RSA Finds More Flaws in RFID

March 24th, 2005

eWeek has a reasonable article summarizing the weaknesses in TI’s RFID systems.

After uncovering a security weakness in a radio-frequency identification tag from Texas Instruments Inc., researchers from RSA Security Inc.’s RSA Laboratories and The Johns Hopkins University are now eyeing future exploits against other RFID products in the interests of better security, one of the researchers said this week.
     Meanwhile, TI will keep making the compromised RFID tag in order to meet the needs of applications more sensitive to speed and pricing than to privacy, according to a TI official. …

Miniature Data storage 1 TB per square inch

March 21st, 2005

IBM Zurich comes out with miniature data storage with data storage density of 1 TB per square inch —

“Given the rapidly increasing data volumes that are downloaded onto mobile devices such as cell phones and PDAs, there is a growing demand for suitable storage media with more and more capacity. At CeBIT, IBM for the first time shows the prototype of the MEMS*- assembly of a nanomechanical storage system known internally as the “millipede” project. Using revolutionary nanotechnology, scientists at the IBM Zurich Research Laboratory, Switzerland, have made it to the millionths of a millimeter range, achieving data storage densities of more than one terabit (1000 gigabit) per square inch, equivalent to storing the content of 25 DVDs on an area the size of a postage stamp.”

Cabir bluetooth virus speads to USA

February 18th, 2005

The Cabir bluetooth virus has been reported found in the wild in the United States. Cabir originated in the Philippines and infects bluethooth enabled mobile phones and (maybe) other device running the Symbian operating system. F-Secure offers this description:

Cabir is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform. Cabir replicates over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and starts looking for new devices to infect over bluetooth. When Cabir worm finds another bluetooth device it willstart sending infected SIS files to it, and lock to that phone so that it won’t look other phones even when the target moves out of range.

CA school tracks students with mandatory RFID badges

February 10th, 2005

The Brittan Elementary School in California now requires students to wear RFID badges that can track their every move. Students must wear identification cards around their necks with their picture, name and grade and a RFID tag. The system was imposed, without parental input, to simplify attendance-taking, reduce vandalism and improve student safety. The district superintendent told the parents concerned about privacy that their children could be disciplined for boycotting the badges.

“It’s not an option, (The badge) is just like a textbook, you have to have it. I’m charged with running the school district and I get to make those kinds of rules.”

The badges were developed by InCom Corp., a company co-founded by the parent of a former Brittan student. The company has paid the school several thousand dollars for agreeing to the experiment, and has promised a royalty from each sale if the system takes off. See stories here and here and a NYT article describing parent protests..

JHU cryptographers crack “thiefproof” car key

January 29th, 2005

Anupam Joshi pointed out a good story

on recent work by Avi Rubin and his students on cracking TI’s cryptographically enabled RFID tag widely used in anti-theft car locks, the ExxonMobil SpeedPass system and other RFID enabled applications. A draft of the paper is available online. Apparently the TI chips use a relatively short key (40bit?).

Graduate Cryptographers Unlock Code of ‘Thiefproof’ Car Key

By JOHN SCHWARTZ, NYT, January 29, 2005

BALTIMORE – Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at Lowe’s. Nothing unusual about that, except that the automobile industry has spent millions of dollars to keep him from being able to do it.

Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind “immobilizer” systems from Texas Instruments Inc. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in millions of Fords, Toyotas and Nissans.

All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it.

Cracking the system took the graduate students three months, Dr. Rubin said. “There was a lot of trial and error work with, every once in a while, a little ‘Aha!’ ”

Mr. Sabetti of Texas Instruments argues that grabbing the code from a key would be very difficult, because the chips have a very short broadcast range. The greatest distance that his company’s engineers have managed in the laboratory is 12 inches, and then only with large antennas that require a power source.

Dr. Rubin acknowledged that his team had been able to read the keys just a few inches from a reader, but said many situations could put an attacker and a target in close proximity, including crowded elevators.

Context aware clock/radio/alarm

January 28th, 2005

Gizmodo has the neatest things. “This Quattro prototype alarm is a solid translucent block that has no visible buttons or markings. As the Quattro is rotated, its function changes—on the side it’s a radio, tilted up it’s an alarm, and horizontally it’s a clock, each indicated by a contextual change in the display on the front. It gets better: the Quattro recognizes when you get close and lights up touch-sensitive buttons. Then it gets even betterer: a wirelessly connected teddy bear triggers the alarm’s snooze function when you give it a hug.” Too bad it’s just a prototype done by design students Didier Hilhorst and Nicholas Zambetti.

Mobile Virus affects Cars

January 26th, 2005

This is another scary technology story

Lexus cars may be vulnerable to viruses that infect them via mobile phones. Landcruiser 100 models LX470 and LS430 have been discovered with infected operating systems that transfer within a range of 15 feet.

Ambient Intelligence – Agents for Ubiquitous Environments

January 25th, 2005

A one-day Workshop on Ambient Intelligence – Agents for Ubiquitous Environments will be held in 25 or 26 July 2005 in Ultrecht, The Netherlands in conjunction with the 2005 Conference on Autonomous Agents and Multiagent Systems. Submitted papers are due 14 March, 2005.

The merging of virtual environments, mobile communication and sensors, allows the emergence of a new vision: Ambient Intelligence, a pervasive and unobtrusive intelligence in the surrounding environment supporting the activities and interactions of the users. Ambient intelligence appears poised to cause remarkable changes in the way
people live. With digital information, the ease of interaction between humans and computers can be greatly increased by broadening the interface media available and allowing mobile and portable communication to become free of inhibiting wires and stationary units. The result of ambient intelligence is ultimately a more empowered computer with the benefits of added convenience, time and cost savings, and possibilities for increased safety, security, and entertainment. This technology has the potential to significantly impact business and government processes, as well as private life.

Ambient Intelligence represents a vision of the future where we shall be surrounded by electronic environments, sensitive and responsive to people. Ambient intelligence technologies are expected to combine concepts of ubiquitous computing and intelligent systems putting humans in the centre of technological developments. Ambient
Intelligence emphasises greater user-friendliness, more efficient services support, user-empowerment, and support for human interactions. Software Agent (SA) technology is promising in this field and thus, should have a major role in Ambient Intelligence development due to SA characteristics such as autonomy and mobility. For instance, a user could launch an agent from his mobile phone and disconnect itself from the network. Its agent roams the net
of providers and afterwards submits its findings to user through SMS messages.

Java for RFID

January 18th, 2005

Sun Brings Java to RFID Tagging :Today at the National Retail Federation Convention, Sun Microsystems announced an entry-level RFID solution for retailers based on the company’s Java System. Sun also unveiled what it calls “Industry Solution Architectures” for more complex RFID management such as integration with back-end enterprise systems.

Radio frequency identification (RFID) tags are small transmitters placed on products, which are often used for tracking or inventory purposes. According to the company, Sun’s Java System RFID software “enables customers to process RFID tagged cases or pallets at the rate of approximately one to two seconds per unit and is designed to help customers meet retail mandates in approximately one week.”

When Inspector Gadget met Paris Hilton

December 27th, 2004

Smart Mobs has an item pointing to a NYT story describing the difficulties that Wal-Mart and others are having with their RFID programs. But the really interesting link in the post was to an older story on Prada’s high-tech flagship store in NYC. Reading it provides a good lesson for those of us mesmerized by cool technologies.

Fujitsu and PARC team on ubiquitous computing

December 15th, 2004

Fujitsu and Xerox PARC announced a partnership to study ubiquitous computing (story). Researchers from both organizations will initially focus efforts on developing interoperability standards and protocols based on PARC’s Obje architecture.

“The Obje software architecture is an interconnection technology that enables digital devices and services to easily interoperate over both wired and wireless networks. It provides a simple “meta standard” for interoperation that enables people to access information and services from anywhere, in a completely hassle-free, ad hoc manner.”

Researchers will also work to develop simpler and more secure wireless technologies and also incorporate social science to create new business opportunities, both at the business-to-business and business-to-customer levels.

Researchers at PARC, led by Mark Weiser, did much of the seminal work on ubiquitous computing. Weiser’s 1993 Scientific American article The Computer for the 21st Century is still a good read. After moving on to other things, I wonder if PARC can regain the lead in pervasive computing? A lot has happened in the mean time and many people are working on the vision.

Smart home hacks

November 18th, 2004

Gizmodo has an excerpt of a new o’Reilly book Smart Home Hacks. O’Reilly has some addtional material from the book online. There is also a short interview (by IM!) with the author, Gordon Meyer. It looks like the book mostly focuses on X10.