Stop the presses!

admin — Sun, 13 Jul 2008 21:00:41 +0000

In general, when people try to use the legal system to prevent free speech, they fail.

MiFare RFID cracked

admin — Wed, 25 Jun 2008 16:00:41 +0000

I really pity the people who have to design RFID security systems. I don’t mean that condescendingly at all, I really do. They have a system which had no native power source, and has to cost about a dime, and they have to somehow build strong authentication into it. They have to design complex circuitry for minimal cost that runs on almost no power. With that in mind, it’s no wonder there are so many examples of people cracking RFID systems. This is just the newest case.

Researchers of Radboud University in Nijmegen in the Netherlands managed to crack and clone London’s Oyster travel card. They were able to take free rides on the Underground and even perpetrated a DDoS attack on a Tube gate.

In the beginning

admin — Tue, 01 Apr 2008 02:48:54 +0000

I’ve been stalling on kicking off this blog (or re-kicking it off) for a few weeks because I couldn’t decide what topic (and there are several) was the one I wanted to start this blog with. I finally decided that I should start in the same place we all started – as newborn babies.

My wife and I welcomed our first child into the world a few weeks ago. During our hospital stay, we were informed that each baby was equipped with an electronic device which would set off an alarm should the baby be removed from the postpartum floor. If that happened this entire wing of the hospital would be shut down (doors locked, elevators halted), and security would arrive. We were warned about this mostly in the context of a warning not to accidentally wander outside the confines of the postpartum floor, however I wanted to know more. I was informed that they did test the security regularly with drills (imagine that!) and that yes, there was a reason for all this. I of course wanted to test their security myself, but my wife, a woman whose common sense far outstrips my own, prevented me from doing so. (In retrospect, this was probably for the better). I also noted that a small electronic device which looked an awful lot like an RFID device was attached to the baby’s umbilical stump. (Probably smart, because bracelets and ankle bracelets can always be cut or otherwise removed. The umbilical stump cannot be removed without considerably more work).

More research reveals that my experience was not unique, and that the security is not based on fabricated fears. The national center for missing and exploited children reports that there have been 248 infant abductions in the past 25 years, and 121 of them have been from hospitals. While this seems like an extremely low number, (and a surprisingly large number of them are recovered, even before the advent of this technology), I have a feeling that hospitals have found this to be relatively inexpensive given that they probably have most of their infrastructure in place, and the potential loss is incalculable. (Until the lawyers show up that is).

As for the technology, there are evidently two types:

The first is an anti-theft device similar to what clothing stores use. The second, more reliable choice is a radio-frequency transmitter that sends a continuous stream of information to a computer at a nurses station. Once that is removed or cut, an alarm sounds.

(You can bet I like the later system better).

This is apparently also being deployed overseas.

Angels of security » rfid

Stop the presses!

MiFare RFID cracked

In the beginning