A pretty cool song about RFID and RFID hacking from Monochrom.at.

Written and first performed at 23C3 (23rd Chaos Communication Congress) in December 2006 in Berlin as part of monochrom’s ‘Proto-Melodic Comment Squad’.

Users, there’s trouble ahead
I said users, it is totally sad
But users, the future lies in your hand
Cause it’s all about surveillance

Comrades, you don’t know what I mean?
Well comrades, there’s new tech on the scene
Come on comrades, stand up fight for your right
There’s a need for your experience

It’s fun to hack the RFID
It’s fun to hack the RFID
Technology is just a matter of choice
You can microwave all their toys

It’s fun to hack the RFID
It’s fun to hack the RFID
They want to store everything about you
But there’s plenty of things you can do

w00t!

You can download the mp3 versions here:

RFID Song (Bratlfettn Version) [MP3, 2:42]
RFID Song (Rohkost Version) [MP3, 2:34]

The full lyrics are available here:

monochrom: RFID song

RFID, biometrics, hi-tech police officers, yes it’s all going to be happening in Germany for the close approaching World Cup 2006.

Not surprisingly, security is a top priority for the German government, even higher than its desire to see the national team walk off the pitch with the World Cup 2006 trophy.

The list of security precautions the government is taking is substantial. It begins with the use of RFID (radio frequency identification) technology. More than 3.5 million tickets for the 64 matches will be sold with an embedded RFID chip containing identification information that will be checked against a database as fans pass through entrance gates at all 12 stadiums.

Organizers have asked everyone requesting tickets to provide a wealth of personal data, including name, address, date of birth, nationality and number of ID card or passport. Never before have fans attending an event organized by the Federation Internationale de Football Association (FIFA) been required to provide so much information about themselves that can be accessed so quickly.

Seems like a massive anti-terrorism initiative, but well, all of these things can easily be falsified.

There’s a mammoth security control center containing 120 people watching monitors.

Another special group, the Central Sports Intelligence Unit in Neuss near Dusseldorf, is receiving thousands of tips from authorities in nations competing in the World Cup. Its database includes information on 6,000 hooligans who are already known to police and pose a direct threat.

Many of the security systems and procedures were tested during the Confederation Cup soccer tournament in Germany last year.

More than 30,000 federal police officers will be on duty during the games. Some of them will be equipped with mobile “fast identification” fingerprint devices. Fingerprint data captured by the optical devices will also be matched against data stored in the central database of the German Federal Intelligence Service.

Fast identification fingerprint devices…sounds a bit sci-fi right. Technology is indeed catching up, so the hooligans better watch out. But well, if your fingerprints aren’t in the database they can’t flag you right?

Better wear some ultrathin latex gloves ;)

Source: CSO Online

This a very interesting read, the tale of an RFID hacker.

I was always sceptical about RFID I have to say, when everything is tagged, criminals can just drive by your house and scan everything, see what TV you have, which DVD player, how many high value electrical goods, and choose which houses they want to burgle.

The governments can install RFID readers in lamposts everywhere to track your movements from the RFID tags in the underpants you just bought..

Am I being paranoid?

James Van Bokkelen is about to be robbed. A wealthy software entrepreneur, Van Bokkelen will be the latest victim of some punk with a laptop. But this won’t be an email scam or bank account hack. A skinny 23-year-old named Jonathan Westhues plans to use a cheap, homemade USB device to swipe the office key out of Van Bokkelen’s back pocket.

“I just need to bump into James and get my hand within a few inches of him,” Westhues says. We’re shivering in the early spring air outside the offices of Sandstorm, the Internet security company Van Bokkelen runs north of Boston. As Van Bokkelen approaches from the parking lot, Westhues brushes past him. A coil of copper wire flashes briefly in Westhues’ palm, then disappears.

The guy can clone the signal, then reverse it and play it back to the card reader in your office, bingo, he just broke in without raising any alarms.

Van Bokkelen enters the building, and Westhues returns to me. “Let’s see if I’ve got his keys,” he says, meaning the signal from Van Bokkelen’s smartcard badge. The card contains an RFID sensor chip, which emits a short burst of radio waves when activated by the reader next to Sandstorm’s door. If the signal translates into an authorized ID number, the door unlocks.

The coil in Westhues’ hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen’s card for processing. Then, satisfied that he has retrieved the code, Westhues switches the cloner from Record mode to Emit. We head to the locked door.

Source: Wired