Standard Mischief

Ok, so I snagged a copy of Spychips from a local bookseller, a one day before it’s official release date. Just checking Amazon right now, it’s ranked at #61 for non-fiction, probably from pre-orders. I’m finding that very surprising, but that’s exactly what we want. Despite the alarmist tone set throughout the book, RFID tags and related technology really are a threat to our privacy and freedom. I can only hope this book sets off a firestorm. RFID stands for Radio Frequency Identification, and they are little transmitters with unique numbers that can be hidden in all kinds of things.

My own experience trying to relate basic info about RFID tags to others have pretty lackluster. Their eyes glaze over. They nod and switch the subject. They are not alarmed as long as its only used on the “violent felons and child molesters”. You do want to protect our kids from them, right? You ain’t one of those “mark of the beast” holy rollers, are you?

This book does a very thorough job at explaining the potential for the abuse of RFID technology. I’m sure the authors sat around many a brainstorming session to think of every creepy scenario. The book is heavily footnoted, in part, I think, to prevent it from being dismissed as fringe literature and being grouped in with the HAARP weather control gunk, and the flat-earthers.

If you are looking for technical details, this is the wrong place. “Megahertz” is only briefly mentions once, in a sidebar. They only gloss over the difference between “passive” (unpowered) and “active” (contains a battery or other power source, can be read from further away) tags. Perhaps this is for the best.

One disappointment was the lack of a lexicon. I think that the next level of discussion should include language to distinguish the difference between different types of tags.

For example: in chapter 10, there is a discussion of Speedpass, a RFID embedded keyfob, linked to your credit or debit card, that lets you pay for gas and snacks at Exxon-Mobil gas stations. It has already been cracked. I would like this tag to be described as “unpowered” (instead of “passive“). Furthermore, I would also say this tag was “promiscuous” (when activated, it will power up and identify itself to anyone), “silent” (does not let the owner know when it is communicating), and it’s only security is a weak “challenge-response“.

Details of the exploit are on the above linked site, discussion is here, (duplcated from here) but briefly, the fob was brute-forced attacked. The attacker would slide up to the victim and simulate a speedpass reader terminal with a laptop. The attacker would query the speedpass with multiple requests and record the response. The results were crunched to find the internal key of the speedpass, and then the fob was simulated with a laptop at the pump. Because the speedpass is “silent“, it failed to inform its owner, (with a beep or flashing light), that it was being accessed. Because the tag was “promiscuous“, it could be brute-forced anywhere. A simple pushbutton switch added to the speedpass would be a highly effective security countermeasure, and attacker would have to physically hold the button down, while brute-forcing the fob, and if going through all that trouble it’s likely easier for the attacker to just steal the fob at that point. A stronger encryption scheme would help also.

Despite the lack of technical jargon (or perhaps because if it) I’m still recommending this book, especially for the novice. It’s thought provoking and easy to understand.

–
An additonal review by Bruce Sterling, who wrote the book’s preface.

spychips
RFID