But I remembered the 2006 Black Hat Briefings (probably the premier computer security conference), where I listened to some folks talk about how you can make malware that spreads from RFID chip to RFID chip via the reader.
"Hmmm," I said to my self, "I wonder what you could do to give the hypothetical Officer Friendly an interesting day when he scans your heater?" And since this scanning can be done from some distance away as you lawfully carry your piece, the opportunities for fun and games are probably legion.
Note that IANAL, but it's hard to see how you could be prosecuted under existing anti-hacking laws. After all, the sum total of what you would have done is simply to put data on your own property. You never accessed any computing device owned by anyone else. They accessed yours.
Of course, I only use my Powers for Good, but the Black Hat presentation gets interesting around slide 18, and particularly interesting around slide 23. Given that the RFID reading system and its backend database are administered by incompetents, it's very likely that a RFID payload delivering a SQL Injection attack could wipe out the entire database of scanned guns.
Like I said, I only use my Powers for Good. But it's astonishing how the world is filled with people who think they're smarter than everyone else, and that they understand everything worth knowing about something, and how their Cunning Plan could never, ever, bite them in the butt.
Note to Chiappa: if you scan guns returned for service (almost a dead certainty), your p*ssed off customers could go this to you. A little humility is perhaps called for, when your shorts are down around your ankles, security-wise.
GENIUS!
ReplyDeleteYeah, what TJIC said.
ReplyDeleteWe mortals are lucky that you white hat guys are out there, but the hair on the back of my neck hasn't settled down from the post you did a few months ago about "the good guys should just admit we lost, the security was is over".
Like it!
ReplyDeleteWhile I spent most of my "trade" life making multi-kilowatt (35 KV @ 10 Amperes per device in one case) electronic apparatus work as intended, often when the designer seemingly did not, RFID chips did not escape my attention.
ReplyDeleteEssentially, they operate on the 13.56 mHz Medical, Scientific, and Industrial band. The presence of a sufficiently strong RF pulse causes the RFID chip to squeal a response. The intensity of the response depends on the size of the chips antenna and the distance from that antenna.
Not to quote Kraus or Douglas to any great extent, but the efficiency of the tiny antennas in the tiny chips is dreadful. The squeal is a few microvolts at a centimeter.
Giving a practical range for the tiny chips of a few inches, and for the combined customs/bill of lading size RFID responders of 100 meters or so. But it would be hard to stuff a bill of lading into a handgun.
Since the Italian Government, actually the Customs Service, requires such devices on all exports I cannot fault Chiappa, Beretta, Benelli, Tanfoglio, or the rest of the IT arms industry for including a chip in each gun shipped.
But given the limited range of RFID chips suitable for inclusion inside handguns, I cannot say I am much troubled by it either.
And, if it comes to that, I am sure someone could and would clone the commercial chip programmers. A million chips programmed "Winchester 73 s/n 100001" would be interesting.
Stranger
Meh... lousy gun, lousy PR, WHY should I buy one??? Re the RFIDs, you 'can' do some interesting things with them... and at more that a few inches too :-)
ReplyDeleteI'd buy one just to implement the melt-down plan since they already got a reputation for needing service-work.
ReplyDeleteamish - no I'm not.
Or, "How to destroy your company's reputation in one email."
ReplyDeleteThe RFID powerpoint was scary, even if some of it is above my head. Once again people fail to see that it's not the implement, it's the intent that is the problem.
Just as with firearms.
I'd like to laugh at that, but I'm too busy writing it down.
ReplyDeleteDamn, and here I was just going to look for the guy with the reader and hit him in the kneecap with a lead pipe...
ReplyDeleteDamn, now I want one so I can play around with their minds.....
ReplyDelete@Stranger: the problem isn't really the RFID chip itself, they're easy enough to disable if nothing else, the problem is the PR response.
@Graybeard: I coulda told you that and I'm just the lucky average Joe (Jane?) who gets to fix all her friends computers, not a professional in the field!
Remind me not to get on Borepatch's bad side.
ReplyDeleteI remember seeing the post where someone put a banner on the back of their car with a drop table for the stupid license plate OCR scanner on the red light camera. This is even more ingenious.
ReplyDeleteHere we sit worried about Faraday cage wallets to protect our credit cards when all we really need is a custom programmed RFID tag with the correct frequency response. I wonder if there is a command that can be issued over RFID to brick an I-Phone since they are the most prevelent one used for this with something like the Square Up scanner
Hmmmm...Blackhat doesn't like being quoted. That link brings up what looks to be the correct site, but it is a blank page, not the .pdf it purports to be.
ReplyDeleteI say go for it. Big Brother doesn't need to be scanning our guns anyway.
ReplyDelete