p2pnet.net News:- RFID (radio-frequency identification) spy chips are hot. Retailers and manufacturers say the tags can be used as security devices to stop theft, as well as for stock inventories and similar purposes.

But civil rights advocates say spy chips can also be used to track and monitor people.

Germany’s Lukas Grunwald and Boris Wolf have, however, devised and developed RFDump to detect RFID-Tags and show their meta information: Tag ID, Tag Type, manufacturer etc.

“The user data memory of a tag can be displayed and modified using either a Hex or an ASCII editor,” says Grunwald on the RFDump site here.

“In addition, the integrated cookie feature demonstrates how easy it is for a company to abuse RFID technology to spy on their customers.”

Are Grunwald and Wolf alarmists?

Activists in Rheinberg, Germany, protested outside the Metro Extra Future Store, the world’s fifth largest retailer and a test site for RFID tracking and other technologies. “Metro failed to notify customers that they were being tracked,” a Wired story said. “Although Metro told activists the chips worked only while customers were inside the store, activists discovered that a kiosk used to deactivate the chips didn’t completely disable the tags.”

Researchers who scammed official badges at theWorld Summit on the Information Society were shocked to find badges given to dignitaries including presidents and prime ministers were riffed.

RFID is set to replace bar codes, courtesy of VeriSign, with all that implies. IBM and Philips plan to work together in RFID. Kids at a school in Japan will be riffed and Microsoft is preparing to get into RFID in the first half of 2005.

And there are other considerations.

Spy chips are systems, systems can be hacked and, “as the technology is adopted more widely a thief could conceivably mark down the price of an expensive piece of jewelry before paying for it at an automated checkout counter, underage hackers could purchase alcohol or adult movies, and pranksters could simply reprogram the inventory of an entire store by just walking up and down the isles,” suggests simoniker on /. here. ‘

RFDump works with the ACG Multi-Tag Reader or similar card reader hardware and comes as a:

• Java application for Windows and Linux with an intuitive GUI
• Gtk application for Linux with a GUI similar to the Java implementation (NEW!)
• Rudimentary Perl script for Linux (PC or PDA) with a console-based interface

What’s next?

• ANSI C / GTK port of Java Application
• Support for additional protocols and reader hardware (e.g. 125 KHz Reader)
• Brute-Force TAG-Password Cracker
• Build-environment / CVS
• Documentation

If you’re interested in helping on the project, contact Grunwald and Wolf here, or go here.

This entry was posted on Thursday, July 29th, 2004 at 4:52 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3981 times