RFID Hacking... Name Your Own Price

from the fun-with-new-technologies dept

There are a number of folks who have been over reacting a bit to the idea of RFIDs being used in stores to replace bar codes. There certainly are problems with the technology, but most of the privacy issues can be solved with a few small changes and some additional technologies. However, if folks are still really upset about RFIDs, why not just pull a Re-code and hack the RFIDs to have them display whatever info you want? While the article notes that the software being discussed can rewrite RFIDs for malicious purposes, it can also be useful for letting people control their own RFIDs. Of course, figuring out a way to keep RFIDs so they can't be recoded until they leave the store is going to be a big challenge. Though, none of this is going to matter at all if patent issues continue to cause problems in the RFID market.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 29 Jul 2004 @ 6:41am

    How Long ?

    How long do you thing it will take till someone idiot tries to pass a bill/law banning this

    link to this | view in chronology ]

  • identicon
    Director Mitch, 29 Jul 2004 @ 8:36am

    Typical Tech Ramp

    Your post reminds me of the classic SNL "commerical" where they were selling grocery price stampers to reprice your food and save money(this was in the 70s WAY before barcode readers)

    That being said, all the problems you describe - use models, patent issues, potential user abuse - have been common in every new technology ranging from the telephone to WIFI. History teaches us that all these problems will be solved if there is enough benefit for the users of the technology to spend the time and money to jump the hurdles, which I think will be the case with RFID.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jul 2004 @ 9:42am

    Corporate America Wins Again !

    Hey Mike,

    Remeber just HOW fasr " RECODE " got taken down by " corporate America " ? Hmmm ?

    http://www.re-code.com/pdf/alternetdotorg.pdf

    Why is it no longer around?

    After pressure from the corporate thought police including a cease and desist letter and thousands of angry emails threatening such things as exile and eternal damnation, we decided to remove the site from the web. Many large global corporations were TEAMING UP to come after us. We should say we don't think Priceline.com was involved at all so we thank them for being good sports - after all they were one of our original main targets. We feel as though we did our job and we don't want to maintain a database forever anyways. People can be very mean though.




    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Jul 2004 @ 9:45am

      Re: Corporate America Wins Again !

      The Recode Story:

      Conceptual Overview
      The products we purchase are the inventory of our lives. To chain stores, this inventory is cataloged through the Universal Product Locator symbol (UPC). The UPC symbol is known as a barcode. Barcodes are now found everywhere in our world, extending outside of product inventory into our comic books, our science fiction, our films, and even our tattoos. These codes represent the fears of literally becoming numbers or becoming digital that are in many of us. These are not fears we wish to dismiss. The RE-CODE.COM project brings together the tactical media actions of the Carbon Defense League and the video and performance hijacks of Conglomco in a way that takes online action outside of the box for real world instigation. Looking at the heavy reliance on digital systems in chain stores utilizing the UPC barcode system, we see a problem or a virus in the system. The virus is the human. We are the nightmare of the digital to some extent. We are the squeaky wheel. In typical transaction scenarios, both consumer and cashier behave accordingly to accommodate the dominance of the barcode. Both depend on the accuracy of the code. Both function in machine-like behaviors in accordance to the patterns of traditional consumption rituals. Both cashier and customer listen only for a beep as their purchased item's codes are swiped across the glowing light of the register. In some situations, even the cashier has been removed, so a machine can now be controlled by only the barcode maneuvered by human hands. Those same human hands can now be used in an act of brand subversion. Those same hands are the flaw that must resist the digital embrace of the UPC symbol. We must not simply shutter in science fiction horror, but take tactical action to manipulate the existing system for consumer benefit. With RE-CODE.COM, we look for a way to highlight the absurdity of a system undermined by humans that relies primarily on our very own physical presence and continual acceptance. We must showcase the human through the subversion of the code.


      Project Overview
      RE-CODE.COM was a free web service that allowed its customers to share product information and create barcodes that can be printed and used to re-code items in stores by placing new labels over existing UPC symbols to set a new price - participating in an act of tactical shopping. RE-CODE.COM at its core was a shared database, update able by our customers. Participation was free and required no special membership agreements or software download. After entering the web site, customers could choose to search and view information in the database currently or add their own collected data to the system. Using the custom Barcode Generator application, barcodes were drawn in real time and made available to the user. We utilize only UPC-A Type barcodes, the most common variety of barcode. It is used in most retail applications in North America and Europe. On the web site, we showed users a process whereby they could obtain cheaper prices for items in stores by simply re-coding items they planned to purchase, or switch the labels on items to reveal messages for customers and cashiers that might reveal the true prices of goods. The RE-CODE.COM web site itself was a mockery of PRICELINE.COM, made to look nearly identical to its counterpart which uses a "consumer as revolutionary" advertising approach to entice people to name their own price for goods and services. RE-CODE.COM simply wanted to take that concept to its logical completion, allowing any price to be named and re-coded in the store by the customer through barcode replacement. RE-CODE.COM highly encouraged re-coding name brand items with their generic equivalents as both a safety tactic and a way to comment on the overpricing of branded items. The two unique process we developed that are critical to the building of the database are known as preshopping and postshopping. Both required visiting RE-CODE.COM both before and after the process of shopping.


      Under Attack
      After going live on March 12th, 2003, the RE-CODE.com web site went unnoticed for close to 10 days when suddenly it began receiving attention on numerous blog sites that understood the satire and appreciated the concept of the site. The project was presented on March 23 at the Museum of Contemporary Arts in Chicago, IL. Salon.com published the first story on the web site on April 10th. That same day, the domain name WHOIS masking service employed by RE-CODE.com received a cease and desist letter from attorneys representing the world's largest retail employer, Wal-Mart. At that time RE-CODE.com was averaging over 50,000 hits/day with a highpoint of 96,000 hits in one hour alone. The servers running the site were bogged down and access became sporadic at best. The site had struck a nerve and the attention that was now being given to the site's creators was now much more a result of Wal-Mart's threats than of the site's actual content. Countless interviews were granted with multiple media outlets including morning call in shows, college radio programs, investigative reporters, National Public Radio station, the British Broadcasting Company, and others around the world. The site's attention was almost too much to believe. Not only was Wal-Mart upset by the site, but also PriceChopper (a chain grocery store), the Kellogs corporation, the Federal Bureau of Investigation, and the Federal Trade Commission. After contacting several lawyers who had offered the site's creators pro-bono legal council, the database and barcode generator portions of the website were pulled down and replaced by a response video by the site's creators.

      link to this | view in chronology ]

      • identicon
        thecaptain, 29 Jul 2004 @ 9:53am

        Re: Corporate America Wins Again !

        Please, this isn' t the same thing.

        What possible use was RE-CODE other than to fraudulantly change prices on items for sale in a store?

        Hacking RFID means that after you LEAVE the store and have LEGALLY purchased items, you do not have to further submit to additional monitoring/tracking by idiot marketers who NEED to know your every move, what pants were you wearing at the time and what color your shirt today is because they think they can use this to pry open your wallet and help themselves.

        link to this | view in chronology ]

  • identicon
    Anonymous, 29 Jul 2004 @ 10:18am

    Oh please...

    The original article would appear to be the worst form of exageration.
    The econimics of RFID usage in supply chain will drive STRONLY toward the cheapest possible tags: The Non-ReWritable ones. So sorry, End of story...
    Higher end tags in specialized apps will (and already do) include encryption keys required for writing. So sorry, end of flashy story...
    Only a very narrow slice of tags in apps that require re-writable but can't quite cost justify encryption would be vulnerable to the exploits described. This "middle ground" could and would be subsumed by the non-rewrite and/or encrypted flavors if consumer level re-write ever becomes a significant problem.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jul 2004 @ 8:42am

      Re: Oh please...

      and in the end the consumer still can not turn off this ever invasive technology. Doesn't matter that you bought & own the item.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.