American Apparel is about to get everyone's attention by placing tags on a smorgasbord of garments. The firm is setting out to implement RFID at the item-level, meaning that tags will eventually hit each article of clothing it produces. For starters, the advanced inventory system will be rolled out across each of its 17 metro New York locations, while plans are already in place to deploy the solution to another 120 North American outlets. The idea is to track individual pieces as they're "tagged at the company's manufacturing facility in Los Angeles, received in its retail stores, stored in the stock rooms at the stores, and then placed onto the sales floor and ultimately sold at the point-of-sale." Of course, we wouldn't expect the tags to follow you home or anything -- too bad we can't say the same for the company's skeezy CEO, Dov Charney.

[Image courtesy of The New York Times]

For airlines and cargo handling companies, the inability to know precisely where a specific item was located on a belt could (understandably) prove to be quite the limitation. Thankfully, the gurus at Alien Technology are aiming to add more functionality to a few of its readers in order to nix said quandary. The company recently showcased its Intelligent Tag Radar reader firmware in Las Vegas, which essentially provides its ALR-9900, ALR-9800 and ALR-8800 Enterprise-Class reader platform with the ability to understand "information about the velocity and position of tags, in addition to the contents of tag memory." Furthermore, the included ITR-Singulation features allows the reader to "easily discriminate amongst adjacent tagged objects on a conveyor such as items, cases or airline baggage." One less excuse for lost luggage? Where do we sign?

[Via CNET]

Gurus at Purdue University have conjured up a prototype device which, when injected into a tumor, can actually track the "precise dose of radiation received and locate the exact position [of the tumor] during treatment." Currently, the needle-sized device is held within a hermetically sealed glass capillary, contains a miniature radiation dosimeter, operates without batteries and instead relies on "electrical coils placed next to the patient" for activation. As small as the RFID-enabled unit is, engineers are still hoping to create a version that is around the size of a grain of rice, and hopes are to have it in clinical trials in 2010.

[Via Physorg]

When did the practice of lawmaking require an accompanying press release issued by a professional PR firm? An embedded photo of the sponsoring state official, too? Shameless. Nevertheless, it did bring our attention to a new law in the state of Washington which prohibits "malicious" RFID spying. When the new law (said to be a first of its kind in the US) goes into effect in July, anyone caught scanning a person remotely "without his or her knowledge and consent, for the purpose of fraud, identity theft, or some other illegal purpose" will be charged with a Class C felony. Great, so that covers the obvious criminal abuse of the technology. However, the original bill also included an opt-in measure that would require your approval before retailers and others could track your activity via that handy, store-issued discount card you carry, the implant you received during that stint in the joint, new credit card, or personal ID card you're required to carry. Unfortunately, the opt-in requirement was stricken from the bill (and therefore not in the final law) after succumbing to heavy corporate lobbying. You thinking what we're thinking? Contact information posted in the read link below.

The RFID hacks keep coming fast and furious -- hot the heels of that Mifare / Oyster Card exploit, the crew at BoingBoing TV has posted up a little demo of how easy cracking the RFID encryption on an American Express card can be. All it takes is an $8 dollar reader easily available on eBay, some software, and the courage to walk around with a laptop waving plastic boxes at people's butt pockets, but developer Pablos Holman says he's hoping to develop a newer version that will allow him to be a little more discreet. The root of the problem is apparently the fact that the system uses local decryption rather than sending card info to a secure data center, but either way we've been worried about this for a long time -- we're sticking to loose change and the barter system from now on. Video after the break.

Sure, it's fun to say that one billion RFID cards are now at risk due to the Mifare Classic's broken encryption, but it's another thing to comprehend how widespread the fallout could potentially be -- the London Underground's Oyster Card is based on the chip, for example. And that's just the tip of the iceberg: a new report says that the system can be broken in minutes using a typical PC -- check the video after the break for a demonstration. We've also listed all the other now-potentially-vulnerable Mifare RFID implementations we could find, but there's got to be more -- put 'em in comments!