SureFlap Review: The RFID Catflap

SureFlap Review: The RFID CatflapEver had the problem of random cats appearing in your house, stealing food or worse marking their territory? Well SureFlap have the answer for tech fans, an RFID catflap.

The catflap has an RFID sensor mounted in the housing and as your cat goes into the “tube” part of the unit, the sensor reads the microchip implanted in your cat and opens the latch. Other cats trying to gain access will be rejected.

Continue reading SureFlap Review: The RFID Catflap

RFID: Government Too Shambolic To Spy

The “wireless tag” business isn’t just for tracking prisoners out on probation: it’s also for tagging holidaymakers and train travellers.

So the news that you can hack a computer system by embedding a virus into an RFID tag wasn’t welcome in RFID circles, and the news that people at Great Wolf Resorts are tagging themselves on purpose, was, very welcome, indeed.

The problem with RFID tags is unlikely to be hacking. The exploit, unveiled by Dutch researchers, worked. Researchers at the science faculty of the Free University of Amsterdam put unexpected data into a tag, which caused a buffer over-run when the system read it.

The RFID industry responded with some optimistic explanations of why it won’t work in real life, including the suggestion that “some tags aren’t rewriteable, so it can’t happen” and (more impressively) “a well designed system would trap that hack.”

The idea that an RFID scanning system would be safe if it expected only permanent tags, is exactly the problem that the Dutch researchers were exposing, of course. The true tag may be read-only; but there’s nothing to stop a hacker producing a phoney tag that matches the signature of the real one. And the problem is exactly the expectation of the system designer. A complacent designer says: “There’s no way these tags can compromise the system, therefore we don’t have to set checks” while the competent designer says: “Who knows what random data might get in? – let’s design this system to be secure!”

Now that the theoretical insecurity is exposed, says AIM Global (the industry body that promotes RFID), systems will be secure. That sounds right.

But the problem with RFID isn’t what most people think. All sorts of scare stories have been printed, based on the idea that if you have an RFID tag, someone can track you as you move around the city.

This story comes from the way the tags work. They have no power, these tags; instead, they are activated by a coil, picking up power from the activator. Most people in London will be familiar with these: the entrance to every Tube station now has the yellow Oyster “touch in, touch out” sensor, which activates the tag in your card, and updates it.

The theory is that the tag will only get enough power to start transmitting if it is within a couple of centimetres of the activator. However, it’s been shown that you can use a focused beam to trigger the tag from a considerable distance – several metres, for sure, and perhaps several dozen metres.

Equally, you can read them from further away than the spec suggests. All you need is a particularly sensitive receiver.

The risk to civil liberties may be imaginary, as you can quickly see from the trouble prison officials are having with tagging of criminals. Putting a tag on someone’s wrist or ankle is easy enough, but reading it requires two essential steps. First, the tag has to be there (people have been merrily removing their tags so as to go out to the pub after curfew!) and next, it has to be unshielded. A simple aluminium foil shield around the tag, and it becomes invisible.

The Grand Wolf tags work on the assumption that people want to be tagged in and out of the holiday centre, so that they don’t have to be searched. Try using the same technology for tracking a prisoner on probation, and the system quickly falls apart.

What would work, would be a system which constantly monitored where the tag was, and was embedded into the skin (as with Professor Kevin “Cyborg” Warwick of Reading University, who wore a dog tag for a week) or into a tooth – so that if the user shielded it, it would instantly vanish from the map, causing an alarm. It would work – but it would require thousands and thousands of activators, all working at long distance, everywhere the user was likely to go.

The Oyster system for London Underground is to be extended so that it works on UK railways generally. That will show where the real problems are – and as any Oyster user will tell you, they are already baffling Transport For London. Travellers find that their cards beep at them as they go through the gates, saying “Seek Assistance!” – but when they present them at the ticket office, the staff say “Nothing wrong, go away.”

Clearly, there is something wrong. Clearly, the complexity of the system is too great for unskilled staff to diagnose faults. That’s where RFID opponents ought to focus their concerns – not on imaginary Sci-Fi scenarios with Big Brother spies and dog-tags under the skin, but on simple systems management.

Usability is far harder to get right than people think.

RFID’s Are Go: Ofcom Extends UK Frequency Range

RFID's Are Go: Ofcom Extends UK Frequency RangeOfcom, the UK uber-regulator, has today announced that they have removed the licensing restrictions on the frequency that radio frequency identification(RFID) tags use.

The currently spectrum available is limited to the range 869.4 to 869.65 MHz. The new position will make the range much wider, stretching between 865-868 MHz range.

The extension isn’t a great surprise as, for a number of years, there has been great excitement in industry as to the possible uses of RFID. The much used example is to improve the efficiency of handling goods in a warehouse, where items within a crate are wirelessly read, and their number deducted from the known stock list automatically as they leave the warehouse.

Many have voiced concerns about the privacy problems of information being remotely read about a person, using RFID, without their knowledge, or complicity. Their oft cited, but basically harmless example is of each item of clothing that a person is wearing being read as they walk into a shop.

Ofcom say that when coming to their decision, they considered two main issues. The first, the potential of interference from RFID devices, concluding that current legislation of output levels covered this. Secondarily, the economic costs and benefits. We quote

Ofcom conducted an impact assessment which found that the potential net benefits to businesses (through better inventory management and improved security) and consumers (if savings were reflected in lower prices) would be £100 – £200 million over 10 years

Benefits are clear for business, as efficiency is improved, by removing employees from the equation. Those to the consumers are less clear, as we can see Ofcom effectively acknowledge in their bracketed ‘if savings were reflected in lower prices’. Given what we know about the pursuit of profit, we see this as a very large If.

RFID's Are Go: Ofcom Extends UK Frequency RangePerhaps the revealing section in Ofcom’s announcement is that they “seek to deregulate in order to increase the amount of licence-exempt spectrum used by businesses to bring new technologies and services to the market.” (Our stress).

It could be argued that Ofcom are losing site of their statutory dutiesunder the Communications Act 2003 – to look after the interests of the public. Specifically, quoting from the Ofcom site (again our stress).

3(1) It shall be the principal duty of Ofcom, in carrying out their functions;
(a) to further the interests of citizens in relation to communications matters; and
(b) to further the interests of consumers in relevant markets, where appropriate by promoting competition”

The above is listed on the ‘about section’ on Ofcom’s site .

Ofcom’s full statement (PDF)
Wikipedia RFID

Viagra to Use RFID to Highlight Fakes

It has been claimed that 50% of the Viagra offered over the Internet is fake. Given this and the fact that Viagra had worldwide sales of nearly $1.9 billion last year, it pays Pfizer to protect its product.

Pfizer have announced that by the end of next year they will be shipping Viagra bottles with Radio Frequency ID (RFID) tags built in to them. The tiny RFID tags will give them the ability to trace the shipments from factory to shop, while giving the purchaser the confidence that the goods are genuine.

The subject of RFID has proved controversial. Many businesses are enthused by the potential of the technology in further automating their supply chains while some groups feel that individuals privacy could be compromised the technology. If RFID tags were fitted to clothing, a shop would be able to ‘read’ which clothes a person was wearing as they walked through the door.

It’s unclear whether purchasers of Viagra will be happy to walk around with a bottle that could be remotely detected.

Pfizer

QUICPay Using RFID in Tokyo Taxi Payment Trial

News reaches us that a Japanese credit card company, JCB International, is starting a two-month trial in November of a contactless payment system using mobile phones.  It’s called QUICPay and the guinea pigs will be taxi drivers in one of the world’s busiest cities, Tokyo. The exercise makes sense in Japan where it has been found that people use cell phones more than they use credit cards, and the Kanachu Hire taxi company will make contactless payment history.

QUICPay will be tested with NTT DoCoMo mobile wallet service handsets that are embedded with Sony’s FeliCa IC chip.  When the phone is presented within ten centimetres of the QUICPAY RFID (Radio Frequency ID) reader, it will determine the balance stored on the customer’s chip, automatically deduct the fare and reset the chip’s balance.  The QUICPay (“Quick and Useful IC Payment”) amount will then be billed to their existing credit card just like any other card purchase.

QUICPay can skip the authorisation process because it can instantly determine the balance that is available on the chip. The great thing about this system is its immediacy.  How often have the seconds turned to minutes and the minutes multiplied while you waited for the shop assistant to move heaven and earth to finalise your card transaction? In contrast to this a QUICPay offline payment transaction can be done in seconds and what’s more, no signature is required. 

While this trial is using only phones, it will be possible to embed the chip in a credit or other plastic cards in the future. If the experiment is successful JCB hopes to introduce the technology to convenience stores by 2006.

As far as we’re aware, there is no ‘keep the change’ option on QUICPay, so if the system becomes universal and moves us ever closer to a cashless society we’d better find another way of tipping.
 
Other mobile phone-based payment systems such as SimPay are being actively pursued. What isn’t clear is what transaction fees the handler will remove. Given it is all electronic, one would hope they would be negligible.

JCB International