|
|
|
RFID Hack Could Allow Retail Fraud
By: Mark Hachman
2004-07-29
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
RFID Hack Could Allow Retail Fraud (
Page 1 of 2 ) New tool allows modifications of the code stored within RFID tags, potentially allowing consumers to buy caviar for the price of a dozen eggs.LAS VEGAS—A German consultant has released a tool that its creator says will allow modifications of the code stored within RFID tags, theoretically allowing consumers to wreak havoc in future retail deployments.
The RFDump software allows a user equipped with an RFID reader, a laptop or PDA, and a power supply to rewrite the data stored in ISO 15693 tags, the most common tags used to host the EPC (Electronic Product Code) information traditionally stored in bar codes.
 Click here to read about eWEEK Labs analysis of RFID.
Although each RFID tag carries with it a unique product ID, the EPC is stored in the "user area" portion of the chip, which allows it to be rewritten. That poses problems to both consumers and retailers, RFDumps author, Lukas Grunwald, a senior consultant with Hildesheim, Germany-based DN-Systems Enterprise Solutions GmbH, said: On one hand, consumers could defraud a retailer by reprogramming a premium item as a cheap commodity. On the other hand, consumers would have to worry about the items in their shopping carts being read by "Big Brother," or at least the many retailers in a shopping mall.
The tool was released as part of a talk at the Black Hat Briefings here, dedicated to IT security.
Click here to read about Congress RFID concerns.
And theres an even worse scenario: "It is only a matter of time before someone puts a root exploit on one of these tags and hacks into your supply chain," Grunwald said.
RFID tags have been seen as a revolutionary device by retailers, manufacturers and the military. Theoretically, a pallet or product with an embedded RFID tag can be tracked more accurately, resulting in a more efficient inventory-management system that could be used to quickly replace umbrellas, for example, that sold out during a rainstorm. Gap Inc. and Italys Benetton already use the tags in their stores.
In Europe, the Gillette Co. has used RFID tags inside packages of razor blades to minimize theft, Grunwald said. And Wal-Mart Stores, the worlds largest company, and the U.S. Department of Defense have separate programs to rework their supply chains around RFID tags by next year. By 2007, all manufacturers, retailers, drug stores, hospitals and smaller retails will use the tags, according to Robin Koh, a member of the Auto-ID Labs industry consortium. Already, RFID tags are popping up inside consumer loyalty cards.
The assumption is that the military will have the budget to buy tamperproof tags. But not so for retailers and manufacturers, who will likely try to scrimp, Grunwald said. The most common EPC tags store the item information in cleartext inside the tag, and allow rewriting of the data. Each tag sits idle until powered on by the RF energy emitted from the gate, and can then be read.
Next Page: Tool facilitates criminal mischief.
|
|
�������x}r㶲s\@♵M푦d[b[^f&uT� I)Qr�e��oВ/㩱%�l�h|Ggg�D.\ݴ1t͙M5��5|zoч`HRsgޅ��,34
@oRQP
Ġ�x�nwݶN`P'~ �> \?g3U;Y|��b(CѺ��QQ�yIږyH6�EG�J��ߣ*C7�ݩx8/DeO�HYɼ�M"h4"j�>wn3�w2����X]~�D4��ڮq�8]�b'*#O^3j�c㥨�H�aP`\ 9t}�^�
Go&lw��"�QcO$ӡ�q�̢JKAtf>D�>8�z
v
v}jJ�73ҧ
}KH;R@}k��y�>5I
i��1E 94cT$ie8DrH
n>�,
шj%5O?�I܃N8C�Ynհ}=
:ԍ�|$�.j.9b�&�ԃ �P2zhN4,2Q�Ȳn�Mw��Ͱ-P6CMT�jR?tދW����c�m9�2+�hKB(u0>
n0u�p;\Jz}M=퓫;yؼ} � Fb��}�"UJ@D�Z-�i"
0i!5&�tt<_MB^�$9DFI?n�|%Բ_/iv�$�f1{�P$!XI#F/XTUGb9괏'}o\tzmo��tڧH>߈ecby�1�=T�r�Jw�!=[�
VӓKIGN7s!)|rg>!5M0\̱¬8֪V�`Ck'^SS?�&�:aZ+}I-Gb{t&�pt9&�IoKDz|?!:_^��C��J�ݖU�L_*Xȟ�/Rzhf5
x�C�X&%92ɔc�Pu��t:��C;|sƊNm҄&
�)B:%u(��5�>Hr
Q@a)#8?��%�i�8�@r5)6�K .7R�ߦ�,|y"�b�4r�ݠQs>N+&o�#>��ef"`Q%M����
'�| 8Jn.b?
[�Z&gYrlNVڒ1Wb{禿H
.Cuv}Bzݫ^�?]{Y�T�364>H�,H�!eݴ%��榣V'cW*P\?,Ëʾ��b�(7ZdL��,��1,{Lt차�p:� 0h��v?S�Oiͦ8�9y��tD�AG61^�K
ucb���>'ݸä��p�p�w�>>-Fv93�{Q �{>�0i��CkJ�QD$��i��-D�@wM0I�e+�f!S@uO L߁2à�F{t(
�,/�#0/ Zm��{����Ae^~�}�̢!1Y@��X�lMuև
&��SsfPB?{ԁ!~9.Wb�&�A/���""D% �
h��4�A�G�EBEN@@7gw$]Vi+Raz"�ʦ�B�I��J�D�V�{T�Kh+�K@f:32YIFMf�
X�*ȉ#�o"0�9X����
,gZ
X�k%Ƽ
f�j~��iڛ�,Â%�G�n]ּG36I�`آwBrPC��;*�:��:���熳��a\9:�<��V�M+}�'�t����F~Oש�
ݜZ�,�'1!���õ�B3}P˄FrT{��g[,3�TN`cܑn�h�Ͱ&QUN?>{BO-\n�aDHդ�:ϧ�HڶMS�JoBo*څP���_.dI�_fMb�lȜu>I!VB17OD)wz@aeXd|r�e�{RՌ{`ELE:a5=�%ӇnS?�ĝRƠ;B�ZSOs�\':[[%7˺�I8�T*{ۥi]hk%�R��d7�Bɶ/^¢xmP2֡R$k��ϥ�Ӳ�=6P<� "x�ӡE
7�(�=��u
��
XTM._`�}dҶahDej��[�`B�^�eܠQ3%X3�Q��[
�lx
ku��`�CߵK|#�=du3$?;`��ϟ(e!�\o� �N(L>Aװ�H��ZWS{�u��&<�$��2.|N\��+�c@m^�|Y8_,-�{uaWjI��k4GMM8@mE�"}A`INR}�
Ȳ^z`u?uou�j�1���SQ_(%UMP?O~�2��;2.eX \�k��>#�Oa�Yw$
Eiy�
Y�(p}r�)C©5j&|��jj�h0Ả#ן�ũ�°0vQԺUwPy?�1�cXe[;pMbA
L>FS-cB�_3�T&/A�咢TS4 ֚pD�r@uߘ@g��hȐ0ҁq�_HE�y�[kpp �B���U.)L,�:z� �
�[
Hg
�[Qz�oSC�z�+
@z��K&� G�qӞ�rVyCfZa0K�P@W&~qj�,2�,~R�һA�L}6݂
\rϙ�,�|pZE�N�Yv�O`��s!AZNҎ@GOe}RIc��4dTP8ufj�ti���z8_n'?8!��N#�1�hh
05�-�dqCUjʾ_۳IW�7g)|h��#RL@
`�!
K{�ZCA;aSd�}p�@l#RiM5�o�"vyڀVI�JYhQVh�_�/ۡqm(}�g^�L�?~דy�LoǶ;3�N?dZp|]aR;E9Ȳ5(_��3FnyuitLeb`lj�E@a,0t�]XIe1S�2N*,E�%R�(NY��Xٌjj_ũ�Z�kRWF�� "U!7T��>xc_7)~(zC>�m�
{~B>s�T�Q]~�U'-RV�%%~!WݓFp�imEB�Skɒ8�kps%p
B0_ \PF.^%l`\�ASV<^��ے�tK3קA(6�E�ǔ[��ā��3W?f�44ڎc�pDM�?� h)렙?3TlɪVW%uZ]J֟'�snٞE�(GKB�eṚo{{kC4�÷��,+(|ݙ���adJ�P5�]�Uj; 1K4a!`0\V+{)�,%~w9@`�|ZUj��r2�2DBZNBq<:N+�tS�N`+T�&.n��_B&WF@"'!�M4�3,�`jRU\ό&�ݽ]g=LM_BP`��&ю pmOɪO@T�#N��Ew%]w�)il{N[O�x�Ź��DgNӽ: �"hCr<�{}cq >"uN: C�n�Ne&FӸo9)��P �K1NC�bw}�Wsz^^NN:Wg
6zv>G����2�DH�4zw/�YJ|{ѽG�E-{w[Oj��܉Z��䄬�W!z/ڭfS �k3d8)(xdqH�/=�^q@ښ��
ҽ9ipbiNZ
�_k=W���7ha��F`v~Y�F_aݪ�,$"0�.�
I��ku:=>��
�� cJ=!�Vo8/Z#Y9LB���
�`E/ԩ
#A�D�rIGzZF�ijqʼn�π/`Ea�1:�*:{_Qkᷜo5�?Oů1Ok7�tA�h[(kt�Nz<��\1[i�N:|$=Br�^'18�/:=h1��I��ec�]Z�qm}�z{@&iR'D[3pq*hKhwI�e�
ޜ,Hu9Ym@yjZӽM3%˳ƗHȣ ,-�I+4$/CiA0;ǭH��R�#E��hq�eP>�Xki)�i[YUH+?v�Ƈ!qb��wyAH0GW倜�b{~T߯Il;up=q"?h9#7:�NjG�/sy"O+:Q��
,'�:]@���_��GoIM2�1ɘ�Kԍ A�/sBk4GלO�)|si�9��<3m�~��`'6"����(p")Xf�>VAkv,x\J�|[<,'�Mw[��1CN'~>A�6W�{��$��^ FP�=Foq�>P]9Yz$AC~o}\0n;z{w6�bOf0�7+��l9niamơ8�-��J�~l'Mt:�D�jE[c{wC9�Ȫ̙SzR؉~'g#3^q:-: �&i_�%3ތ<яK�i^dΠt4s���w�}!F.`0.s!T xBo~˸a�W*]c{�*{�w}w�o]VZ�tCq�B�1V�x/)&%�n.E�L
@O�Kt�GY_B�QKwv�{쬐kY\xlS�Oo
?ֈ
'|Ȟc�Զىǣy|Syg�,d����a���з�؞qa��L��d<�J��;�m�oݍn T
f_�!O�#%�FJ
,Q`mZ��9_�к õQ`V���Ǵ��p8|#؈f_��O�6oNƂ1f̙�ʈ1WcR__S;_��XR| � �.w�?дg=.0(yS�/�4
K[�⹋^]:lMo
%n!�Щ*Ͷ-CN_8#_h\�Wr��鎪av8yW,wCr]ge"6y~l�k2y#<;ːg
M��=={?�
D&˲e~5�fg�;~�vrB1q�[�#5u�ca)ñA|aJZ{�zԦF#I1g@Ls�ꎩ& �vxs!|iNkbb {6`;n^r-٨,WxVTbtIt+N]nU%!��+,�ԁ�LyJzI$)f/iM�6F-O&\"�YD(ON˓7e7eXg�l7k42�yrΗ
1a4u�".z8IX_0֔xJjr_~v_tx9ݏ�Mz��Y͐�O @OxڈӨՊިId�x��f$@Y��&D#Y?KVb{r0xǏM+�7��ޗݙmJ-<%Plg,xRLݱph����C��a`��C8�,$NDN�{Yє\��Y`wUn
RYRj6}D.DHˎ(]�n!Eߥ���|����a!x>>sU)*�8pI&�,r�p�pIw�q�)(h>ᥭhm_RUIlJk�5vkt�4dC�8Ѧz@�u�s�H,"�H I�D cL��$0.{:fb}dD4VW�u�IW~qe <6n/*hrL/KC|I��3v�kHt`@c����]Z
NKx73ps0t�z`S)��j+m)#�X�sIxky\o:��D8�l�Nҥac�6a7G֛�w065Ts�Ba
{/拀ِJ4nyr?Ԓn.+]l#
-�쎊Z+�Pݢ��D)? �ZҩE�HC"�z�43BF�ܦTbd32Ȼ�B∆:r!D`�x/Y LP�w���s�x;7�@��Ջ"!��nn^w��G~sd~sd~sd~sd~JYkx!
��J,O�=Ui69 X]b�x$^3r\O1[7溒/W�j��!IG>a�}O hM\\��R�7OY�W�֍lC=`Q}Ƭ¨ou�ҰgԽ�u�%�@v
6Բ9۸�w��G���G����t��)|~i�תXx��\Qj�^,X}c�f�Vz`�C1&ԗuۘaTG5�ŪDM�K`��bI_���4ahs�$ �W'/X=?�QgX)wmԳ9�x킕'R7xo%X?�a'@Uו�4ADO�4zi_ �؊�|4
gkOPg��UHz�c1E:C@P2ml=ulN�JMg�ܭƁ!�# $9Դ=�Oxic-J��0;a�.XV;0:�|[��*
�S V*�ēB+lx7֫_W9fMAyrUׄ%T|W ȿ�2rO|k��nfN"��^0x+B�Ρ6k1�Xxm&]$v�?h��b+M���6-1NFŋ`�_<@VE[6ө{OҲ+e9X
-}-?RgKNFtAm�Aȼ=K�ԬE5:&KWJ�E:`�٫)#�cqX睁oҰ�Xz�
"K��K)zo5�.~�4�7�ɏ|ׂ�^_FB
:V-I
Q *`l{;�pOf�}�E\bd=
Dw߁\<@�!��V
aLD"�lo�̆xqS@#D��"4t�r'u4dz�}~"G|�?q�T��ݦ!eYYln�P�Ӭfo!_`n2�y+o1u2{Ga(�wb��]o��~�(}
J8+O|6��d�Q�B�x8�j
ͣ�g{7{[=��$]"<=mv ;"((W�#=��t�_��hyl?��
TŢW\��#!kjj`��O4�#zn@�]oq4,zD?�SM}1w럈>�,8EH 5+=6i[�s"&�Jf��id7T}$Fʨl�E}`D�h�GX�/[���a(�1��Vg�B�8�AXJzXDJ
�Ň�^G "�K&5\q�4(c3, ^�J15ǜSX\��(.HQ,:+Ȓ~We=^^@��+ nM��/�U�J�9t[`�ɧ��j*,��IT�f gx#-5נc;�m�r<)fF<��ƏLvh;�b=�Vں>qw�z2Ko^;C'�knVur���C[wV9cOnH
p��Ac,mWo,~JH�@�!d�4�l3˨aZ�$�~�TRU�Ra"�̦{R
?ZIjЋP^Csʷh/oؕպԴzY�ܧF(+!豛@=(ur�ڊRo4Jv�(EL�O@�99�ݱ=�X��t ���jg~RۈuX0addd㍨=+!M7T�Pa���L�ejXֿ�|Ɍֲ:m����&�_cLy/8#� %� rU%wޠ~z�*ޟO�e~f�n0
5�T�U@Į8AnK@�mm�B+��.*�`H8a|LёH|xUk{VyKb?{r ����̋(HKt4*:Q�6ɽ�>F&s؏p�3�'FEnX�{+$ʽO��g-�>�-bWld�b$@���^"�_�پmFzhu.Uw7=
d.
3���Kh`#a��
L'Q�$N���P�uE)
2˓Y�"aK9.�ڊ�C~��!��W>!�s�Sx- rH(G}8;Ѿ檧+%�cDTwrOaH��P=SѪbX"CdZ1ֈ�Q(Vpxi|���wv$"�&(9a� kE�$�06F;%HJ
1-L^g
<;kXaϘFLN[�΅Jw۹fl��Uo%P`�qT|8snj|J"�|=�D:b)u�(b�E���7�@��,G,(Ϗ�B5D��R*%n67XVh_ν��fJÉ���:la`t��.t>�Oð0]��1o�(pj�,EףΛ]-GAGG71`�Tg8�X�7ں9�P�w?v7~yj9uv>4m^+L�xte$ANZmf(NTlSg̥,�%�E�:w"^�Ȥo�u[�@�9?C9@/97P~�)By7�)�pp)?姀�Ar�?/?�x�-urUN9{ϽOPi}�ȁ�ڮy3?0˜_�<�^�~.ss �%e�}^�}^'U>Bǜs(?)�#�/sa~r
*`r��# _9�:>o~nr�匿�匿�ϡ_?�}}ȡP1�1g|���sw�y@9{��wCi]'I9z�[9|ֺƅ۩�QNy<ʡJ�E5ৼrXB]Cy<*PC/nvs
���
SG0��75ipq[~r^<^Ȭu�j�7�m(!ϋ9y}2�o�فϓ�B�bi3q*�7ýEy�2�W8�k�pbOC�vHu1nCg6m'[
}�MF`MTV�N)pB;,RKtCc,~(NBhع�jWWxJ
�{4���́a[�@ �o6eM+5VkZpwrHi3=""CSL`FTMV�Yi2ZUٯk��%�QP�e��h�[i2�oVS�y�Vi8��n[�C#DK(��x�>�[xuc6D|�_,mBfH��6T<�'u~�m'�oє^\gC�
N�*˗ X֭2YZ �152F@���:~ {f�w:aKƘS�DM�KIn�_!��x@䗋`�ȼ!;H0BRhfNX׳( �8�[]^N�HAR+�>^"�X<�ap��Sb2� �B�L-HZ}�v�wVzkʮ+@wEm�Ĥ��G��[�zhLR,ibErd9�GU�Z�Q�8ۈ8�s2&6 6!nCrǶ;3%��ؓʞq}�|ۨ�=]wrn#�k���vԙ%h-H_ V_d�v�O~%�B+*π��8H2Gd!᳤c9"=>��(��"Ntx9�=�|^[zQؗ�G@1agG�;Q5R^◓� K7 oX�)u�mȧ|oW|D�,;��K3\6LDR��}J�0yN:m�v89DEPީ!/[v2�S*4%SЌ�xc&xE�y�?ĵ��#��MPt�[:SA\W �Cr��3қ�S1$(+nNvG�T
g7>��5'O
ע�9m<�`
G6Ζ$߂)0u
9@/7A{}��r@ck~Eߟ�2"�L�)��Ԧ?M�Sw�)+],by �Y3�Ma�p"#Q�#*�^�x�9NAmӕhOɬ�Q7�V0Y c/1+8~m=bu�Vږ*yD1e~}J<3�g(u",@zP�hP+�K�ei$Vi ^s�hՆG��0ޏw�P�|@��xS
b
�Gm;qSr2M����Qm`--N \71Ȟ|Ntu
۲|ږa=r�k��s�bcΜ6�U ���=[=�܋;}#\��91F`=s묞
li12�#,�$$jVI�;;Q0��&iE-ȓl`C�v�_)~ph[?�҈Y�A� wVǰ�YF!Ƨ?�'T�S*�4.>Ͻn̯]2�xDx^]oL�xW%L+DzU]�Z
^chX$_֬="�K�y�'E��=�!`5>g~C{%�9�w�:a0>~09�&rX)>�ٔ6�s�ȃoz�^ɴ�j}�X��XC *f"��ODNű<<�*IDy�)�V�f@�sOg |>"�:xqeQ�g@T,7.K�c�~;�<^e��$�oꎾ�V�;~v��?;Lu~iG a�
ѸT\Ɠ�߶;g�M��nңg7�W'RTF^S$DI;�AHc[''tEg�
6A|>Ðy6�gn&_��!�-2�VjwVVtƦ�I21qz륍.yQ'b"mR?
۔̡r&s.c�M�W\e\)֦O*L���+&|&�R2ֱeRZ`l/Z6w?)9*��
|
Network Security & Hardware 
