jimnms
08-01-2004, 06:59 PM
Hopefully this will be just the thing to stop RFID. I've seen articles already where hospitals are planning to make employees and patiens have an RFID tag implanted in them, and some corporations too to allow and restrict access to certain areas.
NEW YORK - Of all the things that radio frequency identification technology was supposed to do for retailers--simplifying inventory management and supply chain issues, for instance--creating a new type of theft wasn't one of them. But that is exactly what could happen, and a German information security consultant can prove it. Consider the following scenario.
A would-be scofflaw heads into a grocery store where all the products have RFID tags on them. Rather than paying $7 for a bottle of shampoo, he'd rather pay $3. To make that happen, he whips out a PDA equipped with an RFID reader and scans the tag on the shampoo. He replaces that information with data from the tag on a $3 carton of milk and uploads it to the shampoo bottle tag. When he reaches the check-out stand--which just happens to be automated--he gets charged $3 instead of $7, with the store's computer systems none the wiser.
Lukas Grunwald, the German consultant, says this is not only possible, he's done it. That is, he's changed the information on the RFID tag. He didn't actually steal anything. To prove his point and let others learn about RFID tag security, he's created a free software program called RFDump that is the result of a few years of research into RFID. He presented his findings and announced the release of the software at the Black Hat Security Briefings conference in Las Vegas today.
Full Story (http://www.forbes.com/home/commerce/2004/07/29/cx_ah_0729rfid.html)
_____
Learn from the mistakes of others, you won't live long enough to make all of them yourself.
NEW YORK - Of all the things that radio frequency identification technology was supposed to do for retailers--simplifying inventory management and supply chain issues, for instance--creating a new type of theft wasn't one of them. But that is exactly what could happen, and a German information security consultant can prove it. Consider the following scenario.
A would-be scofflaw heads into a grocery store where all the products have RFID tags on them. Rather than paying $7 for a bottle of shampoo, he'd rather pay $3. To make that happen, he whips out a PDA equipped with an RFID reader and scans the tag on the shampoo. He replaces that information with data from the tag on a $3 carton of milk and uploads it to the shampoo bottle tag. When he reaches the check-out stand--which just happens to be automated--he gets charged $3 instead of $7, with the store's computer systems none the wiser.
Lukas Grunwald, the German consultant, says this is not only possible, he's done it. That is, he's changed the information on the RFID tag. He didn't actually steal anything. To prove his point and let others learn about RFID tag security, he's created a free software program called RFDump that is the result of a few years of research into RFID. He presented his findings and announced the release of the software at the Black Hat Security Briefings conference in Las Vegas today.
Full Story (http://www.forbes.com/home/commerce/2004/07/29/cx_ah_0729rfid.html)
_____
Learn from the mistakes of others, you won't live long enough to make all of them yourself.