Firing a Locked Smart Gun
The Armatix IP1 “smart gun” can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable.
Page 1 of 8
The Armatix IP1 “smart gun” can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable.
They’re for carrying cash through dangerous territory:
SDR Traveller caters to people who, for one reason or another, need to haul huge amounts of cash money through dangerous territory. The bags are made from a super strong, super light synthetic material designed for yacht sails, are RFID-shielded, and are rated by how much cash in US$100 bills each can carry….
Interesting speculative article.
The stealing of hotel towels isn’t a big problem in the scheme of world problems, but it can be expensive for hotels. Sure, we have moral prohibitions against stealing—that’ll prevent most people from stealing the towels. Many hotels put their name or logo on the towels. That works as a reputational societal security system; most people don’t want their friends to see obviously stolen hotel towels in their bathrooms. Sometimes, though, this has the opposite effect: making towels and other items into souvenirs of the hotel and thus more desirable to steal. It’s against the law to steal hotel towels, of course, but with the exception of large-scale thefts, the crime will never be prosecuted. (This might be different in third world countries. In 2010, someone was sentenced to three months in jail for stealing two towels from a Nigerian hotel.) The result is that more towels are stolen than hotels want. And for expensive resort hotels, those towels are expensive to replace.
The only thing left for hotels to do is take security into their own hands. One system that has become increasingly common is to set prices for towels and other items—this is particularly common with bathrobes—and charge the guest for them if they disappear from the rooms. This works with some things, but it’s too easy for the hotel to lose track of how many towels a guest has in his room, especially if piles of them are available at the pool.
A more recent system, still not widespread, is to embed washable RFID chips into the towels and track them that way. The one data point I have for this is an anonymous Hawaii hotel that claims they’ve reduced towel theft from 4,000 a month to 750, saving $16,000 in replacement costs monthly.
Assuming the RFID tags are relatively inexpensive and don’t wear out too quickly, that’s a pretty good security trade-off.
Cool idea, or dumb idea?
Its features include:
- Fingerprint access only
- Bluetooth enabled for notification alerts—automated notification via bluetooth if your wallet strays more than 10 feet from your body
- Protected against RFID electronic theft—the case shields all contents from RFID scanners
This research centers on looking at the radio characteristics of individual RFID chips and creating a “fingerprint.” It makes sense; fingerprinting individual radios based on their transmission characteristics is as old as WW II. But while the research centers on using this as an anti-counterfeiting measure, I think it would much more likely be used as an identification and surveillance tool. Even if the communication is fully encrypted, this technology could be used to uniquely identify the chip.
Pretty clever (for a pig, that is).
EDITED TO ADD (10/10): Better link for video.
It’s easy to clone RFID passports. (To make it clear, the attacker didn’t actually create fake passports; he just stole the data off the RFID chips.) Not that this hasn’t been done before.
I’ve long been opposed to RFID chips in passports, and have written op eds about them in the International Herald Tribune and several other papers.
EDITED TO ADD (2/11): I got some details wrong. Chris Paget, the researcher, is cloning Western Hemisphere Travel Initiative (WHTI) compliant documents such as the passport card and Electronic Drivers License (EDL), and not the passport itself. Here is the link to Paget’s talk at ShmooCon.
Seems that the idea was killed by lawyers under pressure from the credit card industry. Or maybe not; the person who started this rumor has retracted his comments. Or maybe those same lawyers made him retract his comments.
Don’t they know that security by gag order never works, except temporarily?
The headline says it all: “‘Fakeproof’ e-passport is cloned in minutes.”
Does this surprise anyone? This is what I wrote about electronic passports two years ago in The Washington Post:
The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a “meaningless stunt,” pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years.
This is perhaps the greatest risk. The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won’t see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding.
Sidebar photo of Bruce Schneier by Joe MacInnis.