Schneier on Security
A blog covering security and security technology.
« RFID Security Analysis |
| Garbage Cans that Spy on You »
March 3, 2005
Posted on March 3, 2005 at 3:00 PM
• 26 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
anyone else notice their dysfunctional form?
[form action="http://www.queensferry.com//cgi-bin/formmail/formmail.pl" method="post" name="frm"]
If this thing worked, couldn't you just walk through a WalMart and cause all kinds of mischief when they decide to tag individual items?
Ha ha! I like the fancy status LEDs.
The Somalis seemed to have a knack for using low-tech methods to destroy RFID tags during the U.S. mission in Mogadishu.
Most methods lack a slick interface, but you could cut the antenna in a tag, puncture it, crush it, or pulverize it. Burning or microwaving will destroy an RFID chip, although the resulting fire will be hard to contain to just the tag.
They are only showing a part of the device on the webpage. In reality it is really mounted on a big hammer.
Check the disclaimer: "Due to the nature of the RFIDWasher product Orthic Limited cannot be held responsible for the use or mis-use of this product. The product has been designed for use once products have been purchased and is NOT for use prior to purchase (i.e. within retail stores and outlets.)"
Interesting that this company trademarked "RFIDWasher" since washing (and drying) do not harm the tags at all.
Probably the best thing to do is to figure the remote-programming methods, and use them. Seriously, though, detecting RFID tags is easy. Removing them may often be a matter of using a good pair of scisors. Of course, this isn't a solution when the tag is someplace where removal effects the item in important bits. But if it's on the tag, just take off the blasted tag. It probably itches anyway.
If true this gadget might affect suppliers to the large chains like WallMart. Suppliers get hit with penalties if their bar codes fail to scan at checkouts (UK Tesco's penalties start at a warning up to IIRC GBP150 fine per misscanned item). Imagine what havoc an RFID zapper could cause.
They have this little text on their page:
'"RFIDWasher" and "Be Free of RFID" are registered trademarks of Orthic Limited. All other trademarks are acknowledged.'
"Our Patented RFID product allows you to locate RFID tags and DESTROY them FOREVER!"
Patened, huh? I searched the USPTO database for "Orthic Limited". That ought to hit on the assignee name, at least. No hits were returned.
Of course, Orthic Limited could be a subsideary, and the parent corperation owns the patent. Or it's a sole proprietership and the owner has the patent under their own name. But neither of those seem right to me, for some reason. Maybe I'm just paranoid.
This must be a hoax. Or worse. Maybe some nasty folks want to collect valuable personal data...
Is this a hoax? Maybe not, at least the register form seems to be real...
Excuse my ignorance:
Although this product looks thoroughly specious, I don't understand why such a product couldn't exist in some form? For example, something along the lines of this slashdot comment: http://slashdot.org/comments.pl?...
To destroy such a RFID you have to build a device wich is capable to generate an electromagnetic field with huge energy. Such a device must generate a field that induces so much energy that protecting diodes or the antenna burning up. So it's a hoax.
In answer to Russ Meyer's comments about the huge amount of energy being required.
Most RFIDs get their power from the antenna, the frequency of operation is known, and as Tessla showed it does not require large amounts of energy to generate very high voltages. All semiconductors will fail at some voltage (some fail open circuit some closed circuit) this includes protection diodes.
All Semiconductors are destroyed by heat either from their internal operation or applied externaly. The design of an RFID realy precludes the disapation of heat from the device so you could work out the minimum amount of energy required to raise the device temprature by say 250K. Then all you have to do is work out an efficient way to couple the energy into the device.
As for generating the energy think of the following, a person goes out and buys an inexpensive microwave oven (100 USD), brief case (30 USD) and an APC UPS (200 USD). They strip the guts out of the microwave oven and install a horn antenna onto the magnetron output (from a design for a WiFi or ammatur radio antenna they have seen in some mag or on the net). They then strip the casing of the microwave and UPS and put the whole lot into the brief case along with a button mounted on the handle.
This sort of setup can cook a pork chop from raw to well done inabout thirty seconds, how long is an RFID likley to survive, try putting an old calculator in a microwave for a couple of seconds and see how well it works afterwards.
By the way if you belive what you read on the web this setup is a low end HERF Gun.
At first I thought this was a publicity stunt, but now I'm not so sure; Orthic Ltd. is an actual registered IT company (in Glasgow) and are the actual registrants of the website. On the other hand it is indeed difficult to see how a device of that apparent size (assuming standard size LEDs) could generate enough power to do the job. Perhaps they are actually only planning to implement the RFID "suicide command"? If so, will readers of this blog be trusting enough to rely on the chip's promise to really play dead forever?
Where I live they haven't started using them yet, but when they do, I plan to microwave most things I buy. (So, you only need 1 microwatt, little chip? Let's see how you like 1 BILLION times too much power! BWA HA HA HA!) Sure, my jeans will have little scorch marks around all the rivets, but that will just add a little cyberpunk chic.
However for expensive non-microwaveable items, a small scanner that can pinpoint the tag would be handy. Once you know exactly where it is, for expensive items you can afford time to figure out how to kill it on a case-by-case basis. Usually a quick dab with a temp. controlled soldering iron should do it. Check again with the scanner to make sure.
I registered with these guys, and was also curious to see if this was a hoax - however they do answer emails and the Orthic guys are very serious - RFIDwasher is due to be launched at the end of the year - if they get it right I suspect they will make a fortune. They are not very forthcoming about how the product works (understandably).
IIRC, Zippo has been making RFID washers for years, but they've been cleverly marketed as "lighters"
I like your Zippo 'lighter' comment - as you know sticking your polo shirt in the Microwave will also destroy the RFID tag - however this UK based company appear to have created a product that destroys the tag without setting fire to your new polo-shirt.
Good luck to them - I'm also not sure how they do it - someone in another blog seems to know one of the guys and says he has done some innivative stuff in the past - so it could be real.
You seem to have a fetish with leather with is or at least was a fairly serious blog about rfid related security issues - if someone has really got an 'rfidwasher' whatever that means - I'd like to beta test it for them - wonder how much it is going to be sold for ? Probably a lot cheaper than your leather jackets but maybe not quite as kinky -> eh Sir :)
p.s. I'm not sure I like the name rfidwasher.com - it suggests washing machines to me - but then again I do not like the names Nike, Coca Cola - so who am I to talk about branding :(
The washer is just a copy of what the tagzapper does. i know someone who was just invited to get on the list for a tagzapper. i know tagzapper is the real deal. this guy in korean helped with that project, cheers! RFID wash HAH! HA!
Interesting Stan. I have tried to contact TagZapper at the email address on their website and it just bounces. Have you had more luck?
I did get a response from the guys at RFIDwasher though!
Does the guy from Korea know when TagZapper is coming to market?
TagZapper emails simply bounce and yes I think they are possibly a hoax.
RFIDWasher do reply to emails and update their website with excellent news items on a daily basis - worth a visit just for the timely RFID news. However are they serious - no idea - only time will tell - I've done some background reading on the company and even know someone who claims to know the person behind Orthic Limited - seems to have been a fairly successful entrpreneurial type in the past - not sure if he has bitten of more than he can chew here - we all await with baited breath. I have of course filled in my form on their website - at least to claim my 50% of discount if and when it does arrive.
Hi. I'm a reporter working on a story about concerns about RFID -- and emerging products (legitimate or otherwise) being marketed to allow people to block, disable, or shield themselves from RFID tags. These products can be found pretty easily on the internet -- but what I'm wondering is -- Who's going to buy them? I would like to talk to some people who do have genuine concerns (whether they'd buy these products or not) about RFID tags and believe there is a need for some kind of protection for consumers.
Please email me at firstname.lastname@example.org and I will contact you privately.
Thanks in advance for any help,
I need strongly the RFID washer to delete all my chips from my body, abdomen (liver, stomach, intestines, uterus), back of my head, both breasts, both legs and more, that were inserted illegaly by people who want to kill me. They shoot me from their cellphones causing me severe pain. At night when I sleep they shoot me with the RF all night that I wake up with severe pain.
My e-mail: email@example.com,ph:(519)572-4039, Canada.
Please respond ASAP.
UK government is monitoring IDcard resistant groups, so take care with your ID on sites like this.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.