Monday, December 08, 2003
RFID tags and denial of Service
There have been some cases recently of hackers using denial of service as a means of extorting money from companies.
RFID tags will offer a new route, and probably even more effective. Let’s take an example of Marks and Spencer. Let’s say they have a RFID point of sale system. A prospective blackmailer goes and buys a selection of lingerie. They now read the signals from the tags.
Now, they set up a transmitter outside a store with a higher power than a tag. Now they generate lots of signals for lingerie. Every time someone goes in the store, suddenly lots of knickers start appearing on their bills. Very quickly, M&S would end up with a real trust issue with the public.
Alternatives are just sending a more powerful signal than a tag. Since many tags are not battery based, a small battery based transmitter would send a stronger signal. It would be very difficult tracking down something the size of a pound coin, hidden in the locality of a point of sale system, or any other reader.
Nick
RFID tags will offer a new route, and probably even more effective. Let’s take an example of Marks and Spencer. Let’s say they have a RFID point of sale system. A prospective blackmailer goes and buys a selection of lingerie. They now read the signals from the tags.
Now, they set up a transmitter outside a store with a higher power than a tag. Now they generate lots of signals for lingerie. Every time someone goes in the store, suddenly lots of knickers start appearing on their bills. Very quickly, M&S would end up with a real trust issue with the public.
Alternatives are just sending a more powerful signal than a tag. Since many tags are not battery based, a small battery based transmitter would send a stronger signal. It would be very difficult tracking down something the size of a pound coin, hidden in the locality of a point of sale system, or any other reader.
Nick