Posted on 03/15/2006 9:23:38 AM PST by Ramius
Sounds more like spoofing than a virus.
LOL...
That'll get that tracking chip outta yer head. Fer sure...
My alarmism is meant to help keep it from happening. ;^)
Seriously, I have no problem with RFID in a wide variety of uses, so long as those uses are limited in such a way that the type of things that I listed above cannot be done.
For tracking inventory, by example, it seems great.
Not if the database is compromised. That's the rub. Better security is not just matching a biometric key (fingerprint) to a match in a database, but a three-way match including a physical token, like a smart card.
I'll stipulate that nothing can likely ever be perfect, but the threshold can at least be raised enough to stop the amateurs. Indeed, that's all any security system hopes to achieve.
Keys and locks can be defeated, but we still use them.
I'm with you on that. An awful lot of technical, power and cost problems have to be solved before any of the tinfoil stuff could become reality tho'. RFID tags, especially implantable ones just can't put out much power and thus can't be read over any distance. I have a card that gets me access into my work building. I have to hold it within an inch of the reader for it to be recognized. Better RFID/reader combos can go out 15 feet or so, but they cost a lot more. Think about how many of those readers you would have to have installed to secure the perimeter of a large building, much less the interior. Then you have to process all the info from all the readers, etc. And that's just one building.
I don't think we're in any disagreement so far as that goes. My attitude toward RFID is that there's nothing I can think of that could be done with it in terms of ID that cannot be done more securely by other methods. About the only thing perhaps would be implants for people at very high risk of debilitating medical complications. I have no problem with that (so long as it's voluntary).
This is about sending an exploit as that string to compromise the back-end systems that receive the stream. The compromised systems then are programmed to reload any other RFID chips with the virus.
Those who concieved RFID relied on the fact that available memory on an RFID chip is "too small" to contain a virus. They've gotten lazy with modern programming. They forget that IBM's first big computer only had 9 KB of memory (in current terms), and it ran some pretty powerful programs.
The idiot in charge is one of the most respected computer researchers in the world.
DHS has two options for licenses:magnetic stripes or two-dimensional bar codes; or contactless integrated circuits such as radio frequency identification (RFID) chips.
SNIP-----
Even more troubling than the financial cost is the potential invasion of privacy. RFID chips have the memory to store every detail about a person, including health records, family history and bank and credit card transactions. RFID chips can also be remotely accessed by a hand-held scanner, raising the risk of identity theft.
And the other thing that I would point out is that RFID may very well, and quite probably will, be succeeded by technology even better suited to those purposes. So, since the moment is essentially upon us, I say let's not wait until the frog's too boiled to hop! :)
Those are smart cards, not RFID in the traditional sense.
I carry both smart cards and RFID cards. (NOTE: If you are going thru airport screening, make sure your smart cards are not in your wallet)
Roger that.
I guess my take on the RFID fracas is that they're just not likely to prove all that useful for the various nefarious purposes people (reasonably) might fear.
At the same time they're already proving to be very useful for things like inventory management and warehousing.
If comes down to the government wanting to track our whereabouts... they'll come up with something else, and we won't know its happening anyway. Like facial recognition on cameras. :-)
Something I've never quite been able to reconcile, is this whole idea of "tracking people". Say they really wanted to and could pull it off... OK... now what? Of what use is such a preposterously large and constantly changing barrage of information? I mean... to talk about drinking from a firehose is to wildly understate it. And for what? The FBI is already pretty successful at finding people they want to find, and the few people who do manage to evade capture are statistically insignificant numbers out of the whole population. They'd probably lose more people in database noise anyway, especially once people catch on to how its done.
People who aren't hiding aren't interesting and there's no point in tracking them, and people who are hiding will still evade any attempt to do so. I just don't see the point. Such enormous resources would be better spent elsewhere, even for an evil totalitarian despot. IMHO.
yep: reject RFID entirely.
Well, with the regard to tracking of its own accord the concerns are always twofold: (a) if a government chose to target dissident groups, or to prevent dissident movements, tracking would be of enormous assistance; and (b) unwarranted access to such database information by either internal or external renegades (of many forms).
And, speaking very generally, the greater concern is not so much a calculated intentional tracking apparatus, but rather the merger of tangential technologies into the equivalent. As you deftly point out, that is here in many ways, but bear in mind that one of the reasons why the FBI can so easily locate or track people is because much more so than not Americans trust their government not to persecute them without legitimate cause. If a totalitarian government suddenly came in its place, then you would have a much more extensive industry of efforts to evade them.
In any case, if you required something like RFID for, say, transactions, travel on the freeways, entering work and home, etc then you would have an instant tracking mechanism, even though it weren't explicitly intended for that. And the first step towards controlling people is locating them..
More importantly, bear in mind that the precise reason why our government does not exercise total command and control is not because of its benevolence, but because of the eternal vigilance of the people. Short of that, a government will inherently expand its powers until it is all-pervasive.
And I actually worked in the Eastern Bloc for a time and there's no doubt in my mind that if they could've had a database that tracked everyone's whereabouts they would've had it.
"Did you know that if you aren't careful you can pick up a product with and RFID tag, and when you get home and go to sleep, it will wake itself up, reformat your hard drive, download homoerotic pornography, impregnate your teenage daughter, rape your dog, and steal you car and drive it away?"
It's all true; I know because I read it on the internet....
< /Luddite mode>
LOL! I am the strongest anti-RFID voice in this thread and I am about the furthest thing from a Luddite that you will ever find. It's not the machines I distrust. It's the people using them..
Gee, I thought RFID tech. uses 'Read Only Memory (ROM) where it transmits that data back to the requested device after a code is authenticated? Once a RFID chip has a burned in program along with its data, it cannot be reprogrammed.
After thinking about it for a bit, sounds even more dangerous.
It's easy to get an RFID emulator and hook it up to a laptop with loads of storage. I could just walk into Wal-Mart, trigger a sequence of rapid-fire RFID SQL injection scripts, and have the inventory control dump everything it knows to my laptop in RFID reprogramming bursts. Even more lucrative if the inventory system is connected to the payroll system.
Better, walk into a drivers license issuance facility where licenses are RFID and get everything about everyone using the same method. Maybe reprogram it to invalidate the licenses of everyone who walks in and put a virus on them, then pass the virus to everything that reads the license. Hell, you could reprogram your local liquor store to give an age of 21 for every license.
It won't work if the back-end and middleware is locked down tightly as it should always be, but it's disastrous if they were developed excluding RFID as an attack vector -- and I'll bet anyone that there are systems out there designed like that.
Agreed. RFID is the mark of the beast, which is very probably the precursor to the REAL Mark of the Beast.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.