When the going gets weird, the weird turn pro. - Hunter S. Thompson

06 May 2006

I opened my hotel room with the cream cheese...

There's a lot of interest in Radio Frequency Identification (RFID) technology in many industries. It allows inventory to be scanned and identified quickly, and is also showing up in "smart" credit cards, building security badges, and similar applications.

Unfortunately, the most common implementation of RFID is basically completely unprotected from hackers with commercial, off-the-shelf equipment:
Located in Rheinberg, Germany, the Future Store is the world's preeminent test bed of RFID-based retail shopping. All the items in this high tech supermarket have RFID price tags, which allow the store and individual product manufacturers - Gillette, Kraft, Procter & Gamble - to gather instant feedback on what's being bought. Meanwhile, shoppers can check out with a single flash of a reader. In July 2004, Wired hailed the store as the "supermarket of the future." A few months later, German security expert Lukas Grunwald hacked the chips.

Grunwald cowrote a program called RFDump, which let him access and alter price chips using a PDA (with an RFID reader) and a PC card antenna. With the store's permission, he and his colleagues strolled the aisles, downloading information from hundreds of sensors. They then showed how easily they could upload one chip's data onto another. "I could download the price of a cheap wine into RFDump," Grunwald says, "then cut and paste it onto the tag of an expensive bottle." The price-switching stunt drew media attention, but the Future Store still didn't lock its price tags. "What we do in the Future Store is purely a test," says the Future Store spokesperson Albrecht von Truchsess. "We don't expect that retailers will use RFID like this at the product level for at least 10 or 15 years." By then, Truchsess thinks, security will be worked out.

Today, Grunwald continues to pull even more-elaborate pranks with chips from the Future Store. "I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!"

Wired: The RFID Hacking Underground

No comments: