Well, That's a good question and I think a lot of people should be asking it.
This particular implementation doesn't pose any security risks, because it doesn't read any of the encrypted data on the card. This data is behind a secret triple DES encryption algorithm, which is closely guarded by Phillips. The data which this works on is only the unique ID of the card, which is, by necessity, public and unencrypted. However, security through obscurity is no security, and I'm sure that an unscrupulous person could obtain the appropriate encryption keys, either by clever hacking or simple non-legal means such as bribing the right engineer. Personally, I think it's important to demystify all this technology, as it's presented to us as being basically "magic", and the questions of security, privacy, and the conditioning of the general public to accept these technological advances and the monitoring of their activities without question. For example, Barclays are currently attempting to bring in "cashless payments" which use a similar NFC (near field communications) technology for micropayments. Personally, I find this peculiar as the only reason this is necessary, in most cases, is because Barclaycard/VISA/Mastercard charge a prohibitively high fee on small payments, making it unfeasible to use the existing infrastructure. So rather than just *lowering the fee* they've gone the route of maximising their profits by creating an entirely new technology which, in my opinion, is inherently insecure. I have very little electronics and cryptography training, yet I was able to put this example together in a matter of days. So imagine what an experienced crypto hacker, or a criminal network would be able to do, given the scenario of mass adoption of cashless payments? It's certainly possible to build longer range antennas - although it's technically illegal, if you're a criminal anyway, why would you care about violating emissions/FCC regulations? So, to give you short answers.. legal implications: no, this project is perfectly legal. privacy/security/future totalitarian nightmare implications: definitely yes... Personally, I won't be getting a One Pulse card now, or any time soon. Cheers, Alias 2008/5/6 Glen Pike <[EMAIL PROTECTED]>: > > All your data are belonging to us... > > ...does this not have legal implications that you should also be discussing > or is your demo making a point that this technology is not good because > anyone can now access an RFID tag and some can even crack the data inside it > given the right tools??? > > This is particularly worrying/interesting given that TfL are trialling the > One Pulse system that essentially merges a credit card to the Oyster Card. > > Discuss. > > Alias™ wrote: > > HI guys, > > A couple of people asked me whether I'd be posting videos of a > workshop I did a few weeks ago, so I thought I'd post it to the list. > > Basically, it's a hardware driver written in AS3, which controls an > RFID reader via and Arduino board, which can read standard London > Underground Oyster™ cards. > > Check it out here: > http://www.proalias.com/newBlog/2008/05/06/flash-arduino-workshop-2/ > > If you have any questions, please feel free to ask on the list. > > Cheers, > Alias > > > > I've done a blog post with a video of my presentation at the workshop, > > 2008/3/6 Alias™ <[EMAIL PROTECTED]>: > > > Hi guys, > > Just a quick note to let you know that I'm leading a workshop with the > Arduino folks on physical computing wih flash and arduino - a neat > microcontroller board that lets you connect switches, sensors, motors, > lights - anything electronic, really - to flash. > > The event page is here: > http://tinkerit.eventwax.com/h3-arduino--flash-workshop > > "Lead by Alias Cummins and assisted by Brock Craft, this workshop is > aimed at people who are comfortable with Flash, and want to start > experimenting/working with Arduino, but have little or no experience > of physical computing. The workshop will focus on getting them through > the first few steps, which are usually the most difficult, and give > them the tools and knowledge to continue learning on their own. > > First, you will quickly cover the basics of getting your Arduino > connected up and writing simple programs and finally getting Flash to > talk to an integrated circuit via Arduino. All the while you will be > approaching this from a flash perspective, with our primary > development language being ActionScript 3. > What do I need to bring? > > - A laptop > NB: Prior Knowledge of electronics is not necessary to attend this > workshop but you MUST have prior knowledge of Flash. > What we will provide > > - The beginners Arduino kit which you can take away with you after the > workshop. > When? > > April 5- 6th 2008 > From 10am to 6pm" > > Let me know if you have any questions! > > Cheers, > Alias > > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > > > -- > > > Glen Pike > 01326 218440 > www.glenpike.co.uk > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > > _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
