RFID Hacking… Name Your Own Price

from the fun-with-new-technologies dept

There are a number of folks who have been over reacting a bit to the idea of RFIDs being used in stores to replace bar codes. There certainly are problems with the technology, but most of the privacy issues can be solved with a few small changes and some additional technologies. However, if folks are still really upset about RFIDs, why not just pull a Re-code and hack the RFIDs to have them display whatever info you want? While the article notes that the software being discussed can rewrite RFIDs for malicious purposes, it can also be useful for letting people control their own RFIDs. Of course, figuring out a way to keep RFIDs so they can’t be recoded until they leave the store is going to be a big challenge. Though, none of this is going to matter at all if patent issues continue to cause problems in the RFID market.


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “RFID Hacking… Name Your Own Price”

Subscribe: RSS Leave a comment
7 Comments
Director Mitch (user link) says:

Typical Tech Ramp

Your post reminds me of the classic SNL “commerical” where they were selling grocery price stampers to reprice your food and save money(this was in the 70s WAY before barcode readers)

That being said, all the problems you describe – use models, patent issues, potential user abuse – have been common in every new technology ranging from the telephone to WIFI. History teaches us that all these problems will be solved if there is enough benefit for the users of the technology to spend the time and money to jump the hurdles, which I think will be the case with RFID.

Anonymous Coward (user link) says:

Corporate America Wins Again !

Hey Mike,

Remeber just HOW fasr ” RECODE ” got taken down by ” corporate America ” ? Hmmm ?

http://www.re-code.com/pdf/alternetdotorg.pdf

Why is it no longer around?

After pressure from the corporate thought police including a cease and desist letter and thousands of angry emails threatening such things as exile and eternal damnation, we decided to remove the site from the web. Many large global corporations were TEAMING UP to come after us. We should say we don’t think Priceline.com was involved at all so we thank them for being good sports – after all they were one of our original main targets. We feel as though we did our job and we don’t want to maintain a database forever anyways. People can be very mean though.

Anonymous Coward says:

Re: Corporate America Wins Again !

The Recode Story:

Conceptual Overview
The products we purchase are the inventory of our lives. To chain stores, this inventory is cataloged through the Universal Product Locator symbol (UPC). The UPC symbol is known as a barcode. Barcodes are now found everywhere in our world, extending outside of product inventory into our comic books, our science fiction, our films, and even our tattoos. These codes represent the fears of literally becoming numbers or becoming digital that are in many of us. These are not fears we wish to dismiss. The RE-CODE.COM project brings together the tactical media actions of the Carbon Defense League and the video and performance hijacks of Conglomco in a way that takes online action outside of the box for real world instigation. Looking at the heavy reliance on digital systems in chain stores utilizing the UPC barcode system, we see a problem or a virus in the system. The virus is the human. We are the nightmare of the digital to some extent. We are the squeaky wheel. In typical transaction scenarios, both consumer and cashier behave accordingly to accommodate the dominance of the barcode. Both depend on the accuracy of the code. Both function in machine-like behaviors in accordance to the patterns of traditional consumption rituals. Both cashier and customer listen only for a beep as their purchased item’s codes are swiped across the glowing light of the register. In some situations, even the cashier has been removed, so a machine can now be controlled by only the barcode maneuvered by human hands. Those same human hands can now be used in an act of brand subversion. Those same hands are the flaw that must resist the digital embrace of the UPC symbol. We must not simply shutter in science fiction horror, but take tactical action to manipulate the existing system for consumer benefit. With RE-CODE.COM, we look for a way to highlight the absurdity of a system undermined by humans that relies primarily on our very own physical presence and continual acceptance. We must showcase the human through the subversion of the code.

Project Overview
RE-CODE.COM was a free web service that allowed its customers to share product information and create barcodes that can be printed and used to re-code items in stores by placing new labels over existing UPC symbols to set a new price – participating in an act of tactical shopping. RE-CODE.COM at its core was a shared database, update able by our customers. Participation was free and required no special membership agreements or software download. After entering the web site, customers could choose to search and view information in the database currently or add their own collected data to the system. Using the custom Barcode Generator application, barcodes were drawn in real time and made available to the user. We utilize only UPC-A Type barcodes, the most common variety of barcode. It is used in most retail applications in North America and Europe. On the web site, we showed users a process whereby they could obtain cheaper prices for items in stores by simply re-coding items they planned to purchase, or switch the labels on items to reveal messages for customers and cashiers that might reveal the true prices of goods. The RE-CODE.COM web site itself was a mockery of PRICELINE.COM, made to look nearly identical to its counterpart which uses a “consumer as revolutionary” advertising approach to entice people to name their own price for goods and services. RE-CODE.COM simply wanted to take that concept to its logical completion, allowing any price to be named and re-coded in the store by the customer through barcode replacement. RE-CODE.COM highly encouraged re-coding name brand items with their generic equivalents as both a safety tactic and a way to comment on the overpricing of branded items. The two unique process we developed that are critical to the building of the database are known as preshopping and postshopping. Both required visiting RE-CODE.COM both before and after the process of shopping.

Under Attack
After going live on March 12th, 2003, the RE-CODE.com web site went unnoticed for close to 10 days when suddenly it began receiving attention on numerous blog sites that understood the satire and appreciated the concept of the site. The project was presented on March 23 at the Museum of Contemporary Arts in Chicago, IL. Salon.com published the first story on the web site on April 10th. That same day, the domain name WHOIS masking service employed by RE-CODE.com received a cease and desist letter from attorneys representing the world’s largest retail employer, Wal-Mart. At that time RE-CODE.com was averaging over 50,000 hits/day with a highpoint of 96,000 hits in one hour alone. The servers running the site were bogged down and access became sporadic at best. The site had struck a nerve and the attention that was now being given to the site’s creators was now much more a result of Wal-Mart’s threats than of the site’s actual content. Countless interviews were granted with multiple media outlets including morning call in shows, college radio programs, investigative reporters, National Public Radio station, the British Broadcasting Company, and others around the world. The site’s attention was almost too much to believe. Not only was Wal-Mart upset by the site, but also PriceChopper (a chain grocery store), the Kellogs corporation, the Federal Bureau of Investigation, and the Federal Trade Commission. After contacting several lawyers who had offered the site’s creators pro-bono legal council, the database and barcode generator portions of the website were pulled down and replaced by a response video by the site’s creators.

thecaptain says:

Re: Re: Corporate America Wins Again !

Please, this isn’ t the same thing.

What possible use was RE-CODE other than to fraudulantly change prices on items for sale in a store?

Hacking RFID means that after you LEAVE the store and have LEGALLY purchased items, you do not have to further submit to additional monitoring/tracking by idiot marketers who NEED to know your every move, what pants were you wearing at the time and what color your shirt today is because they think they can use this to pry open your wallet and help themselves.

Anonymous Coward says:

Oh please...

The original article would appear to be the worst form of exageration.
The econimics of RFID usage in supply chain will drive STRONLY toward the cheapest possible tags: The Non-ReWritable ones. So sorry, End of story…
Higher end tags in specialized apps will (and already do) include encryption keys required for writing. So sorry, end of flashy story…
Only a very narrow slice of tags in apps that require re-writable but can’t quite cost justify encryption would be vulnerable to the exploits described. This “middle ground” could and would be subsumed by the non-rewrite and/or encrypted flavors if consumer level re-write ever becomes a significant problem.

Leave a Reply to Anonymous Coward Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...