Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
This forum is in permanent archive mode. Our new active community can be found here.
GeekNights 080421 - RFID Security and Privacy
Tonight on GeekNights, we consider security and privacy in an RFID world. In the news, ABC fails to hold back the tide of timely commentary, and the Patent Office may well have noticed the issues with recent patents.
Scott's Thing - ACT I, SCENE 2
Rym's Thing - Never give up
Scott's Thing - ACT I, SCENE 2
Rym's Thing - Never give up
Comments
lol
Since the non-credit card RFIDs have no useful information in them, they are useless without the database. Also, even if I have the number and the database, how do I know that RFID isn't actually meant to be used with a different database than the one I have? What if someone's front door happens to use the same number as a UPC for underwear?
If you get credit cards, you can go out and start buying things in places that have the RFID credit card scanners, or maybe on the web. However, you will be easily caught by the existing fraud protection mechanisms.
I think though that the initial phase of the patent from the design patent to the production of the invention needs to be more then 2 years, maybe 3 years at least. This is because a company who might produce it for you, or want to buy the patent outright might wait out the patent if the time is too short. Which would force inventors to possible sell their patents for less then they are worth, or possibly lose them before they were able to do something with them. So there needs to be a balance where the inventor isn't given too much time where they could just sit on it and do nothing, and not enough time where it is detrimental to the patent holder.
Also it took me about half through the first scene of Scott's thing of the day, but it was epic.
@Bronzdragon
Do you know where it's from?
What gives?
This is assuming I eventually have children.
If all your access controls are RFID reliant, then stealing someone's identity is as easy as bumping into them on the street. If I copy all your RFIDs then as far as any RFID system is concerned, I'm you!
Sorry to be the RFID troll, but I feel like people are posing straw man arguments.
I know that you can go a LOT higher than that though - all the local Chapters use paper-thin RFID tags for shoplift security. Each tag in each book must be unique - if you buy a book and throw its tag through the sensor, the alarm stays silent. Throw a tag from a different copy of the same book, and the alarm rings.
Also, say with Serialized Global Trade Item Number (SGTIN) coding scheme of Electric Product Code RFID tags, the tags are serialized so that if Rym's tags are positively identified at one point they can be verified with some certainty at another point. Although, I have to agree that if you are in that situation you have much larger problems. Standardized coding schemes. With regards to credit card security, if it's a mag strip you can make sure that it's swiped in front of you. Unless the cashier has a super-duper memory, he/she probably won't remember your number. Credit cards would probably be some kind of semi-passive RFID. Although, if the protocol was broken, a cashier could theoretically have a little device secretly placed that would record the entire transaction. Also I understand that someone could do the same thing with magstripe readers, but it would probably take a bit more ingenuity, and would be specific to the reader.
My school has a semi-passive RFID payment system. It involves some sort of encryption that I never bothered to investigate.
I wouldn't say I'm paranoid of RFID. It's more general wariness before widespread adoption. I also agree that there are some mad cool things you can do with it.
RFID Blocking Wallet and Passport Billfold
EDIT: Apparently, I'm wrong. Wired says that American Express is using fully passive RFID with some encryption.