RFID is one of those things that seem cool until you start playing with it and then it turns out that the only uses for it are really boring. Like, you can't use it to locate stuff because the range is too short; you can't rely on stuff to have chips (food, or clothes or whatever) and it's a major time sink if you'd have to start tagging stuff yourself; it's cumbersome to install readers everywhere and not being able to rely on half lives measured in decades instead of months, etc.
I used to have an rfid chip implanted in my hand. I had all these ideas of what I was going to do with it - log on to my computer by putting an rfid reader in my keyboard, build a magic 'touch the wall and music starts playing' thing etc. All of them turned out to be very boring and useless in practice. Logging into my machine - meh, turns out that it takes longer for monitors to come back on than to type the password. Building (useful) user interfaces based on rfid is very hard and doesn't add anything over a regular proximity sensor.
The only idea I have left is that in my current house, I have a place where I could put an rfid reader so that if I'd get a chip implanted in my gluteus maximus (my butt, essentially) I could activate an automatic door opener by bumping into it when I have my hands full. I just can't motivate myself to set this up and discovering again that it's a dud in real life.
This library lets visitors rearrange the books organically (if you pull out multiple books on a topic, you're encouraged to put them back on the shelf together instead of finding their old homes). The books are tracked with RFID so that they remain easy to find individually.
I'm a frequent library user, and this may be fine for certain types of collections (where you look for very specific books) but is terrible for general use, as you are removing the ability to search by topic.
It could certainly slow searching by topic (since patrons are remixing the books based on whatever way they're using them). It does seem to demand quite a bit of infrastructure, adding RFID scanners to every shelf (and keeping them working). If it truly would allow every book in the collection to be pinpointed in realtime, that would be a plus, many times the catalog can only tell you that the title you're looking for should be on the shelf, not where it has ended up.
right, and then you get listed the locations of 20 books on 20 shelves scattered around the library. Extremely fatiguing and time consuming if you want to skim a couple.
If you carry a proximity card in your rear pocket, that's pretty much the same thing except that there's no surgery and it's easy to swap out or discard when no longer useful.
Source: the door-opening sensors at my college, many years ago, were all located at the right height for a key in the back pocket to activate them. I referred to it as the "buttprint identification system".
But it is of critical importance to have the sensors located at the right height!
At my school, I had to jump up quite a bit (and I am 6' tall) to get them to read the card.
In many installations of both hardware and software, the actual usage of the system is quite different from what was imagined by the designers. Prox card installers imagine people holding up cards on lanyards. They mandate it not be carried in a wallet, because "the magnetic fields of a credit card can erase it" and it might break if it's bent. In real life, only freshmen carry lanyards, credit cards use high-coercivity stripes and aren't damaged by the prox readers or cards, and wallets with IDs and credit cards are stiff enough.
Talk to your users about how they use your product and what they need! You will learn something!
They also have longer-range solutions now and things that use Bluetooth instead of rfid for this. Works from a few feet away. I'm guessing that it's using some combination of Bluetooth MAC + signal strength.
As someone who frequently goes skiing, the recent deployment of RFID scanners at larger resorts is nothing short of amazing:
You can reload the passes online, the lift attendants can check everyone's pass just by waving a scanner across a crowd (no more having to precisely line up a barcode), you get online stats and achievements at the end of the day, and if you have photos taken on the hill they automatically show up in your online account.
So ya, definitely some really cool stuff you can do with them. :)
Just skied for the first time in years and the resort didn't even have attendants checking passes. You just put your pass in your left pocket and when you got to the front of the line a turnstile would admit you.
And a huge improvement over the magnetic strip passes. I have a pair of ski pants with magnets to hold the pocket closed, which is an incredibly dumb design, and they kept wiping my ski pass
> I could activate an automatic door opener by bumping into it when I have my hands full.
My co-worker solves by unlocking the front door when the home server sees his phone's (and his wife's phone's) MAC address on the home wi-fi network. (But only during "waking hours" so the server doesn't leave the door unlocked when everyone is sleeping.)
I think you could basically switch "RFID" with "smart home device" and this comment would be just as accurate. It seems finding a problem to solve is much harder than finding a solution.
Not much to it, really. It became feasible around 2007-2008 ish or so, when you could buy glass ampules with rfid tags in them and simple readers retail online (my timing might be a few years off). There were several forums about it at the time, most of them gone now it seems; I suspect because people found out the same thing I did, that it's just not that useful and that the novelty wears off after the first 5 times you wave your hand over a reader and have a led go on or a dialog pop up on a screen.
I went to a piercing study, girl stamped a hole in the upper layers of my skin, made a small cut to open it up a bit further, slid in the ampule (which had been autoclaved first of course). Band aid on it, done. It was strange being in a studio with a bunch of people with facial tattoos and horn implants and discs the size of my wrist in their ears - and them looking at me like I was a freak from out of space. I do have to say though that I had to search around a bit to find someone willing to do it. There are plenty of places that will take your money to suspend you from their ceiling with flesh hooks in your back, but that won't stick a glass pill under your skin. Go figure.
You can also buy kits online if you want to DIY - basically big needle guns that are used to tag cattle which you just jam into your hand and pull the trigger on, literally. That would've been a bit too hard core for me, tbh.
Compared to using a biometric such as a fingerprint it makes some sense. Fingerprints can in theory be stolen and reproduced, and you can't change them if that happens. You could replace an implanted RFID tag if that were ever to become necessary, but otherwise it's something you always have like your fingerprint.
More interesting, in my opinion, is "surgically" inserting a little magnet into the tip of one of your fingers, which then vibrates in magnetic fields such that your nerves can feel it.
This gives you a sixth sense - you can sense magnetic fields.
They do it for most pets now too. They're useful for identifying runaway pets wherever they end up, and for stuff like https://www.sureflap.com/en-us . I have a few of the sureflap doors and they work well for keeping my cats on their own diets (controlling access to a combination of crates + auto-feeders).
It's the same (exact?) thing as far as I'm aware; rice-sized glass bit with a tiny RFID chip inside.
What I want is RFID tags on all of my pieces of kit for when I go kayaking. Before I leave the house I scan my bag and see if I have missed anything. I was going to write a phone app to do it when I got a phone that had NFC, then I read up and found out the range was way too short.
The butt-chip. It's like the punchline of a joke. Still... Put a reader in your chair so that when you sit down somewhere, things turn on and log in? Butt-thentication, if you will.
It's naturally a volume solution. RFID makes close-range identification just a little faster & easier for a lot of hassle. So it's been worthwhile anywhere you need to identify a lot of things at close range. Ski passes, cows, library books, boxes in a warehouse... and anything volume tends not to be very "the future!" exciting.
He could also leave his stuff on the ground and open the door in most if not all cases, I think. Why create problems to solutions that come with their own problems (installation, maintenance...)?
Sure, there are plenty of actual uses for RFID, what I meant is that most of the 'that'd be cool to play with' uses are impossible, and what is possible aren't the things you'd play with (I mean I don't have a warehouse, and for tracking stuff in my pantry it's impractical because of the reasons I mentioned earlier).
I'm prototyping an IoT system that will use RFID tags to track inventory as it moves around an area. The system will provide live updates on location. Imagine knowing exactly where things are at all times through a simple dashboard. Nothing super amazing, but not boring. :)
Yes, but the simple website is very scarce in details. The project is in pre-alpha. I was just writing code for the API like an hour ago. I dont want to publicize it here at the moment, but if you send me an email (check profile) I will gladly talk to you about it.
Btw, I went to the demo of enerscore (which looks pretty interesting) and it wasn't working for me. I'm on Firefox last build and OSX if that helps. :)
Firefox has been pretty finnicky for some reason, but we're actually processing a giant data dump at the moment. Was the address unsupported or did the property just never load?
Couldn't you just put a push button switch there with the same effect? Something like the large square handicap accessible switches for powered doors in public buildings.
Slight quibble: the token is just authentication. The authorization is done by the pad. Granted, the current scheme grants the access authorization to any authenticated tag, but that could change if butt-thentication took off.
Solitude, Brighton and Snowbird also use the same tech. I know Solitude has had contactless lift ticket swiping in place for well over the past decade.
Also Squaw Valley in Tahoe. Ski passes are a great use for RFID! Their season passes are prox cards with a photo ID on them. Edit: they also work from 1-2 feet away. You just leave it in your pocket and walk through the gate.
This story doesn't quite make sense. I believe that his RSA pass was clonable and that his towel also had an RFID chip embedded in it. What I find hard to believe is that the towel had a writable RFID tag.
My main experience with RFID is cloning tags onto T5557 chips, and I don't think I've ever come across a writable tag in the wild. It doesn't seem to make economic sense to spend an extra penny or two on every towel to put in a tag you are never going to change.
The tags have to be writable at the factory to set the serial number. Presumably it's supposed to be write-once but is actually a small EEPROM, and he has an exploit that lets him overwrite it (see the "details withheld").
Mifare Ultralight C cards have 3DES-based security, cloning protection and read-only locking [1]. So I don't see how copying the RSA card to the towel would work unless the RSA conference totally messed up their use of RFID or the author has some super-hacker key extraction technique. Am I missing something?
I recently was at a Panera Bread, and when I put my Android phone (with NFC) onto the table, it immediately helpfully popped open tagwriter.
Turns out they didnt lock the tables' tags, so you could write urls and when people placed their phones down, had those urls open. (they used the tags for their food pager system)
A couple of weeks ago. It did take some work, it seems like there's a "sweet spot" that I had to hit, and some experimentation that required rotating the phone on the surface, but I was able to write google.com and then pop it open on my tablet.
OK, the RSA conference failed here. They're supposed to be a security conference, yet they didn't use an RFID tag that's challenge/encrypt/response, so you can't clone it by passive listening. RSA itself used to make such things.
That tag is about the right level of security for towel inventory. The big win in this is managing outsourced laundry costs. Knowing how many items went to the laundry, and how many came back, rather than just counting linen carts, matters a lot. ABS Laundry Solutions overview (with ominous music) [1]
Having designed the RFID tag system for a conference before, there's a real cost difference between crypto-capable NFC tags and ordinary ones, once you factor in the number of badges you need to print.
Then consider that (a) the conference probably has very little budget for an RFID implementation, and (b) the NFC tag isn't used for anything that's security-sensitive -- mostly checking in at vendor booths, attendance tracking, etc.
Given that, I can totally understand why RSA didn't use something more secure.
The BIG fail here is that the towel manufacturers didn't toggle the read-only fuse in the tags, which allows them to be overwritten by anyone with an Android smartphone.
The hotel probably uses a commercial laundry service. All the dirty towels go into a bin, and every few days a van from the laundry service delivers a pile of clean towels and takes away the bin of dirty towels. The bedsheets, pillow cases and duvet covers probably get the same treatment.
You can get similar services for mechanics' overalls, door mats, chef's uniforms, and things like that. They'll even put the right uniform in the right employee's locker, if you like [1].
Often there will be different pools for different hotels, as well as different pools for different items and sizes. Good inventory management helps you get the customers' orders right; you don't want to deliver a Holiday Inn towel to a Hilton, or have a tablecloth in a delivery of bedsheets, or deliver 99 bedsheets when you promised 100. Also, if things are getting damaged or going missing you need to know where things are going, and when you need to order replacements.
Of course, bar codes are also in use [2] but in hotels particularly they like the markings to be subtle.
The local Gold's Gym has a theft prevention style detector around the front door which will complain if you try and leave with a towel. The towels themselves have an obvious bump in one corner, about the size of a jellybean.
NFC is a specific kind of RFID which uses the ISO 18000-3 band for communication over short distances. There are many other types of RFID, which can have much longer ranges.
Engadget had a basic article from a few years ago. I'm not sure how the alarm works as even the distance from the floor to your suitcase might be too far for RFID:
A customer checks in and is given a towel with a customer specific RFID attached. If at the point the customer checks out and the towel is not in the room, it is assumed to be missing or stolen.
Er, no. Have you been to a hotel? They don't normally give you a single towel for your entire stay. The hotel changes the towels every day. Bulk RFID scanning during laundry lets them keep track of how many towels have gone wandering and individually track how many times specific towels have been laundered, which is probably useful information for managing towel quantities in bulk. I don't think tracking down and identifying individual towel thiefs is generally the idea, though I guess you can detect towels in places they are not meant to be (such as in their suitcases on the way out of the lobby).
Within reason, I think hotels expect a certain level of loss. They are probably not going to want to make a big scene in the lobby as a guest is departing and demand that they return the towel they are taking out.
On the other hand, theft by employees is something they are probably much more concerned about. Before this technology, you have to wonder how many hotel housekeepers had fully furnished their own homes with towels and bed linens at the expense of their employer.
This reminds me of the ubiquity of insecure MIFARE Classic chips.
My previous workplace (an international organization that shall remain anonymous) had vending machines where you could "buy" an RFID key that acted sort of like a "wallet". You could refill it by putting it inside the vending machine and then inserting coins, or you could use it to buy goods from the machines. It used MIFARE Classic and was trivial to break, and the cash amount was stored as cents in a short integer. Fun stuff, you could even buy deodorant and panties.
Then, several towns in my country use RFID cards for public transportation payment. Guess what? Even systems implanted AFTER these cards were deemed highly insecure are using them.
In Santiago, Chile, the public transportation system uses Mifare Classic cards, and few apps that (ilegally) refilled the cards appeared a while ago.
The solution given by the government was to block the cards that were used with fraudulent refills on a weekly basis, but there is always the possibility of changing the ID or purchasing blank cards.
Of course the system was chosen years after the vulnerabilities were discovered, too.
My guess is that the only way to stop this is to replace all the scanners, which will be far more expensive than losing a few thousand paying customers per day.
One place I worked at while in college had a similar thing with smart cards. The vending of the product and debiting of the card wasn't an atomic operation, so if you removed the card at the right time you'd still get the product but not be charged.
They must have changed that. At a cafeteria that uses MIFARE cards the operation is still not atomic, but the customer loses: If you remove the card at the wrong time, the card is debited but the transaction does not show up on the cashier's terminal, leading to heated arguments. The transaction does show up in the central database, so after spending 20 min writing a complaint you get your money back after a few days.
I was a CTO strategy consultant for an RFID MIST startup back in 2008 - that is RFID chips on documents, id badges, and any item of value within an organization. The MIST is a series of wireless sensors & network placed throughout the organization, enabling 3D location of any RFID marked object within range of the MIST network. The system could track who, when, and where of any person or item of interest simply by following the RFID through the series of sensors. However, there was zero plan for security of the RFID signals nor the MIST network itself, they were planning on security by obscurity. As I made more and more noise that security was their entire mission, and by not having any themselves they were setting themselves up for massive hacking. Thankfully, their main inventor was more interested in surfing than working, and their investor got deported for tax fraud.
I used to have an rfid chip implanted in my hand. I had all these ideas of what I was going to do with it - log on to my computer by putting an rfid reader in my keyboard, build a magic 'touch the wall and music starts playing' thing etc. All of them turned out to be very boring and useless in practice. Logging into my machine - meh, turns out that it takes longer for monitors to come back on than to type the password. Building (useful) user interfaces based on rfid is very hard and doesn't add anything over a regular proximity sensor.
The only idea I have left is that in my current house, I have a place where I could put an rfid reader so that if I'd get a chip implanted in my gluteus maximus (my butt, essentially) I could activate an automatic door opener by bumping into it when I have my hands full. I just can't motivate myself to set this up and discovering again that it's a dud in real life.