Hi,
Thanks for your response, I assumed you were not planning a career
as Mayor just yet, so guessed that you were just looking at if from an
interesting use of technology perspective.
I was pondering things surrounding the RFID skimming element and
although you cannot extract personal data, you could easily link the
RFID to a person by the use of a webcam - how easy is that in Flash and
catch them each time they go past. From what I have read TfL, the world
and his wife are doing this anyway
...the next step would be to ask someone like Mario Klingemann to work
his bitmap magic and see if he can create an image recognition program
that uses images from Facebook - obtained via API's to trawl for
likenesses. You could then tentatively identify the person and display
their recent indescretions on a 20 foot high screen, etc...
That's possibly more worrying than people hacking my card details as
the only thing stopping you there (apart from the technology) is your
adherence to Facebook's TOS
Maybe you should do it as a social experiment :)
Glen
Alias™ wrote:
Well,
That's a good question and I think a lot of people should be asking it.
This particular implementation doesn't pose any security risks,
because it doesn't read any of the encrypted data on the card. This
data is behind a secret triple DES encryption algorithm, which is
closely guarded by Phillips. The data which this works on is only the
unique ID of the card, which is, by necessity, public and unencrypted.
However, security through obscurity is no security, and I'm sure that
an unscrupulous person could obtain the appropriate encryption keys,
either by clever hacking or simple non-legal means such as bribing the
right engineer.
Personally, I think it's important to demystify all this technology,
as it's presented to us as being basically "magic", and the questions
of security, privacy, and the conditioning of the general public to
accept these technological advances and the monitoring of their
activities without question.
For example, Barclays are currently attempting to bring in "cashless
payments" which use a similar NFC (near field communications)
technology for micropayments. Personally, I find this peculiar as the
only reason this is necessary, in most cases, is because
Barclaycard/VISA/Mastercard charge a prohibitively high fee on small
payments, making it unfeasible to use the existing infrastructure. So
rather than just *lowering the fee* they've gone the route of
maximising their profits by creating an entirely new technology which,
in my opinion, is inherently insecure.
I have very little electronics and cryptography training, yet I was
able to put this example together in a matter of days. So imagine what
an experienced crypto hacker, or a criminal network would be able to
do, given the scenario of mass adoption of cashless payments? It's
certainly possible to build longer range antennas - although it's
technically illegal, if you're a criminal anyway, why would you care
about violating emissions/FCC regulations?
So, to give you short answers..
legal implications: no, this project is perfectly legal.
privacy/security/future totalitarian nightmare implications: definitely yes...
Personally, I won't be getting a One Pulse card now, or any time soon.
Cheers,
Alias
2008/5/6 Glen Pike <[EMAIL PROTECTED]>:
All your data are belonging to us...
...does this not have legal implications that you should also be discussing
or is your demo making a point that this technology is not good because
anyone can now access an RFID tag and some can even crack the data inside it
given the right tools???
This is particularly worrying/interesting given that TfL are trialling the
One Pulse system that essentially merges a credit card to the Oyster Card.
Discuss.
Alias™ wrote:
HI guys,
A couple of people asked me whether I'd be posting videos of a
workshop I did a few weeks ago, so I thought I'd post it to the list.
Basically, it's a hardware driver written in AS3, which controls an
RFID reader via and Arduino board, which can read standard London
Underground Oyster™ cards.
Check it out here:
http://www.proalias.com/newBlog/2008/05/06/flash-arduino-workshop-2/
If you have any questions, please feel free to ask on the list.
Cheers,
Alias
I've done a blog post with a video of my presentation at the workshop,
2008/3/6 Alias™ <[EMAIL PROTECTED]>:
Hi guys,
Just a quick note to let you know that I'm leading a workshop with the
Arduino folks on physical computing wih flash and arduino - a neat
microcontroller board that lets you connect switches, sensors, motors,
lights - anything electronic, really - to flash.
The event page is here:
http://tinkerit.eventwax.com/h3-arduino--flash-workshop
"Lead by Alias Cummins and assisted by Brock Craft, this workshop is
aimed at people who are comfortable with Flash, and want to start
experimenting/working with Arduino, but have little or no experience
of physical computing. The workshop will focus on getting them through
the first few steps, which are usually the most difficult, and give
them the tools and knowledge to continue learning on their own.
First, you will quickly cover the basics of getting your Arduino
connected up and writing simple programs and finally getting Flash to
talk to an integrated circuit via Arduino. All the while you will be
approaching this from a flash perspective, with our primary
development language being ActionScript 3.
What do I need to bring?
- A laptop
NB: Prior Knowledge of electronics is not necessary to attend this
workshop but you MUST have prior knowledge of Flash.
What we will provide
- The beginners Arduino kit which you can take away with you after the
workshop.
When?
April 5- 6th 2008
From 10am to 6pm"
Let me know if you have any questions!
Cheers,
Alias
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
--
Glen Pike
01326 218440
www.glenpike.co.uk
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
--
Glen Pike
01326 218440
www.glenpike.co.uk <http://www.glenpike.co.uk>
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
