Source: Washington Post
New research into security vulnerabilities in radio frequency identification cards made by technology giant HID Global has been pulled from the lineup at an East Coast security conference this week.

Researchers from Seattle-based security provider IOActive were planning to detail a technique they developed to clone the credentials stored on certain RFID cards made by HID. The company was expected to present the findings Wednesday at the Black Hat Federal security conference in Crystal City, Va. However, IOActive last Thursday was contacted by HID attorneys, who claimed the researchers were infringing on HID’s intellectual property.

Source: RFID Journal
RFID tags might someday be affixed to pills and then used to monitor the medicine once it is swallowed, according to a patent filed earlier this month Eastman Kodak Co. The patent describes how such RFID tags would be useful for verifying proper drug usage, monitoring drug interactions, controlling dosage and even maintaining inventory control. However, it’s not clear whether such RFID-tagged pills will ever show up at your local pharmacy or hospital.
Comment: This, of course, gives a whole new meaning to the traditional “Haven’t you taken your pills today?”

Source: Earth Times
AeroScout Inc., the leading provider of Wi-Fi-based Active RFID solutions, has launched the AeroScout T3 Tag, the industry’s most advanced, feature-rich tag for asset and people tracking and real-time location solutions.

The AeroScout T3 Tag builds on the company’s innovation and expertise as the creator of both the market’s original Wi-Fi tag, and the current market- leading T2 Tag. The T3 Tag combines the proven benefits of AeroScout’s asset tracking capabilities with a new streamlined, flat shape, low power consumption, and advanced capabilities to meet a wide variety of customer needs.
Comment: People tracking. Doesn’t that just sound wonderful?

Source: ABC News
All it takes is a second, and it’s gone — a modern day pick-pocket can snatch your credit card and other personal information without ever touching your wallet. The thieves need only a little know how, and about a hundred bucks. The technology we rely on everyday — is being abused.

If you have a fast pass, you have RFID tracking you when driving through a toll plaza. Fair enough, you signed up for it. But did you know you are being tracked when you are simply driving down the highway? The signs that give traffic updates get their information by tracking fast passes, they know who you are, where you are driving, and how fast you are driving too. Edward Albro, PC World Magazine: “There are some real privacy concerns about RFID chips — as they are built into more of things we carry around with us, day in and day out.” Things like driver’s licenses, and that concerns State Senator Joe Simitian.

State Senator Joe Simitian: “It is coming, and if we get to the point where we have 20 million plus driver’s licenses out there with RFID, before we’ve protected our privacy, before we’ve made sure we know what we are doing — we are going to be in a world of hurt.” That’s because it won’t just be government tracking us, it will be thieves stealing our information. All it takes is a computer, a reader that costs about a $100 dollars, copper wire and some off-the-shelf electronics.

The ACLU’s Nicole Ozer shows us how easy it is to take another’s information. Nicole Ozer: “So what we have is Senator Simitian’s entry ID document into the Senate and I have a reader, and it can read Sen. Simitians card. We can actually clone this card, with this little bit of copper wire, I can actually ask this wire to read the card.” The senator walks into the capitol using his card. Then I follow with the computer and copper wire, I check the door, it’s locked — then walk right in. And you don’t have to have physical control of the RFID enabled card. Just walking around with our set up in a brief case Nicole could have stolen information from a group touring the state capitol.

We didn’t do that, but we swiped the senator’s RFID information while he was in line at the cafeteria. State Senator Joe Simitian: “I think it is great technology — I just want to make sure we use it well and wisely.” Last year the senator shepherded a bill through the legislature, that would limit government’s use of RFID. The governor vetoed it and now the senator is back at it again. State Senator Joe Simitian: “The fundamental question is whether or not the government should be able to force you to carry government identification that broadcasts your private information, without your knowledge or permission. I think most people consider that a bad idea.”

The senator is not talking about restricting RFID in commercial uses, just government documents. For instance there would be privacy protections for driver’s licenses, student id cards and the like. The new U.S. passports are RFID enabled but have encryption and physical barriers to foil unauthorized readers.

Comment: Encryptions get hacked by criminals every day. How long will it take for this to become a new rampant epidemic of identity theft?

Source: PC World
Many ‘contactless’ credit cards can leak their owner’s name and card number for reading at a distance. You may be carrying a new type of credit card that can transmit your personal information to anyone who gets close to you with a scanner. The new cards–millions of which have been issued over the past year–use RFID, or Radio Frequency Identification, technology. RFID allows scanners to use radio signals at varying distances to read information stored on a computer chip.

According to a study from academic and business researchers at the University of Massachusetts, RSA, and Innealta, many of the cards will transmit your name, credit card number, and expiration date (but not the three-digit security code) in the clear to anyone nearby with a scanner. One of the researchers, Kevin Fu of the University of Massachusetts, provided an electronic copy of the report’s just-finished final version to PC World. The draft version is available online.

Millions of Cards in Use

RFID is widely used to track shipments and store inventory–and now it’s in credit cards, allowing customers to swipe the cards past readers in McDonald’s restaurants, CVS pharmacies, and elsewhere, making for quick and easy transactions. Visa says more than 6 million “contactless” cards exist worldwide, and their number is growing rapidly.

In an e-mail, Fu wrote that “in our collection of approximately 20 cards, the vast majority revealed CC name, CC number, and expiration” when the researchers scanned with a commercial RFID reader that they modified to work with the credit cards. According to the FAQ on the study, the sample cards “spanned all three major U.S. payment associations and several major issuing banks.”

According to a Visa spokesperson, the company’s contactless card network uses an encrypted security code to verify a transaction. That should protect against certain types of fraud–but again, it doesn’t protect against someone pulling the name and number.

However, second-generation Visa Contactless cards no longer send the name, says Brian Tripplett, the company’s senior vice president of emerging product development. The new cards still send their numbers, but those would be difficult to use without the card holder’s name. With the first generation of cards, Visa suggested that banks not issue cards that transmit the name; with new cards, that’s required. Tripplett also says that Visa’s technology has a shorter read range and communicates differently than does the standard RFID used for inventory management, for example. Mastercard didn’t respond in time for this story.

Is Your Card RFID-Equipped?

How do you tell if your card has one of these chips? Some cards have visible microchips, according to the study’s FAQ, but others don’t. Tripplett says that Visa Contactless cards have a symbol: four vertical wave-like bands on the front or the back.

But to know for sure, and to know whether you have a first- or second-generation Visa card, you need to call your bank and ask. You should be able to request a card without the technology, or at least one that doesn’t transmit your name. Also, you can block RFID signals with a “Faraday cage,” which uses a metal mesh or casing. A quick online search turned up some wallets and wallet inserts that incorporate the cages.

Other Risk Reductions

Even for the first-generation cards that do send the name, some other mitigating factors exist. First, while the researchers used a commercially available RFID reader, they made modifications to it that take “technical skills and know-how,” Fu wrote. Also, the reader must be close: The card specs say only a couple of inches, but Fu says some research papers put the max range at about 6 inches. And most important, phishing, keyloggers, and other kinds of online ID theft are far too successful right now for criminals to put in the effort required for this type of fraud. So the risk probably isn’t significant–for now.

Major risk or not, however, there’s no way I’d want my credit card to transmit its information without any encryption. Adding yet another opportunity for ID theft where there doesn’t need to be any, whether the threat is large or small, simply makes no sense.

Comment: And once your card details get used by criminals you can spend countless hours trying to explain that it wasn’t you who used it.

Source: The Earthinc
Hafiz writes, “Both CCTV and RFID technologies are beneficial for many ways. In private commercial spaces, both are used to make processes safer or more efficient or both. CCTV could be installed in places where no human could operate safely. On the other end, both infrige privacy.” and that “While CCTV could be a threat to privacy, RFID could be many times more hostile.”

We like how Hafiz compares CCTV with RFID and implies that at a projected timeline the common acceptance of RFID might be as common as CCTV is today. As Hafiz wrote, “Just like CCTV, the utilization of RFID in public realm is questionable from civil liberty point of view.” and then continues to raise the question about tracking, security, and a view towards the future, “Malaysian passport for instance uses RFID. In fact, it is the first RFID-passport in the world. The RFID chip within the passport contains sensitive personal information and that information could scanned and read from afar. Despite that, many advocates of RFID insists that information within the chip is secured. Nevertheless, there are reports that point to the contrary. As time progresses, it is all to possible to track everybody with RFID. At the hand of an illiberal bureaucrats that respect no right, RFID could be the tool to suppress civil liberties. This used to belong in the realm of science fiction. Soon, it will be science.”

Source: Computer Economics
Over the past several years, Radio Frequency Identification (RFID) has been promoted as the next big thing in supply chain and asset management. The promised benefits of RFID include productivity gains in the warehouse, better product visibility in the distribution channel, improved inventory accuracy, less shrinkage, a reduced number of transaction errors, better asset tracking and utilization, and easier detection of counterfeit products, such as fashion items. Mandates from the U.S. Department of Defense and major players such as Wal-Mart now require their suppliers to label shipments with RFID tags, which forces adoption of the technology.

Despite these factors, the adoption rate of RFID technology has stalled significantly in the last year. This slow-down is not being publicized by suppliers of RFID equipment and systems, since their success depends on continued promotion of the technology. Some reports of an RFID slow-down, however, are beginning to appear in the business press. For example, the Wall Street Journal recently reported that Wal-Mart has only installed RFID in five of its distribution centers, which is well behind its plan two years ago that called for 12 of its distribution centers to be up and running by now. The same article reports that apparel maker VF Corp. has curbed its RFID program, citing an absence of payback for its efforts in the foreseeable future.

This Research Byte is an executive summary of our full report, Radio Frequency Identification (RFID) Adoption Stalls.

Source: Newswise
What if your boss asked you to have a chip implanted in your arm? Would you do it? What if it meant getting a higher salary? Radio frequency identification (RFID) tags, small circuits consisting of a microchip and an antenna that generate a radio signal when triggered by a reading device, are implanted in millions of pets and livestock to keep track of them and return them to their owners if they are lost. In the last few years people have begun to have tags planted in themselves–a move that could have serious repercussions for our privacy and freedom, according to Kenneth R. Foster and Jan Jaeger, University of Pennsylvania professors and authors of an article in the March issue of IEEE Spectrum.

Indeed, society has yet to answer such basic questions as whether an implanted tag is the property of the person it’s implanted in or the company that issued the tag. When you leave a job, you typically turn in your keys, Foster and Jaeger point out. Would you have to have an implant surgically removed with each job change?

Although mandating that everyone be chipped seems far from likely, Jaeger and Foster are concerned that supposedly voluntary implantation would be anything but. Responding to a proposal to chip guest workers entering the United States for employment, they write: “Guest workers might ostensibly consent to having chips implanted. But would chipping them be truly voluntary? Such ‘voluntary’ actions may determine a person’s ability to earn a living, and the worker might not view the implantation as something he or she could refuse. What person facing poverty at home and given the prospect of a job in a different country would be in a position to argue?”

With thousands of people already implanted, it’s past time to answer these thorny questions.

Source: Rantings of a New Yorker
In this wonderful rant by a New Yorker you can read why RFID is not as popular as people might think. Of course it’s clear that the corporations with a vested interest in RFID technology have a lot of marketing going for them which makes people think the technology is, indeed, popular.

But as the ranting New Yorker writes; “According to Cnet, implanting people with RFID chips isn’t as lucrative, or popular, as we are led to believe. Ever since VeriChip went public with their idea to implant humans, their stock has been struggling. The chip, to be used for medical purposes, has attracted a mere 222 humans willing to be chipped.” And that “Three years ago, VeriChip began its ad campaign about how wonderful and useful it would be to be chipped. Everyone from civil libertarians to my grandma balked at the idea, claiming that there were severe privacy issues at stake in such an endeavor.”

The rant ends with a note on privacy, “Our privacy is slowly disappearing. Some care. Most do not. I suspect that, by the time I am an old lady, rocking in my chair on the front porch each afternoon, that I, and a few like me, will remember a time when privacy mattered. I will witness the erosion of privacy and individual rights as the generations behind me freely give up what the generations before me fought so hard to preserve.”

Go read the full article!

Source: The Daily Aztec
Science fiction movies and books often portray the future as a world in which every individual has been tattooed with a barcode and can be easily traced by anyone at any time. However bleak this image is, recent advancements in radio frequency identification have shown us pieces of this bleak world and a possible utopia. RFID is a technology that uses small microchips to transmit stored data through the use of radio frequencies.

A common RFID application is the FasTrak electronic toll-payment system used by Caltrans on highways around California. The FasTrak badge is a type of RFID transponder that uses radio signals to send credit card information to the radio terminal at a toll station. While this sort of technology has been in use in California since the early 1990s, the most recent application of this technology has shown promise for the future, as well as some questionable features. Some retailers use RFID to track the whereabouts of products in stores and to have the ability to see if a certain product has been stocked improperly.

Many people fear that as RFID technology gets cheaper and easier to use it will be misused at the public’s expense. Groups of privacy advocates fear a sort of Orwellian future with every individual being implanted with an RFID chip to eliminate the need for money and forms of identification, thus making us lose our individuality because they would branded like cattle.

Such startling uses have been put into practice already. Several nightclubs in Europe have implanted RFID chips in their VIP members to make it easier for them to gain access to exclusive places. While this application is quite odd, the fear of the government using RFID to track Americans is a greater fear. The government could possibly know the whereabouts of all its citizens at any given time if a nationwide application to RFID was used.

On Valentine’s Day, Japanese chip maker Hitachi unveiled a new advancement in RFID technology to further any speculation of the possible misuses. Hitachi showed the world the creation of RFID powder. Hitachi developed what it calls mu-chips or .05 mm by .05 mm RFID chips, which are smaller than a grain of rice. There were immediate speculations of the possibility that a person could be given an RFID chip and not know. It could be inconspicuously slipped into food, clothing or one’s body given its ultra-small size. It even has the possibility of being embedded within a piece of paper and effortlessly track the whereabouts of any person.

Debra Bowen, who is running for Secretary of State, said in a 2003 hearing, “How would you like it if, for instance, one day you realized your underwear was reporting on your whereabouts?” There is an inherent fear that America’s consumer society would be amplified even more so with corporations reporting our whereabouts in order to increase the effectiveness of advertising that would entice people to purchase more. Should Best Buy employees really know that you went to Circuit City after you discovered its prices are higher?

However, the technology’s possible practical applications could rival any misuse. The U.S. government is already placing RFID chips in passports for electronic identification of citizens and to deter forgeries. If the mu-chips were to be embedded in paper and money, counterfeit documents and money could be a thing of the past. If stolen, a mu-chip unknown to the thief could be used in tracking the document in question once it passes through RFID readers in an unauthorized area. The proof of a legal document could be proven with RFID technology and $100 bills would no longer require the meticulous inspection upon its use. Consumer buying trends, product tracking and data collection could be better than ever with the application of the technology to a greater degree.

Privacy in the United States and identification systems must balance each other out in the future with the increasing questioning and development of the RFID technology. Whether the technology can be misused will be debated for a long time; however, forms of RFID will be continuous because it’s like any other technological advancement that will help people in the future.