RFID: more privacy invisibly sucked out of you without your knowledge or consent

(Why would you want to make
this larger and clearer?)

Amal has two RFID implants, one in each hand. His left hand contains a 3mm by 13mm EM4102 glass RFID tag that was implanted by a cosmetic surgeon using a scalpel to make a very small cut, into which the implant was placed. His right hand contains a 2mm by 12mm Philips HITAG 2048 S implant with crypto-security features and 255 bytes of read/write memory storage space. It was implanted by a family doctor using an Avid injector kit like the ones used on pets. He can access his front door, car door, and log into his computer using his implants, and has written a book called RFID Toys, which details how to build these and other RFID enabled projects.

-- from Amal's RFID Implant Page.

IF YOU THINK THIS DEWD IS JIVING YOU, go HERE, and see an X-Ray of his hands.

~ ~ ~

I like Amal Graafstra! He's a hobbyist who goes That Extra Kilometer. His hobby is messing around with a new gizmo called RFID -- Radio Frequency Identification Tags. As you can read below, you can do a lot with RFID.

But Amal wanted MORE! So he got a cosmetic surgeon to surgically implant two RFID tags, one in each hand. This is the surgical scar on Amal's left hand healing (nicely, we hope). Now the lock on Amal's car door opens automatically whenever Amal comes near his car. And other nifty tricks that happen when the Invisible Radio Electronic Digital Infrastructure detects the RFID chips inside Amal.

Also, if Amal ever forgets his name and address, just take him to any veterinarian or Homeland Security office or maybe a Wal-Mart, and they'll scan him and send him home.

Uhhh ... and also Amal seems to have talked someone named JENNY into getting an RFID implant. I think I like Jenny, too. Amal and Jenny are The Future.

And now, back to the rest of us ordinary schmucks who are just the ignorant victims of the new RFID technology.

Ignorant ... but we don't have to be.

And defenseless ... maybe we don't have to be defenseless, either.

This just cameth to me in an e-mail and purports to be originally from Scientific American magazine. It smells authentic, I'm just too lazy to track it back to its True Roots.

Perhaps you've never heard of Adi Shamir. Shame on you. Unless you live in the mountain wilderness of Idaho or the rain forest of Costa Rica and have gone Off The Grid -- no phone, no cell phone, no electric power, no food that you don't grow or kill yourself with your crossbow or compound bow, no municipal water or sewer -- Adi Shamir is one of the pivotal figures who have changed your life On The Grid in the last couple of decades.

Vleeptron will have more to say about Adi Shamir when we get back to the PizzaQ:

(2^67) - 1

Is it a Prime? Or is it Not Prime?
And if it's Not Prime,
what smaller integer divides into it evenly?

... which most of you seem to think is boring or unimportant.

Trust me: It's not boring and it's not unimportant. You'll find out just how important it is when you buy a DVD of Disney's "The Love Bug" over the Internet, and the next thing you know, your Visa card has been charged $12,288.19 and a whole bunch of weird drugs have been shipped to a postal box in Estonia. You'll spend the next year fighting to remove the charges from your Visa, and you won't even get to do the drugs.

But this is what Adi Shamir is up to this week. Or so says Scientific American. Or so says an e-mailer pretending that this is from Scientific American. What is Truth?

=====================

-------- Original Message --------
Subject: [rcnewschat] How to kill RFID tags!
Date: Fri, 14 Apr 2006 18:27:31 -0700 (PDT)

How to Kill RFID Tags
with a Cell Phone

- Scientific American

Radio frequency identification (RFID) tags -- tiny wireless circuits that derive their power from radio waves and cost just pennies to make -- have quickly found their way into identification badges, shipping containers, even ordinary store products.

Because, unlike barcodes, the tags can be read surreptitiously, a number of groups have raised privacy concerns. To address these concerns, leading RFID makers have created so-called "Gen 2" chips that will divulge their data only after a reader transmits the correct password. The new chips can also be triggered by a different password to silently self-destruct, for example as a customer leaves a store.

Encryption protects the password transmission. But renowned cryptographer Adi Shamir of Weizmann University claims to have found a way to bypass the encryption scheme and obtain the self-destruct password using technology no more sophisticated than that in a common cell phone.

Shamir announced the discovery this morning at the 2006 RSA Conference, a large computer security meeting opening today in San Jose, Calif. ["Silicon Valley"]

"Everyone expects that there will soon be billions of these tags in circulation," Shamir noted. "We bought one of the major-brand RFID tags and tried to break into it by power analysis," he said.

RFID tags have no battery or internal power source; they obtain the energy they need to operate by sucking it out of the radio signals they absorb. But in doing so, every computation of the RFID circuit modifes the radio environment. Shamir and his coworkers used a simple directional antenna to monitor the power consumption of an RFID tag as they transmitted correct and incorrect passwords to the device slowly, one bit at a time.

"We could easily notice a power spike after the first bit that the chip didn't like," Shamir recalls. By starting over and modifying the offensive bit, the researchers were able to derive quickly the kill password for the tag.

"We believe that a cell phone has all the ingredients needed to detect these passwords and disable all the RFIDs in the area," Shamir says.

If confirmed by others, the flaw would raise serious questions about the suitability of current RFIDs for use in theft prevention, employee idenfication and other applications.