Tag Archives: Radio-frequency identification

An End to the Anonymity of Trash?

Britain is quietly introducing RFID (Radio Frequency Identity) tags to rubbish bins (trash cans) in a bid to measure the individual waste of each household and charge them accordingly. Some Britons are up in arms about this, saying that households have not been informed and calling it an abuse of privacy. Is it?

The UK’s Daily Mail reports that some bins, provided by local councils for households to dispose of their trash, contain coin-sized devices that monitor how much non-recyclable waste the owner throws out:

With the bugging technology, the electronic chips are carefully hidden under the moulded front ’lip’ of wheelie bins used by householders for non-recyclable waste. As the bin is raised by the mechanical hoister at the back of the truck, the chip passes across an antenna fitted to the lifting mechanism. That enables the antenna to ’read’ a serial number assigned to each property in the street.

A computer inside the truck weighs the bin as it is raised, subtracts the weight of the bin itself and records the weight of the contents on an electronic data card.

When the truck returns to the depot, all the information collected on the round is transmitted to a hand-held device and downloaded on to the council’s centralised computer. Each household can be billed for the amount of waste collected – even though they have already paid for the services through their council tax.

According to The Mail two German companies manufacture the bins and sensors, Sulo and RFID specialist Deister Electronic.

As with all such things, the story reflects local fears, obsessions and behaviour. First off, drinking: The Mail quotes a local council chairman saying he believed the chips “were simply to ensure bins could be returned to the right addresses if they got mixed up or drunks rolled them off”. Second, avoiding paying: The opposition Conservative party warns that “people will simply start dumping bags in their neighbours’ gardens or at the end of the street to avoid paying”. And then there’s the whole castle thing: a council spokesman in Wiltshire says the chips were “to sort out disputes between householders about whose wheelie bin is whose. If there are any arguments we can just send out an officer to scan the chip and settle the argument.” Oh, and then there’s the whole WWII hang-up: The headline at The Evening Standard’s This is London website is “Germans plant bugs in our wheelie bins”.

Is this something to be worried about? Well, the government, and local councils, haven’t been very smart about installing these tags before explaining their use to the public. But that’s not unusual: A council in Australia did the same thing a few weeks back. What I think is most interesting about this is that coverage of the subject in both countries lacks depth, pandering to the fears of its readers (The Mail may not know better, but The Press Association and The Independent should.) Even basic research would show that this sort of thing is not new, is widely used elsewhere, and has a name: Pay-by-weight.

It seems the same technology is already in use in Ireland and has, according to the company involved, reduced the amount of trash put out for collection by 40%. (There may have been some privacy uproar, but I can’t find any obvious evidence of any.) In Canada the program has been in place since 1994, and as of 1999 more than 1.5 million transponders have been deployed throughout the world, including the U.S., although there have been problems with the technology (this being RFID an’ all.)

That said, just because it’s being used elsewhere doesn’t necessarily make it a good thing. Trash is as much a privacy issue as anything linked to personal property, and the angry response to the news is related to an individual’s desire to keep what they throw out a secret (however illogical this is, given you’re putting it in an unlocked plastic bin in the street for hours, if not days, before it’s picked up.) Further research into what these RFID chips are capable of isn’t particularly reassuring: The SULO device for example (PDF file), can measure exact weight, when the bin is emptied, can report any damage to the bin, and, if linked to other equipment, could also locate where the bin was emptied. Nothing too sinister about this, but it increases the possibility, at least in theory, that an individual’s trash is no longer as anonymous as it was.

Bottom line? I don’t think this is likely, and given the technology has been in active service for more than a decade. But who knows where the technology may go? This is more a story about how RFID — although it’s not really identified in the story as such — scares people when they hear about it because instinctively they recognise its power. No one would disagree with the goal — reducing the amount of non-recyclable waste — but, as with all technologies, Pay by weight has to be handled carefully, its usage and goals explained, and clear and transparent limits to its usage imposed.

RFID — Ready For Imminent Destruction?

RFID (radio frequency ID) tags are soon going to be in everything. But do we really know what we’re letting ourselves in for?

Last month some Dutch researchers said they had created a virus capable of infecting RFID tags, an assertion that was poo-pooed by quite a few security folk. The researchers said the virus could infect back-end systems, making it possible, they said, to a prankster replace an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain’s database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system.

This was all very theoretical, which is a nice way of saying far-fetched and somewhat Bondsian. But now a bunch of Australian researchers, according to Tom Espiner of ZDNet UK, has “proven that effective attacks can be launched against RFID tags.” Basically, the tags stop functioning after they’re overloaded with data.

In the tests, the Australian researchers saturated the frequency range used by the tags, which prevented the tags from talking to the readers. … They demonstrated that from a range of about 3 feet, they could disrupt communications between tags and readers, putting the tag into a “communication fault state.”

This is techie-speak for “broken”.

This is somewhat worrying, because RFID tags are not just used in peanut butter. The military uses them for keeping tag of supplies; hospitals of supplies and patients. That kind of thing. Imagine the chaos if folk found out how to put tags in important installations into “communication fault state”. And, much more importantly, for gambling. A recently approved patent, for example, envisages lottery tickets carrying RFID so they can be validated and tracked. I’d not like to be around if someone found their winning lottery ticket had been converted by a jealous neighbour into a “communication fault state.”

Who knows whether these kind of attacks might find their way out of the lab and into the hands of bad guys? We were probably asking this question of ourselves back when computer viruses were silly little things that threw up messages about freeing hashish from the strictures of law. Now look what viruses are doing. Not much fun, I grant you, but we ignore these warning signs about RFID at our peril. If RFID is going to be in everything, let’s make sure it works. As the Australian researchers themselves conclude:

Vulnerabilities in the newer UHF style of RFID tags have been found and are of concern for anyone trying to implement a RFID system that would have mission critical or human life issues involved in it.

How To Infect An Airport

Could it be possible to use Radio Frequency ID tags, or RFID, to transmit viruses? Some researchers reckon so. Unstrung reports that a paper presented at the Pervasive Computing and Communications Conference in Pisa, Italy, the researchers from Vrije Universiteit in Amsterdam, led by Andrew Tanenbaum, show just how susceptible radio-frequency tags may be to malware. “Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way,” the paper’s authors write. “Unfortunately, they are wrong.”

According to The New Scientist the Vrije Universiteit team found that compact malicious code could be written to RFID tags by replacing a tag’s normal identification code with a carefully written message. This could in turn exploit bugs in a computer connected to an RFID reader. This made it possible, the magazine says, to spread a self-replicating computer worm capable of infecting other compatible, and rewritable, RFID tags.

An RFID tag is small — roughly the size of a grain of rice, the New Scientist says, and contains a tiny chip and radio transmitter capable of sending a unique identification code over a short distance to a receiver and a connected computer. They are widely used in supermarkets, warehouses, pet tracking and toll collection. But it’s still in the early stages of development. Which leaves it vulnerable. Until now, however, it was thought the small internal memory would make it impossible to infect. Not so, say the researchers.

So what would happen, exactly? RFID virus would then find its way into the backend databases used by the RFID software. The paper, Unstrung says, outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain’s database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

So how likely is this? Not very, Unstrung quotes Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries, as saying. “If you’re looking at an airport baggage system, for instance, you have to know what sort of tag’s being used, the structure of the data being collected, and what the scanners are set up to gather,” he explains. Red Herring quotes Kevin Ashton, vice president of marketing for ThingMagic, a Cambridge, Massachusetts-based designer of reading devices for RFID systems, as saying the paper was highly theoretical and the theoretical RFID viruses could be damaging only to an “incredibly badly designed system.” Hey, that sounds a bit like a PC.

But he does make a good point: because RFID systems are custom designed, a hacker would have to know a lot about the system to be able to infect it. But that doesn’t mean it can’t be done, and it doesn’t mean it won’t get easier to infect. As RFID becomes more widespread, off-the-shelf solutions are going to become more common. And besides, what will stop a disgruntled worker from infecting a system he is using? Or an attacker obtaining some tags and stealing a reader, say, and then reverse engineering the RFID target?

My instinct would be to take these guys seriously. As with Bluetooth security issues such as Bluesnarfing, the tendency is for the industry itself not to take security seriously until someone smarter than them comes along and shows them why they should do.

Cracking RFID With Your Phone

RFID tags and their security implications are returning to centre stage again. Adi Shamir, professor of computer science at the Weizmann Institute, has shown that it’s possible to crack passwords on RFID tags using a cellphone. In theory this could mean anyone with a cellphone could monitor traffic between a tag and a reader and collect the information being transmitted. As EE Times’ Rick Merritt writes (via Digg)

“I haven’t tested all RFID tags, but we did test the biggest brand and it is totally unprotected,” Shamir said. Using this approach, “a cellphone has all the ingredients you need to conduct an attack and compromise all the RFID tags in the vicinity,” he added.

Shamir said the pressure to get tags down to five cents each has forced designers to eliminate any security features, a shortcoming that needs to be addressed in next-generation products.

Quite a few of the comments on the Digg link are of the “why should we care?” variety:

I still dont understand what the big fuss is about RFID security. I mean who cares if someone knows that you just bought milk and eggs or that you are carrying around the latest Playboy. What could be tagged with RFID that people would so desperately need to keep private? I think that people are wrapped a little bit tightly around the issue.

This kind of response is infuriating, but predictable, and the reason why there’s still a huge gulf between the value we attach to our personal data and the value companies in the world of data collection attach to it. It is precisely the detail of our lives that is valuable to others; this detail — whether we bought milk, eggs or Playboy — comes together to form a very detailed profile of the consumer. The consumer is also a bank account holder, a patient, a credit card applicant, a driver, an employee. When all this information gathered on the individual is collated, it forms an alarmingly precise picture of their habits, their problems, their foibles — do you want a potential employer to know you read Playboy?, a life insurer to know you consume lots of fatty foods? — which might, just might, in the future prove the difference between a job, a loan, a credit card, a house.

The Demise of the Handheld Interface

Am I the only person depressed by the idea that Treos are now going to be Windows Mobile-powered? (It remains to be seen whether there’ll be Palm versions too; it would make sense, at least for a while.)

First off, feel sorry for all the third party developers who came up with great Palm software over the years. Mourn the small file sizes. Mourn the simple interface.

For sure, Palm and the OS had their weaknesses. They never seemed to really improve on the software that was in the Palm IIIs except add some colour. They missed more opportunities than your average Premier League club. And my Treeo 650 still crashes on a regular basis. But Windows? Why has nobody ever questioned the wisdom of mimicking a Windows environment and GUI on a screen the size of a cigarette box? The whole idea of Windows is to have lots of programs open that you can see on your screen and move stuff between. When did anybody ever do that on a Pocket PC?

I hate everything about Pocket PC Windows. I really do. There’s no style, no grace to it. Too many unnecessary lines. Big clunky scroll bars. Silly start menus that are at the bottom or top of screens, making for awkward stylus (or finger nail gestures.) Why is the only serious innovation in this field done by outsiders such as the great University of Maryland-developed Datelens? And what’s so Windowsy about Pocket PC Windows anyway? Why, for example, has Microsoft (nor Palm, for this matter) not figured out how to throw up status messages that don’t take up the whole screen?

Sorry, I’m cranky today. But while I long ago lost hope in Palm turning its software into more than a colour version of its mid 1990s original, I have never been a convert to Windows on a handheld. Is there no vision out there about how we use our portable devices that isn’t just an ugly, stripped down and clunky version of what we have to put up with on our desktop? Why haven’t these wonderfully simple new ideas about interfaces from, say, 37signals spread to the handheld? Or is the future Apple shaped and we haven’t seen it yet?

Media Coverage As Sparklines

Here’s another effort to use sparklines to try to illustrate some of the trends I wrote about in today’s Asian Wall Street Journal/WSJ.com column (subscription only; apologies). I’ve used another excellent tool called SparkMaker, a Word plugin by Bissantz to try to show how the mainstream print media has covered some technology issues since the early 1980s (these charts cover 1984–2004 because the numbers prior to then are too small to be useful.) I’d be grateful for any thoughts you may have, on either the sparklines or what the data may say to you. Of course, it might say nothing at all….

Here’s the first one: media mentions of certain terms in order of the year the term was most often used (they’re done as screenshots, apologies for the low quality):

Spark year

‘Information superhighway’ as a term reached a peak in its first big year of usage, and then fell off rapidly. Electronic mail wasn’t ever as popular and is still in use (who still says that rather than e-mail?) Cyberspace had its heyday in 2000, as did MP3, surprisingly. Notice how SMS never really got that much coverage, I guess perhaps because Factiva is so slanted towards North America. Spam is a big topic, as is VoIP. The bars are too small to show it but Blogging has been covered since the early 1990s, albeit in small numbers. Wi-Fi and RFID, too, are now major topics. Bluetooth has never quite captured the same attention.

Here’s another way of looking at the same data, sorted by the largest total coverage in a single year:

Spark popular

Allowing for distortions caused by the growth of media outlets, VoIP has in one year outdone all others. Wi-Fi too, seems to be catching attention.

Do Passports Plus RFID Tags Make Us Walking Targets?

RFID tags? Sinister chip or harmless piece of plastic and wire?

I’ve been on the side of the former for some time, but in the face of some objection from readers. A listener to a piece I did on the BBC World Service a few weeks back about the danger that RFID tags would give up too much information to anyone interested — shops, sleazeballs, governments, terrorists — wrote in to say:

Your correspondent seemed in danger of propagating the fiction that RFID tags can be read from a distance.

A RFID tag contains no power source. The read head, the device that interrogates the tag, actually transmits power to it to enable it in turn to transmit the information it contains. With most tags the range over which this will work is much less than a metre – in general the smaller the tag the smaller the range.

In other words when I am walking down the street it will not be possible for MI5 to determine where or when I bought the tagged pack of tomatoes I am carrying…

This prompted me to do a bit more digging, and I concluded thus in a reply I prepared at the time:

  • First off, distance is not really the issue. The reader, the machine that reads the RFID tag, could be placed anywhere — at entrances to shops, buildings, carparks, subways — to pick up information on those tags. The reader, therefore would simply pick up the information as a person passes it. In short, it’s not necessarily a question of whether MI5 is remotely trying to figure out the origin of your tomatoes from a rooftop, but that sensors placed around cities, installed for commercial, retail or government use, could easily gather this information without your knowledge.
  • Secondly, while it’s true that until recently RFID tags may only be readable by a normal reader within a few feet, many tags now can be read from further away. Others are already being developed that would be read over longer distances: Japanese manufacturer Toppan, for example, has just created an RFID chip that can be read 5 metres away. That’s across the room or street.
  • Thirdly, while it’s true that most RFID tags are passive (without a battery) some are active (with a battery inside) meaning that they can be read over much longer distances — between 100 and 300 ft (up to 100 metres) at present, I believe.
  • Fourthly, it’s quite possible to incorporate a reader with a high-gain antenna, in which case tags can be read at much greater distances; in some extreme cases, according to the online encyclopedia Wikipedia, up to several kilometres away.

Some of these items may not be commercially available yet, but it’s shortsighted to suggest that RFID technology is not improving so quickly that it will not reach the point where it becomes an important social issue, including MI5’s ability to gain access to your tomatoes.

Still, there’s clearly a lot of debate about this, and I was speaking to some RFID folk in Australia who say the security concerns are too far down the track to worry about, since RFID is still too young a technology to be really deployable. Reading a tag is still too tricky, apparently, for it to work properly in a commercial setting.

With all this in mind, it’s interesting to read Bruce Schneier in today’s IHT warning in no uncertain terms of the dangers inherent in the U.S. demand that countries issue passports with RFID tags in them. He points out the absurdity of arguing that RFID tags can only be read from a few centimetres away:

Proponents of the system claim that the chips can be read only from within a distance of a few centimeters, so there is no potential for abuse. This is a spectacularly naïve claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.

Bruce’s point is that this means the passports can be read by anyone who gets even vaguely close, leaving the holder vulnerable to anyone with an interest: “It means that pickpockets, kidnappers and terrorists can easily – and surreptitiously – pick Americans or nationals of other participating countries out of a crowd.”

His conclusion is unusually forthright:

The [Bush] administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can’t be done.

Normally I am very careful before I ascribe such sinister motives to a government agency. Incompetence is the norm, and malevolence is much rarer. But this seems like a clear case of the Bush administration putting its own interests above the security and privacy of its citizens, and then lying about it.

I have no idea whether that bit about the Bush administration is true or not. It’s scary if it is, because it indicates that RFID is just the kind of technology we should be worried about. But for present purposes it doesn’t matter much: What matters is that we establish whether or not it’s possible to ‘snarf’ data from RFID tags in the same way Bluetooth experts have successfully showed the inherent dangers in Bluetooth-enabled phones. If someone can show that grabbing data from RFID tags at a reasonable distance is not just an academic exercise, maybe voices like Bruce’s will be heard in time to do something about it, whether it’s someone knowing my shoe size or my nationality.

RFIDs And Shoplifters

Could RFID tags be used by shoplifters?

Robert Lemos of CNET’s News.com writes from Las Vegas that a German technology consultant believes the Radio Frequency Identification tags “could be abused by hackers and tech-savvy shoplifters”. He quotes Lukas Grunwald, a senior consultant with DN-Systems Enterprise Internet Solutions GmbH, as telling a discussion at the Black Hat Security Briefings that thieves could fool merchants by changing the identity of goods, he said.In time-honored fashion, Grunwald had the tools to prove it, unveiling during the session “a new software tool that he helped create that can be used to read and reprogram radio tags”.

The basic idea, it seems, is that such software — called RFDump, or sometimes RF-Dump — could be used on a PDA or laptop to mark expensive goods as cheaper items, allow underage folk to bypass age restrictions on alcoholic drinks and adult movies or create confusion in shops by randomly swapping tags.

How much of a threat is this to RFID? On first flush it sounds major. But I suspect that if it is going to be an issue it’s going to be more closely related to security than shoplifting. How many doors are already being opened by RFID? How many security passes are RFID? Luggage tags in airports? Of course these are probably encrypted but could these be reprogrammed?

A Dream Of Intelligent Luggage Tags

Something I’ve long dreamt of: An intelligent luggage tag.

Here’s a concept for a Bluetooth luggage tag that lights up when it’s in range of your Bluetooth gadget, helping you to identify it on the carousel. The Bluebird tag would contain additional information, so should it go astray the luggage could be returned to you. You could have separate tags for each item. (Found on blueserker.)

Now I don’t want to rain on anyone’s parade, not least because the Bluebird design looks so good. But others may have been here first: Samonsite unveiled a Bluetooth suitcase two years back which supposedly contains information for tracking and identifying luggae. Admittedly since then not much has happened: It’s not even clear whether the cases were ever sold. Three years ago Red-M said it was teaming up with Denmark’s BlueTags to use Bluetooth to help manage and track luggage and to help find it when necessary. I can’t find any subsequent mention of this, although BlueTags are now being used to track children at a Danish zoo, which is pretty much the same thing.

I like the Bluebird idea, but I’m not sure it would work. As soon as more than one person at the carousel has these devices, they become less useful, unless there’s some way of uniquely identifying each piece of luggage. Otherwise all you’ve got are lots of bits of flashing luggage going around the carousel. (One way around this would be for your PDA to tell you how far away your luggage is on the conveyor. But somehow that seems to have crossed some sort of nerd acceptability line.)

The other thing is that every Bluetooth device transmits a signal (unlike RFID, for example, which has a passive and an active element. The RFID tag doesn’t transmit, it only receives; it’s the scanner that transmits). So would lots of bits of Bluetooth luggage in the airplane hold be beaming confusing signals that interfere with the navigation system?

To me the biggest headache that could use a technology like this is reassuring the passenger. Using RFID or some similar technology on luggage would allow both the airline to check it has all its luggage aboard, but also the cabin crew to confirm for the passenger that their luggage is safely stowed. Airlines could even allow passengers to check for themselves, perhaps via the inflight display (key in their luggage number via a touchscreen, activating an RFID scanner in the hold to look for the item.)

Indeed, Delta Airlines this month said they were doing something like that. On July 1 it said it would use RFID to track luggage through its U.S. network. And Hong Kong’s airport last month said it was going to use RFID to track luggage going through the airport. But I can’t see airlines allowing passengers to do the monitoring, for the simple reason that if the scanner doesn’t find the luggage — either because it’s not aboard or the technology doesn’t work properly — you’re going to have a lot of very unhappy passengers insisting the plane turn around and go back to the gate. Things could get ugly.

Are Privacy Fears About RFID Tags Just Hype?

Reports that delegates to the World Summit on the Information Society conference in Geneva were unwittingly wearing RFID tags which could have tracked their movements, attendance at meetings or seminars, visits to the john etc etc has raised some debate about RFID (Radio Frequency ID), privacy, security and the rights of the individual to know what the tag around their neck actually tells people about them.

My posting, which didn’t actually make any specific comment about the news, prompted this from Mike Rowehl of Bitsplitter who says, among other things, that “sure, there are plenty of issues to be worked through with RFID, but it’s hardly the boogeyman that everyone makes it out to be. A cell phone can just as easily (and in the future, more easily most likely) be used to determine a users location”.

Actually, Mike, I’m not sure that’s right. Cellphones work in large areas, and can narrow the location of a phone (and its user) down to quite a small area, but RFID works in small, enclosed areas. As one of the delegates, Olivier Piou of Axalto told the conference last Friday:

Wireless technologies also present a similar threat to privacy: while it is relatively easy to turn off a cellular phone (because all of them have an ON/OFF button!), radio-frequency identification systems – also known as RFID or contactless systems – are activated from a distance. It becomes so very easy to install a reading antenna, in the subway or in any place like in this conference room, to detect who is there without awareness and consent.

Numerous books and movies have predicted that our civil society would not be wise enough to protect its basic universal human rights in this digital age. However, the more we have powerful tools available to us, the more we have the duty to use them for the best of humanity. This is why I wanted to raise your awareness today.

This is why also, we at Axalto believe that it is essential that digital identity be designed to ensure trust and confidence in modern digital systems, and that it be combined with conventional physical identity into a secure portable object that citizens can voluntarily present to be identified, to authorities in the physical world and to on-line services in the virtual world.

That this comes from an industry insider — Axalto is the new name of Schlumberger unit SmartCards, of which Olivier Piou has been president since 1998; he has been in the smart card business since 1994. (Smart cards are microprocessor cards used mainly for ID) — should give some weight to concerns raised by the use of RFID at the summit. That the summit itself, supposedly concerning itself with the information society, should not be more aware of a) the privacy aspects of its tags and b) unable to answer questions raised by privacy advocates, does not inspire confidence.

While I don’t agree with the more outlandish claims that RFID is a new kind of big brother, there’s little doubt in my mind that it’s a technology which needs some serious attention before it can be deployed in public.