The 10 mile isn't realistic
if you're happy to use these tags for neferious purposes surely you'll take out the 100ms filter first?
RFID tags can be read at a surprising range, a researcher has found. When he's not listening in to GSM phone calls, Chris Paget has been busy seeing at what distance an RFID tag can be read, managing a respectable 217 feet. Paget also reckons the US military could read an EPC Gen2 tag from 80 miles off, though the connection …
Recall that it was the US that pushed everyone else into making lots of haste with RFIDing passports. And everywhere else, most people do have passports, for various reasons. Everyone else, you _don't_ get a foil jacket with your RFIDed passport. In fact, there's plenty countries where not being able to show one causes a fine or worse legal trouble. So I say: Nice and hateful comment there.
Responsibility? They've heard of it. The state department even spells it in large letters on their website: r e c i p r o c i t y.
Or.... it could be one of the frightening % of people who have no passport because they are either too unfortunate, too lazy or too Luddite to go abroad... they just happened to have a visitor last time you were there!
It's surely no worse for security than the car not in the drive, all the lights are off or the neighbour seen feeding the cat...
In Holland they do things even "better" and thus put your biometric data (fingerprints) onto the RFID chip used in both passports and European ID cards.
And because I trust my government to do everything in its power in keeping this information secured I fried my ID card. One flash, 2 holes and no more RFID.
Paranoid? I don't think so, just protecting my rights because I know how "safe" RFID is. Esp. when a government "designs" the security scheme behind it.
"Whatever the risks, the real joy is in seeing what can be achieved and pushing the technology to its limits, for no reason beyond seeing if it can be done."
And when it can be done every single government in the civilised world will adopt this to surrepticiously spy on absolutely everyone. We are not safe and we are being watched......
"In reality there are several factors which limit the read range to far less than these maximums, and one of the most fundamental may lie in Gen2 itself. There are strict timing requirements placed on both the reader and the tag, with both sides abandoning communication if timeouts are reached. Ironically, this timing restriction may be the ultimate self-imposed limit on Gen2 read range – a 10-mile read range* (for a 20 mile round trip) takes about 100 microseconds, so we still believe that reading RFID tags from more than a mile away is entirely possible."
The 100μs timeout applies at both ends, ignoring it at the receiving end won't stop the chip itself from respecting the limit. I would assume that these chips use some form of request-response type interaction, where the chip is queried and it asks for authentication, expecting it within those 100μs.
*(The actual round-trip distance here is calculated by multiplying the speed by the time taken, c x 100μs = 3e8 m/s x 1e-4 s = 3e4 m, which is 30km, or 15 km each way)
Warning: Armchair physics reasoning ahead...
This could be easily circumvented by changing the timestamp of the signals from the transmitter, assuming that's how the chip knows the "time". Even if the chip records the last "time" there was a communication, without the power of the signal, there is nothing for it to run an independent timer to verify that the next signal was transmitted within the timeout period.
Because of this, once the range is known, the transmitter could modify the timestamp to fool the chip into thinking the 100μs have not elapsed...
Unless, of course, the 100μs is how long the signal powers the chip... so that if the chip loses power, it automatically "forgets" the conversation, forcing the timeout.
It should still be possible to get the data you want. Assuming the timing remains fairly consistent between two reads, one could create a reader that reads a tag once, times the response based on round trip, forms a response based on the received packet, then transmit a second read request, closely followed by the response packet. Assuming the response doesn't change between reads, one should be able to read up to the maximum distance.
Granted, the hardware required would be complicated, but it is possible.
since the rfid is passive how can it enforce a time out; it uses the power if the incident signal to impose a digital signal on the 'reflection' (it's actually a parasitic oscillator at work so not really a reflection just good old 'Q' at work).
The rfid tag is dumb - so tickle it with the right frequency and listen for the 'reply' - basic radar; sonar; lidar technology; so not only do you get the information you also get the range to within a few yards(/metres) and bearing.
Of course; not only is the power a factor; but also the curvature of the earth and the atmospheric conditions. The absolute range is proportional to the power^2 AND the sensitivity of the receiver AND the signal path; but if you're not bothered by licence (or health) restrictions; then several miles should be easy. And that's before you start using diversity reception.
my coat is the one with kitchen foil lined pockets
Or, as is currently happening in the US:
"Sorry, sir, but we have a warrant to search your home and outlots. See, you bought Brand X of shampoo, and Brand Y of cough syrup, and Brand Z of incent repellent. You bought these at different times in different stores, and this matches the pattern of a Meth Lab. Please follow this nice officer as he handcuffs you and places you in the back of his patrol car, for your protection..."
This IS HAPPENING NOW in the US. Wal-Mart... "Always" is more than just a slogan...
We knew that anyway. The ones proposed for vehicles are battery powered, and have a larger design range than the unpowered ones. Which, of course, opens up a whole host of possible ways to screw their operation, all of which I shall be investigating should they ever become compulsory.
GJC
So, those new Visa "PayWave" cards will really be a wave of crime, then? Ignoring the fact that stores will be able to track you all the way round the mall to map out your shopping prefs, crims will be able to clone your card from the other side of town! No PIN to worry about now for Mr Shay D Karactor, and now he doesn't even have to walk behind you and scan your backpocket (see http://www.engadget.com/2008/03/19/rfid-credit-cards-easily-hacked-with-8-reader/), he can sit comfortably in his car in the carpark and scan you as you walk into the mall. I expect the next "must-have" accessory to be wallets lined with metal mesh or tinfoil.
/Yeargh!
Ok, that wasn't an $8 reader from ebay, it was part of a POS device. He can't sit in a car and read cards, he said that he thought he may be able to do that, but this would be far over the effective range of NFC. He keeps refering to the cards as RFID when they are NFC. He says that the decryption should happen in a datacentre when the whole point of paywave is that it happens locally, so you don't have to wait for a connection to a datacentre to be established. Also, there is absolutely no verification that he is doing what he claims, the reader goes beep and he says, "look at the screen". Furthermore, as I understand the operation of paywave type cards, they have a separate "card number" for the paywave part of the card and while it is implied that having the credit card number is "bad" he doesn't even imply that he would be able to create another card with this data. I could go on...
All in all, I call FUD.
Forget 'less respectful', they most likely don't even know what a 'ham' is.
And if you shop at the Gap or Walmart your clothes will be good substitutes for radar reflectors, some garments have more than two RFID.'s in them.
RFID's can be neutered by placing the object in a microwave oven, along with a mug of water, and turning it in high for a minute.
This post has been deleted by its author
Two things:
1) Passports, bank cards etc use NFC, which can currently only be ramped up to 50cm max, more realistically about 5-10cm. NFC is not the same thing as RFID.
2) You may be reading an RFID at X miles, but how do you target a specific tag, rather than just the first one that comes back? The chances are that there will be a fair few RFID tags in and direction you choose to look.
The standard specifies that passport RFID chips must function up to _at least_ 20cm. That doesn't mean it guarantees all passports will not repond when held at 21cm. What this is about is how far you can stretch things, regardless of standard. As it turns out: Quite a lot. Even stretching to just a yard may be more than enough.
Maybe you find it hard to believe, but it's the same principle as a lock manufacturer saying "this lock ought to only work with this specification key", and then someone comes along with a lock picking set and opens it anyway. We all know it works that way; no reason RFID should magically be different. It's been up and down the news several times already that, surprise, it in fact is not at all different from everything else we make in that respect.
Similarly, sometimes you don't care what tags you read, just that they're part of some class, like, "contactless payment cards with at least a tenner on them", and then you trigger a transaction to transfer, not to be overly greedy, 9.99 to you. Walk up and down a busy shopping street, loiter a bit in a mall, and you'll have easily filched a couple hundred, maybe a couple thousand. Then scram and try again in a different part of town, or a different city altogether.
Or, sometimes you don't care what else you read. If you can read tag X within the range of your device, distance Y, you can draw conclusions like, well, since tag X is subject Z's passport RFID tag (or simply the one in his oyster or barclay card, his employee access badge, a tag factory sewn into his shoes, the one implanted in his dog, what have you, any will do), then that's likely Z within Y right there. That already enables surveillance by some unobtrusive logging device stuck on a wall, hidden in some other device, and so forth and so on. Or you could trigger a detonator. Why not.