Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

RFID Hack Tool Released at Blackhat

From: David Farber <dave () farber net>
Date: Mon, 02 Aug 2004 18:48:55 -0400
So what took so long. It seemed to me that such gadgets and more interesting ones are easy to build djf 


Begin forwarded message:

From: Ridgely Evers <revers () evers org>
Date: August 2, 2004 6:31:58 PM EDT
To: Dave Farber <dave () farber net>
Subject: RFID Hack Tool Released at Blackhat

Dave,

For IP, if you wish.

--Ridge



RFID Hack Could Allow Retail Fraud
By Mark Hachman
July 29, 2004
LAS VEGAS-A German consultant has released a tool that its creator says will 
allow modifications of the code stored within RFID tags, theoretically
allowing consumers to wreak havoc in future retail deployments.
The RFDump software allows a user equipped with an RFID reader, a laptop or PDA, and a power supply to rewrite the data stored in ISO 15693 tags, the most common tags used to host the EPC (Electronic Product Code) information 
traditionally stored in bar codes.

Although each RFID tag carries with it a unique product ID, the EPC is
stored in the "user area" portion of the chip, which allows it to be
rewritten. That poses problems to both consumers and retailers, RFDump's
author, Lukas Grunwald, a senior consultant with Hildesheim, Germany-based 
DN-Systems Enterprise Solutions GmbH, said: On one hand, consumers could
defraud a retailer by reprogramming a premium item as a cheap commodity. On 
the other hand, consumers would have to worry about the items in their
shopping carts being read by "Big Brother," or at least the many retailers 
in a shopping mall.

The tool was released as part of a talk at the Black Hat Briefings here,
dedicated to IT security.

And there's an even worse scenario: "It is only a matter of time before
someone puts a root exploit on one of these tags and hacks into your supply 
chain," Grunwald said.


Full text: http://www.eweek.com/article2/0,1759,1628696,00.asp

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: