Using the RFDump tool, a shopper could covertly rewrite the tag inside the store, creating all sorts of criminal mischief. The shopper could reprogram a bottle of shampoo as cream cheese, or rewrite a pornographic DVD as childrens entertainment, Grunwald said. The trick only works if a shop has implemented automatic checkout, or at least one that doesnt encourage human intervention. Some retailers use a video camera to double-check items, according to a Defense Department IT employee attending the convention. Germanys METRO Group has already deployed an RFID-equipped store in Rheinburg, Germany, complete with self-checkout kiosks. For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.However, the tags require the RF energy to function. Wrapping a tag in aluminum foil blocks the radio waves and prevents a tag from being identified. Security firm RSA Security has also released a so-called "blocker tag" to prevent a shoppers privacy. But RFDump can still access and attack the stored information, Grunwald said. eWEEK.coms Lisa Vaas offers tips for getting ready for RFID. As a proof of concept, Grunwald also added a "cookie" function to RFDump that allows a store to track the number of times a shopper enters or picks up an item. An audience member pointed out that that had serious implications for personal privacy. "You are exactly correct," Grunwald said. "It is a very scary thing." Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.
A second system at the store exit checks to see if the user has paid for all of his items, then supposedly writes 0s in the user ID field, erasing the tag for privacy purposes. Alarms will sound if a shopper attempts to sneak away. One way to exasperate store owners, Grunwald said, is to buy an individual tag, program it with item data, then slip the tiny tag near the gate. After 5 minutes of shrieking sirens, the gate will be turned off, he said.