Software on RFID chips?

Factual Questions
1

Inspired by fiction, so taken with a grain of salt - I’m reading the opening chapters of a techno-thriller.

A bit of malware on someone’s phone establishes a network with the RFID chip in a different person’s ID tag, and transfers malware to it, jumping into a secured building through the RFID chip.

Now this sounds a bit technobabble-y to me, since it seems like RFID chips just hold information that can be read when the reader interrogates it, but I don’t know very much about RFID, just what I can read on wikipedia. So the question is: can things be uploaded to an RFID chip?
I suppose information must be loaded onto them somehow, but I don’t know if they’re re-writeable.

2

Here’s an off the shelf industrial type RFID transponder.

Control interface unit

I’ll leave it to the gurus to let you know what you can do with 896 bits of memory and how feasible it would be to get into a network this way.

3

I believe most RFID chips are read-only; they are pre-coded with the ID info and just eho that back when queried. They don’t have facilities for writing new info to them.

That may be dated now.
But even so, economics would keep most chips as simple as possible, generally read-only.

4

I’ve actually designed systems using RFID, so I have a fair amount of experience with them.

In the old days, RFID tags were simply RF diodes tuned to specific frequencies. You “programmed” the tag by cutting out diodes of different frequencies to make a bit pattern that corresponded to the number of the tag. The bigger the number you need, the more RF diodes you need. I’m not aware of anyone still using this old technology.

Modern tags tend to have a semiconductor chip in them. This is not a general purpose processor of any sort. These are dedicated microchips that basically provide the functionality of the chip and nothing else. All they basically do is wait for a coded signal to come in, and if they receive a valid signal, they send a coded data stream back out. Basically, all you get is a number.

To oversimplify it a lot, it works kinda like this:
Tag reader sends out a number: 12457132
Tag accepts this number, and responds with its own: 847385628

And that’s it.

The numbers are actually longer than that, and the security algorithm is a little more complicated than that (actually sometimes it’s a lot more complicated than that), but that’s the basic gist of it.

The only real programming you can do to it is to encode the number that you want onto the tag, and with some of them you can’t even do that.

Also, the RF interface on the tag is very specific. A phone doesn’t have the right kind of interface to talk to it.

There are two basic types of tags, beam powered and battery powered. Most are beam powered, which means that the tag uses the incoming radio waves to charge up a capacitor. Once the capacitor is charged, the silicon chip switches on and the tag does its thing. The battery powered ones don’t need to charge anything up, and because they have a battery, they can transmit a much stronger signal. Beam powered tags have to be very close (a few inches at most) to the reader to work. Battery powered tags can be mounted on the sides of rail cars, shipping containers, trucks, etc. and can be read from 10 to 20 feet away. Cell phone protocols not only don’t match up in any way, they don’t even follow the same type of algorithm. So they don’t even work anywhere near close to the way that the tags work.

I’ve also dealt with classified materials and classified and secured computer systems (I work in industrial control these days, and having a virus take control of a system that is controlling the production of something like phosgene gas would be a very bad thing). Secured systems have what they call an “air gap”. There is no physical connection between that system and the outside world. There is no way to transfer anything to that system from a phone, card reader, or anything else. However, the big security problem for these systems is flash drives. Someone needs to transfer a file from somewhere else (like a patch received from the control systems manufacturer) so they need some way to transfer the file over from their unsecured e-mail system to the secured system. So they reach in their pocket, pull out their handy-dandy flash drive that they also used at home, and they transfer a nice bit of malware from their home system to the secured system. Then they call up the folks who make the control system (my company) and ask why their control system is suddenly a bit sluggish, and we discover that whatever malware they accidentally installed is flooding their network with traffic as it looks for other computers to infect. True story. Fortunately, they were a company producing fairly benign materials. I won’t say what product they make, but they weren’t one of our customers that processes nuclear bomb materials or expensive pharmaceuticals or chemicals that end in -ene (why is it that everything that ends in -ene tends to be really, really bad?).

5

I wouldn’t assume that the author/protaganist knwe enough about ID cards to distinguish between a wireless smart card and RFID card.

Still rubbish of course, but no worse than any other techno thriller.

6

Call me paranoid:
A few months ago I posited the introduction of “RFID” chip containing a “Social Security Number” being implanted in a newborn before the skull plates fused.
So far, so good, right?

Now, just as Dentists do not use Novocaine, the refrigerant in your A/C is not Freon and a dozen of other names-which-stick:
Could a nefarious Government turn that “RFID” chip into a way to introduce programming - which just might act as a sedative to placate a population, or do any of a number of other things.

General Gist: Once people get used to having their newborns implanted, what all could be added to the “RFID Chip containing SSN”?

7

Well, I didn’t get to the worse part. It’s not really explained well, but one of the bad guys then uses the malware on the RFID chip to pilot the penetration of the building’s network in real time, meaning that somehow not only was the malware implanted on the chip, but it served as an ongoing node in a network, allowing her to rewrite code on air-gapped systems (it’s not explained why the explicitly stated “air-gapped” systems have wifi active) fast enough to avoid detection by anti-virus programs.

I almost threw the book at the wall.

8

Yeah, contactless smart card is sort of a better term. The problem is that the chips used don’t need to actually be in a “card” so it’s a misnomer in some cases.

9

Did she then hack into the knives in the building’s kitchen and reprogram to stab visiting government officials? It sounds like “hacking” could be replaced with “fel magic” in this story without much narrative change.

10

The general public thinks computers are basically magic and when it comes to magic, then anything is possible.

11

It would be totally in keeping with the accuracy of the story if she did that!
In the next chapter, Russian jets overfly downtown Tokyo and take a left turn to attack U.S. airbases on Okinawa! :smiley:
I wish I were kidding, but this book was sold on its accuracy and how its authors are an international relations and warfare specialist and a defense sector journalist. I thought it was going to be more Sir John Hackett and less L. Ron Hubbard. :frowning:

12

Sure, it would be possible to devise a little implantable capsule that dispenses opiates when signalled, or explodes, injuring the implantee.

But I think you were talking about something that’s a bit more ‘mind control’. I don’t think we really know how to do that properly and effectively by artifical means right now, even with whole rooms full of equipment. Just in case though, you could wear a tinfoil hat.

13

Aw com’on…

I want to know that Big Brother WILL find a way to control our thoughts and actions.

Just as “Company Towns” didn’t need to worry about any trouble makers stirring up the locals, I want to be assured that the modern technologies will work to placate simply everyone just as the Company Store controlled the finances of the townsfolk.

14

I think you’re looking for this thread, usedtobe. This one’s about whether it’s possible to download software onto RFID chips or smart cards.

15

" inspired by fiction … "
we don’t know if it was the book’s author who was “inspired” … or the op who was “inspired” while reading the book.

generally, novels are considered as fiction … veritably, the sky is the limit. furthermore, since the op did not state the name of the novel … we are given to speculate and formulate. however … non-fiction novels are becoming more widespread in this day and age.

16

The history of fiction’s “understanding” of tech is pathetic. From L&O:CI’s Goren stating with certainty (and the episode proving it) the old chestnut that hotel key cards have your entire personal information on them, to NCIS’s infamous two-person keyboard, to Leverage basically having tech that out Star Trek’s ST, no one gets it right, or even close.

But why is that? Where do these writers get their misinformation? When some hacker takes over a car remotely and makes it crash, do they not even have a basic understanding of how a car works? They must drive one every day. They can go look at it. Where is the steering servo that the hacker takes over? Hey, there isn’t one!

RFIDs can’t do one tenth of what TV and books make them do, and they definitely can’t be accessed from space!

17

But that’s not a very good example, because hackers have demonstrated how to take over a car and make it crash (by suddenly applying the brakes, not be turning the steering wheel). That’s why there was a recall and a software upgrade.

I can’t be bothered looking up the model and year unless you really want me too, but it was reported in my regular job-related software security feed, not in the NYT or The Onion.

18

Yes it’s possible under the right conditions.

Some factors:
1 - If the lock bit is not set then you can write
2 - If the lock bit is set then you need to know the password
3 - Depending on the tag and the reader there are distance considerations, the range of different combinations of passive tags and readers is from inches to hundreds of feet. So the right tag with the right reader could be written from a distance (approx max write distance is 1/2 max read distance).

The data on the tag does not need to be written according to industry standards of the user data, so, in theory, it’s possible specific data could be written that would exploit a known weakness/bug in some reader so the data could be uploaded (just like malware infecting a pc via downloaded image or pdf etc.).

The number of things that would need to line up just right to make it possible makes it unlikely but definitely not impossible.

19

There’s also a GQ thread with the same impetus, from an episode of 24 where the bad guy does bad cyber things hidden on a door pass or something. I OP’d the damn thing and I can’t find it, but it has good info on mag strip data capacity.

20

Got that, engineer_comp_geek? :slight_smile: