Showing posts with label RFID. Show all posts
Showing posts with label RFID. Show all posts

Monday, March 28, 2022

Is My Hotel or Airbnb Bed Bugged?

We get asked this when someone finds a bit of miniature electronics embedded in the sheets or other linens. 

If you are seeing one of these buried in the hem of your linens the answer is no. You can relax.

These are RFID tags. Commercial laundries attach them to linens to keep track of who belongs to what. 

As one supplier explains... "UHF RFID textile laundry tags are designed to optimize industries laundry processes, providing durability and suitability for washing, drying, dry cleaning and ironing. They can be used for many different applications such as laundry application, logistics, anti-counterfeiting, supply chain management control, inventory control, asset tracking, process control..."

If you are concerned about privacy in your rented bedroom learn how to find hidden spy cameras.

Tuesday, October 8, 2019

A Blue Blaze Irregular Asks About RFID Money Detectors

Hi Kevin, 

I would love it if you did a report on the RFID in currency and the "detectors" that are used to identify the exact amount of cash in a car, suitcase, etc. 

For example, a husband and wife were driving with $14,000 cash to buy a car when an automobile from Homeland Security pulled alongside them for a minute to scan their car. When they realized the car had $14,000 in it, they informed the local law enforcement which then proceeded to pull the car over to confiscate the money. Or the sheriff in Northern California who uses a similar "detector" to pull over people who are bringing cash to Nor Cal to buy cannabis during harvest season. From what I've read, wrapping anything that has the RFID in it with aluminum foil or a Faraday cage-like material is enough to block any signals. I think your readers would find this very interesting. 

Thanks Kevin I appreciate it. 

FutureWatch: I looked into it and found some interesting articles. It appears the U.S. Treasury department is looking into it. They currently have a Request for Information (RFI) out to develop this technology. Answers due by January, 24, 2020.

Technical papers on this technology include...
Banknote Validation through an Embedded RFID Chip and an NFC-Enabled Smartphone
A Comparison Survey Study on RFID Based Anti-Counterfeiting Systems
RFID banknotes

Apparently, this technology has been explored since at least 2001. I couldn't find that it has been implemented anywhere... yet. It appears it may be coming, however.

Our BBI is correct. RFID readers can be easily blocked by Faraday Cage techniques.

All this reminds me weapons of war; evolutionary stair-step escalation through the ages.

Double FutureWatch: RFID tracking of currency may become a moot point if governments leap-frog into cryptocurrencies.

Tuesday, January 1, 2019

Happy New Year! It's 1984 ...in 2019

Students at more than 10 schools in Guizhou Province, one of China’s poorest provinces, and the neighboring Guangxi region are now required to wear “intelligent uniforms,” which are embedded with electronic chips that track their movements.

The uniforms allow school officials, teachers, and parents to keep track of the exact times that students leave or enter the school, Lin Zongwu, principal of the No. 11 School of Renhuai in Guizhou Province, told the state-run newspaper Global Times on Dec. 20.

If students skip school without permission, an alarm will be triggered.

If students try to game the system by swapping uniforms, an alarm also will sound, as facial-recognition equipment stationed at the school entrance can match a student’s face with the chip embedded in the uniform. more

FutureWatch: Chips embedded in the students.

Thursday, December 6, 2018

Fob-U-Less Auto Theft on the Rise ...and a solution!

As predicted in 2011, and documented in previous Security Scrapbook posts, it is time to remember where to keep your car key fob overnight... in a closed tin (cost $0.93). ~Kevin

CA - Auto theft on the rise in Toronto area, and a security expert thinks he knows why...
According to Markham automotive security specialist Jeff Bates, owner of Lockdown Security, wireless key fobs have a role to play in many recent car thefts, with thieves intercepting and rerouting their signals — even from inside homes — to open and steal cars.

...many of these thieves are using a method called "relay theft."

Key fobs are constantly broadcasting a signal that communicates with a specific vehicle, he said, and when it comes into a close enough range, the vehicle will open and start.

"The way that the thieves are getting around this is they're essentially amplifying that low power signal coming off of the push start fob," he said.

"They will prey upon the general consensus that most people are leaving their key fobs close to the front door of their home and the vehicle will be in the driveway."

The thief will bring a device close to the home's door, close to where most keys are sitting, to boost the fob's signal.

They leave another device near the vehicle, which receives the signal and opens the car.

Many people don't realize it, Bates said, but the thieves don't need the fob in the car to drive it away. more

Many thanks to our Canadian Blue Blaze Irregular (WM) for this latest alert!

Wednesday, January 20, 2016

Why an RFID-blocking Wallet is Something You Don't Need

via Roger A. Grimes
You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry that doesn't need to exist...

(summary)

First and foremost, does your credit card actually have an RFID transmitter? The vast majority does not. Have you ever been told you can hold up your credit card to a wireless payment terminal, and without inserting your card, pay for something? For most of my friends, and the world in general, the answer is no...

If you look at the number of credit cards with RFID, you can’t even represent it statistically. It’s not 0 percent, but it’s so far below 1 percent that it might as well be 0 percent...

On top of that, most of the world is going to wireless payments using your mobile device...


But did that bad guy ever sit on the corner in the first place? Sure, I’ve seen the demos, but I’ve yet to hear of one criminal who was caught using an RFID sniffer or who admitted to stealing credit card info wirelessly. We know about all sorts of cyber crime. Why not the theft of RFID credit card information if the risk is so high?

Here's why: It would be a lousy use of a criminal mastermind’s time. Today’s smart criminals break into websites and steal hundreds of thousands to tens of millions of credit cards at a time. Why would a criminal go to the effort and expense of stealing credit card info one card at a time when you can steal a million in one shot?  more

Monday, November 18, 2013

Snooping on Credit Cards with Shopping Carts

Researchers at the University of Surrey, UK have successfully used readily available and inexpensive electronic components, combined with a shopping cart antenna, to eavesdrop on NFC and HF RFID contactless communication.

The shopping cart did not perform as well as a small inductive loop antenna (that could be concealed with the electronics in a backpack) but neither are likely to arouse suspicion. 

The researchers say that the eavesdropping distance can be as much as 100cm but is dependant on the strength of the magnetic field generated by the victims device. 

Companies like VISA, Mastercard and Google who have already developed platforms for contactless payments can now add eavesdropping to the existing security threats of skimming and relay attacks. Original paper here (PDF).

Tuesday, April 16, 2013

RFID Tracks Jewelry Popularity

Interesting application of RFID technology.

RFID smart shelves can help retailers analyze market demand. 

Beyond sales reports, retailers want to understand which items had the highest shopper interest. For example, while one jewelry item is picked up 100 times and sold 90 time, another jewelry item is picked up 100 times but only sold 10 times. Retail statistics monitoring shopper behavior cannot be accurately counted by man.

However, the RFID Jewelry Smart Shelf Solution developed by Alpha Solutions enables retailers to clearly see data on which types of jewelry are picked up frequently. From the data obtained, discount promotions and programs can be made for the jewelry types that are having trouble selling.

Wednesday, January 9, 2013

Investigative Journalist Finds Electronic Listening Device in Apartment

Ukraine - Lviv investigative journalist Taras Zozulinsky said he discovered an electronic listening device in his apartment on Jan. 6. He thinks it was planted because of his investigation into whether high-ranking police officers in Lviv Oblast are involved in the illicit drug trade.

"I didn't snitch on you. You snitched me!"
Police say they have launched criminal proceedings regarding intentional obstruction of journalistic activities, but complain that the newspaper is obstructing their work.

Zozulinsky said he did not trust the police, so the newspaper decided to give the device to a reliable and independent expert in Europe.

Zozulinsky said he found the device sewn to the label of a towel on a shelf and made a complaint to police the same day. Police interviewed him and searched the apartment at his request, but did not find any other bugs. (more)

My take... Until further evidence is brought forth, I'm saying he stole that towel from a hotel or a local gym, brought it home, and later discovered it had something extra in it. You can learn all about that something extra here. ~Kevin

Saturday, November 24, 2012

Student Balks at Stalk (Psst. Just make the tags more stylish.)

A court challenge has delayed plans to expel a Texan student for refusing to wear a radio tag that tracked her movements.

Style is everything in high school.*
Religious reasons led Andrea Hernandez to stop wearing the tag that revealed where she was on her school campus.

The tags were introduced to track students and help tighten control of school funding.

A Texan court has granted a restraining order filed by a civil rights group pending a hearing on use of the tags.

ID badges containing radio tags started to be introduced at the start of the 2012 school year to schools run by San Antonio's Northside Independent School District (NISD). The tracking tags gave NISD a better idea of the numbers of students attending classes each day - the daily average of which dictates how much cash it gets from state coffers. (more)


In other tracking news...

Tuesday, June 26, 2012

Interesting: Radar Tracks Your Sleep, Then Wakes You Up

via Robert E. Calem, techlicious.com
...there's a new alarm clock available that was designed to help you avoid sleep inertia by monitoring your sleep cycles—without a wearable sensor—and waking you up only when you're sleeping most lightly. It's called the Renew SleepClock by Gear4 ($199.95 on gear4.com) and combines a motion sensing iOS-device docking station-clock radio with a dedicated app that both wakes you and tracks your sleep habits over time. 

The hardware transmits two channels of 10GHz radio frequency signals in a 45-degree beam. These signals bounce off your body and are received back at the device by a sensor, which then processes them and passes the data to the app. 

The app uses the data to discern your breathing pattern and monitor your movements. Based on these interpretations, the app knows when you've fallen asleep, how long you've slept, when you're sleeping lightly or deeply, and when your sleep has been interrupted (for example, when you get out of bed for a 2 AM bathroom break). 

In the morning, the app uses all the captured data to determine the best time to wake you up within a one-hour time slot that you've preset in one of two built-in alarms. (more)

Thursday, August 25, 2011

Implant GPS Tracking Devices - Mexican Standoff

Mexico - “Unfortunately, it’s been good for business but bad for the country,” said Xega executive Diego Kuri, referring to the kidnappings. “Thirty percent of our clients arrive after someone in their family has already experienced a kidnapping,” added Kuri, interviewed at the company’s heavily fortified offices, opposite a tire shop in this industrial city 120 miles north of Mexico’s capital.

Xega calls it the VIP package. For $2,000 upfront and annual fees of $2,000, the company provides clients with a subdermal radio-frequency identification chip (RFID), essentially a small antenna in a tiny glass tube. The chip, inserted into the fatty tissue of the arm between the shoulder and elbow, is less than half an inch long and about as wide as a strand of boiled spaghetti.

The chip relays a signal to an external Global Positioning System unit the size of a cellphone, Kuri said, but if the owner is stripped of the GPS device in the event of an abduction, Xega can still track down its clients by sending radio signals to the implant. The company says it has helped rescue 178 clients in the past decade...

In recent years, all manner of Mexican media reports have featured the chips, with some estimating that as many as 10,000 people are walking around with the implants. Even former attorney general Rafael Macedo told reporters in 2004 that he had a chip embedded “so that I can be located at any moment wherever I am.”

That’s pure science fiction — a sham — say RIFD researchers and engineers in the United States. Any device that could communicate with satellites or even the local cellular network would need a battery and sizable antenna, like a cellphone, they say. (more)

BUSTED!

Saturday, April 9, 2011

Come on. Just staple an RFID tag to my ear and get it over with.

Copenhagen International Airport one recent day was much like that at any airport around the world...

But unlike other airports, the movement of the passengers was being observed in an office here in Geneva, 860 miles away. Stephane Cheikh, innovation manager for the aviation communications and technology company SITA, was using his laptop to demonstrate a new program that tracked travelers’ movements based on the Wi-Fi-emitting devices they carried.

When Copenhagen Airport starts using the program in the next few weeks, airport officials will get a real-time picture of where travelers go and what they do. The officials can use this information to improve the design of the airport, direct the flow of passengers or shift employees to improve the efficiency of security or immigration checkpoints. (more)

...or to pump coupons to your phone to buy stuff you don't need as you approach yet another "Bookstones"?

Wednesday, August 11, 2010

Tire Pressure Sensor Surveillance - A Re-Tread

Researchers from Rutgers University and University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged...

The researchers will present their findings at the Usenix Security Symposium, being held this week in Washington D.C.

 The tire pressure monitoring systems (TPMS) consist of battery-powered radio frequency identification (RFID) tags on each tire, which can respond with the air pressure readings of the tire when wirelessly queried by an electronic control unit (ECU).

The researchers had found that each sensor has a unique 32-bit ID and that communication between the tag and the control unit was unencrypted, meaning it could be intercepted by third parties from as far away as forty meters. (more)

Readers of Kevin's Security Scrapbook were advised of this back in 2008. See Track My Treads - TPMS Privacy Blowout.

Saturday, May 23, 2009

FutureWatch - 100% Vehicle Tracking

UK - A national network of cameras and computers automatically logging car number plates will be in place within months...

Thousands of Automatic Number Plate Recognition cameras are already operating on Britain's roads. Police forces across England, Wales and Scotland will soon be able to share the information on one central computer. Officers say it is a useful tool in fighting crime, but critics say the network is secretive and unregulated.

Kent's Chief Constable, Michael Fuller, commented: "We've seen an increase of some 40% of arrests since we've been using this technology. "I'm very confident that we're using it properly and responsibly, and that innocent people have nothing to fear from the way we use it." (more)

Remember the uproar over how RFID toll tags (E-ZPass, FasTrak, I-Pass, etc.) were a threat to privacy? No? Oh well, that was back near the top of the slope. Slippery, isn't it? Hey, what's that down there? Wow, a remote DNA reader!

Monday, March 16, 2009

Got RFID Credit Cards? Wanna Keep Them?

The Only Stainless Steel Wallet.
Woven using 25,000 stainless steel threads that are three times thinner than a piece of paper --.001"--this is the only wallet with a hand as smooth as silk and the strength that surpasses leather.

Resistant to corrosive materials such as salts, acids, and seawater, the tightly woven steel also passively resists radio-frequency hacking--the latest identity theft technique that attempts to scan newer credit cards. (more)

More wallet and passport protectors. (more) (more) (more)

Monday, October 27, 2008

Charlie Can Now "Get Off Of That Train"

"Let me tell you the story
Of a man named Charlie
On a tragic and fateful day
He put ten cents in his pocket,
Kissed his wife and family
Went to ride on the MTA"

© Jacqueline Steiner, and B. Lomax-Hawes
The MBTA, Massachusetts Bay Transportation Authority (Boston subways and street trains) - made famous in this song for their fare increase - is on the hot seat again.

From our Esoteric Files...
Back in early August, the Massachussetts Bay Transit Authority successfully prevented a small group of students from giving a presentation at DEFCON that would have highlighted failures in the CharlieCard RFID system that the MBTA currently uses. Although eventually overturned, the injunction and corresponding gag order that the MBTA was temporarily granted did prevent the students from giving their original presentation.

Now, ironically, it turns out that all the MBTA's effort was for nothing, as researchers based in the Netherlands have successfully cracked the MIFARE Classic crypotographic cipher that's currently used in multiple mass transit systems across the globe. (more) (
presentation)

Wednesday, September 17, 2008

New York Issues RFID-Encoded Drivers Licenses

NY - Anyone who lives in fear of an Orwellian future had better put on their tinfoil hats and stock up on bunker supplies, because with the new drivers licenses introduced in New York we are one step closer to that reality. What makes these licenses so special is the inclusion of radio frequency identification chips. RFID chips are already found in credit cards and passports, but New York is the first state in the U.S. to put these chips into its drivers licenses. (more)

Tuesday, July 22, 2008

Money Card Bugs

A UK crime survey shows credit and debit card fraud has reached a record high of £535 million...new trend was the use of bugging devices which are fitted near shop tills to record the information stored on the magnetic microchip. (more)

Wednesday, April 2, 2008

Track My Treads - The TPMS Privacy Blowout

via hexview.com
New technologies always come with privacy issues.
Tire Pressure Monitoring Systems (TPMS) is one of those technologies.


What is TPMS?

TPMS lets on-board vehicle computers measure air pressure in the tires.

How does TPMS work?
In a typical TPMS, each wheel of the vehicle contains a device (TPMS sensor) - usually attached to the inflation valve - that measures air pressure and, optionally, temperature, vehicle state (moving or not), and the health of the sensor's battery. Each sensor transmits this information (either periodically or upon request) to the on-board computer in the vehicle. To differentiate between its own wheels and wheels of the vehicle in the next lane, each TPMS sensor contains a unique id.


TPMS transmits data that uniquely identifies your car!

Here is where privacy problems become obvious: Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna.

Why is this a problem?

If you live in the United States, chances are, you have heard about the “traffic-improving” ideas where transportation authorities looked for the possibility to track all vehicles in nearly real time in order to issue speeding tickets or impose mileage-adjusted taxes...
Guess what? With minor limitations, TPMS can be used for the very purpose of tracking your vehicle in real time with no substantial investments! TPMS can also be used to measure the speed of your vehicle... (remember) car manufacturers know serial numbers of every part in your vehicle, including unique IDs of TPMS sensors.
("Your ticket is in the mail.")


Now, no article is complete unless it mentions terrorists...
It is now super easy to blow up someone's car. There's no need to fix the explosive to the vehicle. No more wires and buttons. No human factor. A high-school kid with passion for electronics can assemble a device that will trigger the detonator when the right vehicle passes by. (more)

Monday, March 31, 2008

The Case of the Flacid Fob

Researchers from Ruhr University Bochum, Germany, presented a complete break of remote keyless entry systems based on the KeeLoq RFID technology. The shown vulnerability applies to all known car and building access control systems that rely on the KeeLoq cipher. "The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters" says Prof. Christof Paar. "Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key..."

A KeeLoq system consists of an active Radio Frequency Identification (RFID) transponders (e.g., embedded in a car key) and a receiver (e.g., embedded in the car door). Both the receiver and transponder use KeeLoq as encryption method for securing the over-the-air communication.

KeeLoq has been used for access control since the mid-1990s. By some estimates, it is the most popular of such systems in Europe and the US. Besides the frequent use of KeeLoq for garage door openers and other building access applications, it is also known that several automotive manufacturers like Toyota/Lexus (Chrysler, Daewoo, Fiat, GM, Honda, Volvo, VW, Clifford, Shurlok, Jaguar, etc.) base their anti-theft protection on assumed secure devices featuring KeeLoq.
(more)
(Hacker video explaining KeeLoq. Minutes: 36:18 - 41:35)
(How to Steal Cars - A Practical Attack on KeeLoq)