Why repair when you can litigate?

Wednesday, February 28, 2007 | 1:00 pm

It seems to be pretty commonly accepted right now that RFID chips (small chips using radio waves to identify themselves to a supposedly nearby scanner) are hopelessly insecure and easily duplicated. This technology may be in a few things you own, such as some smart credit cards, student ID cards, and now all new passports in the US, UK and other countries. It has been demonstrated before that a bunch of cheap Radio Shack electronics can scan/record an RFID chip froi a short range while you carry it in your pocket. Thus without the need to actualy have physical access to the item, you can possibly be identified, or "copied".

But like the multitude of potential security breaches raised against voting machines, the best approach by the companies involved seems to be to keep concealing their code, and threaten or press release your way out of the public's attention span. Marketing budgets are bigger than tech budgets it seems.

The most recent example of this is the threat from manufacturer HID Global (a name that seems unfortunately close to a well known disease?) to a bloke intending to demonstrate the insecure nature of RFIDs at a very well known hacker conference in CA. The legal threat was that he is infringing their patents by building a home made scanner that can clone their RFID.

I can understand the easy validation that he is showing people how to do something bad, but in this day and age of global communications, youtube instructional videos, and searchable knowledge via your "series of tubes", does anyone still believe that concealing such things makes an insecure system more secure?

The best comment in the Wired article was this one:

"I'm sure burglars, identity thieves and others who misuse insecure RFIDs for personal gain will be deterred by the years of messy patent litigation they'll face if they start hacking RFIDs."

This somehow reminds me of DRM. Most DRM systems, designed to generate more money for distributors from the same content, seem to function primarily by making it harder for legitimate purchasers of music/content to transport it as they wish (e.g. download on PC, burn to disk, play in DVD player, add to iPod). But all the while it fails to stop the thieves who are really hell bent on misusing it, through large-scale duplication and resale.

We generally good citizens understand the need for such things, but are the implementations really serving the people it is intended for, or hindering/exposing them to uncessary risk for the sake of new business contracts?

Labels: ,


Post a Comment

Links to this post:

Create a Link

<< Home