The reason why the shelter does this is because the shelter wants to return as many stray dogs as possible. At our local shelter, they have to kill an average of 500 dogs and cats every month because of overcrowding. Any dog or cat that they can return to its owner is one less animal they have to kill. Tags on collars can get lost or mangled. The microchip can’t get lost and will last for decades. And it is so small about the size of a grain of rice that the dog doesn’t even know it is there.

The technology behind these chips is fascinating. They are called Radio Frequency Identification, or RFID, chips. Sealed inside a tiny glass cylinder is an even tinier radio transmitter along with an incredibly small computer. The computer contains the unique ID number. It sends the number to the radio transmitter, which broadcasts it to the scanner. Obviously this tiny radio is not very powerful, so the scanner has to be just an inch or two away for it to pick up the transmission. But it is a transmission nonetheless. So the scanner picks up the radio’s signal, decodes the number and displays it.

But where do the computer and radio transmitter get their power? There is no battery embedded in the dog’s neck. This is the ingenious part of an RFID chip. The scanner actually sends out a fluctuating magnetic field into the dog. The RFID chip contains another antenna that picks up this magnetic energy and converts it into electricity. This electricity then powers the computer and radio transmitter. So the dog’s chip is sitting there, doing nothing, until a scanner comes along. The scanner provides the chip with the wireless power it needs to send out its unique ID number. Then the chip goes dormant once again.

Source and More : www.southernillinoisan.com

German security researcher Lukas Grunwald, who made headlines two years ago for uncovering security vulnerabilities in new electronic passports being adopted by the U.S. and other countries, created RFDump with colleague Boris Wolf in 2004.

Now the two have created RF-Wall (shown on the lower shelf in the picture at right) to help thwart RFID fraud and attacks against e-passports, electronic access cards and payment cards — such as the Mifare Classic card that is used in the London Underground and which security researchers recently cracked.

The device, which Grunwald and Wolf are producing for their new California-based company NeoCatena, is a hybrid firewall and intrusion-detection system that sits between an RFID reader and its back-end system. It’s designed to detect counterfeit and cloned RFID chips and prevent an attacker from injecting malware into a back-end system with a rogue RFID chip. They’ll be debuting the device this week at the RFID Journal Live conference in Las Vegas but gave me a demonstration of it this weekend.

Hacker Designs RFID Security Tool

Rfwall_5 The box can be loaded with virus signatures to detect known types of attacks and uses heuristics to detect other malicious activity, such as generic SQL-injection attacks (such as the one that appears in the screenshot above right). The device can be restricted to read only RFID cards that have specific serial numbers and reject all others. It also can be used to digitally sign chips so that any chips that are altered after being issued are rejected by the RFID reader. The system uses the HMAC algorithm for the digital signature. Grunwald and Wolf hold a patent on the use of HMAC with RFID technology.

Last year Grunwald revealed that he’d been able to sabotage the e-passport readers of two unnamed manufacturers by embedding a buffer overrun exploit in the JPEG2000 file of a cloned passport chip. The JPEG file contains a digital photo of the passport holder.

Recently other researchers cracked the encryption used in Mifare Classic chips that are used in door access systems around the world as well as in the London Underground’s Oyster card.

It’s long been known that RFID readers and chips are insecure, but trying to fix systems that have already been widely deployed has its challenges, particularly since there are a number of different types of chips and readers on the market, which work at different frequencies.

“A lot of people are thinking about on-tag security — putting cryptography on the tag,” Wolf says. “But those tags are limited in their computational power or even if you can get that worked out the more encryption technology you have on the tag, the more expensive it is. We’re saying you don’t have to worry about what’s happening with your tag if you can verify whether there’s data integrity or not.”

Grunwald says they’ve shown the tool to a large pharmaceutical company based in Switzerland that is interested in using it to authenticate drugs and equipment — such as dialysis machines — from counterfeit products. He says an Asian country is also interested in using RF-Wall with its electronic passport system.

During a demonstration for me, Grunwald and Wolf used RFDump to alter the value on a digitally signed transportation card from $10 to $99. On a first pass without RF-Wall in place, the RFID reader accepted the card. After they connected the device, however, the system rejected the tag. The system also rejected a tag that was embedded with SQL injection code.

The screenshot at right shows the backend of an RFID inventory system after malware on a rogue chip has crashed it.

Source and More : http://blog.wired.com

Via  : computerworld.com cracked the encryption used in Mifare Classic chips