I can't wait for RFID hacking

Paul C. Anagnostopoulos said:
So it goes off and they nab me. They then check their database and find the item was bought a week ago, by someone else, and it was a pair of socks instead of a weedwhacker.

Even better, walk in and out of different stores.

~~ Paul
Click to expand...

So, what, you are suggesting they will be reusing the same ID number over time without realizing it? Yeah, I thought of that too. They really shouldhn't put themselves in that situation, and as such RFIDs should be deactivated after purchase.
 
It's really not a problem to make sure each manufactured chip has a unique identifier. We already do this. Books have unique ISBNs, computers have unique IPs, cars have unique VINs.

Each chip manufacturer can be assigned a block of numbers that they stamp onto their chips. Better yet, have everyone stamp their chips with random integers between 1 and 10^1000. This reduces the chance of a collision to nearly zero, while also eliminating the possibility of anyone counterfeiting chips not in their possession.

It's not like we're about to run out of integers.

Edit: maybe we can have coded headers to indicate the type of item? There's lots of room for all kinds of information to be stored on these chips.
 
Last edited:
Dark said:
So, what, you are suggesting they will be reusing the same ID number over time without realizing it? Yeah, I thought of that too. They really shouldhn't put themselves in that situation, and as such RFIDs should be deactivated after purchase.
Click to expand...
No, I'm not suggesting that. I'm suggesting it will be amusing as the database system wonders why a previously-used ID is showing up again, especially if it was deactivated when the product was bought.

Certainly all these attacks can be handled. I'm just wondering how well they will be handled.

~~ Paul
 
Paul C. Anagnostopoulos said:
No, I'm not suggesting that. I'm suggesting it will be amusing as the database system wonders why a previously-used ID is showing up again, especially if it was deactivated when the product was bought.

Certainly all these attacks can be handled. I'm just wondering how well they will be handled.

~~ Paul
Click to expand...

Oh, so you are talking about HACKED RFIDs! Sorry, I wasn't expecting a response that was on topic. :D

Yes, as far as that is concerned, it could be interesting. I don't see it doing much more than activating an alarm though.
 
If anyone manages to hack the CTA's new Chicago card RFID to allow unlimited rides, could you send one to me? :boxedin:
 
Cecil said:
It's really not a problem to make sure each manufactured chip has a unique identifier. We already do this. Books have unique ISBNs, computers have unique IPs, cars have unique VINs.

Each chip manufacturer can be assigned a block of numbers that they stamp onto their chips. Better yet, have everyone stamp their chips with random integers between 1 and 10^1000. This reduces the chance of a collision to nearly zero, while also eliminating the possibility of anyone counterfeiting chips not in their possession.

It's not like we're about to run out of integers.

Edit: maybe we can have coded headers to indicate the type of item? There's lots of room for all kinds of information to be stored on these chips.
Click to expand...

Most of the 13.56 MHz tags already have a unique identifier, including a manufacturer number. Chance doesn't enter into it. This is used to address a single tag when multiple tags are in the activating field, and is not user programmable. They also have nonvolatile memory that is (re)programmable by the reader. That's what the various applications use.
 
RFID chips carry enough bits that every molecule in the universe could have it's own RFID tag so unlike barcodes re-use is not an issue. Also the id of the chip is capable of being re written. In reality as the chip is read leaving the store it's supposed to be given a kill command anyway that permenantly deactivates it.
questions?
 
You must log in or register to reply here.

Back
Top Bottom