Zapping RFID

what is RFID

A technology spreading fast, with lots of money behind it. It is an identification technology. Our view of RFID is critical. We have found no good reason for RFID, it is a hegemonic technology created by states for control. While there are interesting projects for social purposes, 99% of the purposes are 'evil'.

Radio Frequency IDentification (RFID)

operates on radio waves
a reader and writer and a tag.
a tag is a chip with at least a unique they refer to only one object worldwide, bar codes are not unique
the chip may contain much more data than just the ID.

Two tags: Passive and Active

Passive, get there power from the reader. Active have internal power (always?) Passive tags are very cheap. 1 penny US if you buy 1000. The future of production is the creation of tags by printing them with ink.

There is a reader, it emits an EMF (electro-magnetic field). If the chip is near the reader, it gets energy and it reflects the energy back to the reader. It answers with its unique number, and other possible information. How far it can be read from depends on a number of factors, the size of the antenna is one, with a big reader a passive tag can be read from 3 to 5 meters away. One company is developing very small tags the size of a grain of sand to put in money, which can only be read at very close distance (touching). Active tags with their own power can be read from 100 meters away, these are used for example in car toll systems.

Readers can be all sorts of sizes and can be well hidden, it just needs a power supply. You will not know if your tag is being read. The tags themselves can be as small as a grain of sand or as big as a golfball. The passive tags are typically flat and flexible. So it is very difficult to detect that something you carry has an RFID. Example there are textile tags, that can be put in your t-shirt that can go through the wash, designer clothes companies are putting these in to watch copying.

Standards

RFID has not be standarized in the past (although there is a new standard now), but there are a few main frequencies which are used:

125-134 kHz
13.56 Mhz -- used in electronic passports for example.
2.6 Ghz (?) --

There are also a selection of other frequencies used by different companies. So there is no one reader you can buy that will read all the tags.

Actual large scale usage of RFID

Gilette: the tags were used to identify the items in shops, there was a campaign (cambridge, anywhere else) that highlighted this and they were made to remove the tags because of the bad image
ID cards: travel cards for transportation systems, particularly in asia. You can leave your card in your wallet and just pass the wallet over the sensor.

Actors pushing hard for RFID

US Army: they experience 40% loss of material, so they are interested in stopping theft.
FedEX, UPS: for tracking parcels.
Animals: in hamburg, every animal has to wear an RFID tag to identify the owner of the pet. It is now EU law.

Notable usage of RFID

Mobil: for payment of fuel at the pump
World Cup tickets: FIFA "didn't know" why the tag was there. It was an implementation test for Phillips. It stored how people used the ticket, coming in and out of the stadium. There was also personalised data on the tickets, and space on the chip that was used for this movement data. The tag storing the data allows data being checked without checking the database immediately.

Things to come

tagging people: there has been discussion of tagging criminals, immigrants, etc.
letters: proposals to tag mail sent through the post.

The readers are almost always connected to a network and then a database. You then get a database of movement of objects.

Companies and Organisations pushing for implementation

?Global?
MIT
[list of companies here]

A company in Germany promised that supermarket tags that were promised to be destroyed on leaving the store weren't. A testbed for supermarket 2.0.

Some interesting projects

The electronic passport: Every German passport issued now has one. This contains personal data as well as a picture and to come digital fingerprints. There is also space for more data.
Switzerland lets people decide if they want a tag or not on their passport. US, France and UK have started.

There has been a discussion about Visas carrying RFID tags, but someone in the Administration noticed that everyone carrying a unique numbered tag could have issues (eg for people travelling in the middle east). So they have waited, and have let other countries go first.

Lukas Grunwald demostrated at a conference that he can clone the chip on a passport. There is lots of information on the web about this if you search, Wired Magazine had an early interview. http://www.wired.com/news/technology/0,71521-0.html With this it may be possible to pass through border with a fake identity.

Simple Devices for RFID

RFID Guardian: This can read and write tags, sniff tags, simulate being a tag, and block tags being read. http://www.rfidguardian.org/
A similar device: http://cq.cx/proxmark3.pl
A very simple bracelet: a spool of copper wire with a very small chip and a LED. When you come into reading distance it will light up. http://foebud.org sells RFID detecting bracelets and the supplies to make your own.
http://www.we-make-money-not-art.com a blog which often has RFID articles.

Protecting yourself

Cover a passport for example in aluminium foil, as it cannot be read as long as it is within the foil. The foil acts as a Faraday cage (http://en.wikipedia.org/wiki/Faraday_cage) like this commercial product: http://www.paraben-forensics.com/catalog/product_info.php?cPath=26&products_id=373
They can be destroyed easily in the microwave, this however leaves traces of the destruction - so it is obvious you did it. Easy and solid way to destroy it.
If you twist it enough it will destroy it in the end, but you have to read it to make sure you were successful
use the RFID zapper! a much better tool.

practical RFID zapping

Invented by 3 IT students in Berlin, presented at CCC.

Single use camera with a flash. Break out everything but the flash and the flash capacitor out of the camera, and put in some copper wire that shall build an electronic magnetic field.

The interest of the disposable cameras is that it has a capacitor in, which builds up a charge. USing the capacitor, a strong electromagnetic field is built up and bursts the rfid tag.

A destroyed chip by this method looks like a normal chip, and even if you detect that it doesn't work you can't tell how it was destroyed or if it ever worked before.

This was presented on radio show in Hamburg. A workshop by radio to build the zapper at home. They described every small bit by word, working with people who had never held a soldering iron before.

By the end of the process if you are careful the zapper looks just like the disposable camera. However, they cause problems getting through airport security, and there are issues with pacemakers.

(Q: do magnets destroy RFID tags? A: unknown.)

RFID zapping demonstration

Roll the presentation.... Using M$ Windows, as the reader software LibRFID is still under development for Linux

OmniKey CardMan 5121 Contact-Less Demo Application Programmer. Provided by the manufacturer of one of the readers. (Q: do you have to pay for the software? A: No, but the software isn't very good )

Reader installed
RFID chip passed by reader, and it is read
Flash is enabled on the 'camera' until it is fully charged
The camera "takes a picture" of the RFID (actually discharging the capacitor) the distance from the 'camera' to the RFID is 10 - 15cm, larger distances could be achieved with more work
RFID passed again in front of the reader: the chip cannot be read, it cannot even detect a chip
Q: would it be possible to make it affect farther RFID tags?
A: it could be possible to improve the device and make it powerful or more directed...
Q: does the field affect the brain?
A: latest studies on cellphones show that cancer is not due to microwaves but to EMF (electromagnetic fields) that are constantly on your head, so if you're using it occasionnally, far from your head, it should be fine.
Q: can the camera destroy the reader?
A: maybe. it may destroy some chips in it, making it not functional. it's easier to destroy the tag than the reader, because you carry it on you.
Q: does it work on active tags?
A: we don't know, not tried as we only have one. but it destroys chips...
Q: how much did the reader cost?
A: 85 euros, from austria, but it only works on one frequency. make sure that you buy a reader that works on the frequency that you are after.

The companies send out "free samples" of RFID chips for you to test.

Q: is there a way to detect the manufacturer of an RFID chip by looking at it?
A: sometimes it's written on it.

Discussion: How do they maintain unique numbers, if the manufactures do not maintain a name space? If so there would may be a database of namespaces for each company. However, there has been little standardisation previously. There is also a tag for the "company" on the tag. There are already numbering authorities for the barcode system, there is (probably?) an extension system for RFID.

Q: is there a way to decrease the lifespan of an active RFID chip?
A: concentration has been on passive tags, but their energy comes from a battery, so something to use up their power?
Q: will zapping the tag have an effect on a mobile phone or anything else?
A: make sure there is nothing with chips in it near by, just in case, you can destroy anything with an EMF if the field is strong enough
Q: when you zap the chip you destroy them, are you sure it is completely destroyed, would it still be possible to restore some of the last of the data
A: it destroys the communication of the device, it may still be possible to access the memory

building one yourself

later tonight at 8pm in H17, if you can bring a camera (with flash)