Are there any RFID triggering devices?
October 2, 2005 12:28 PM Subscribe
Are there any devices able to trigger/trick RFID detectors?
I've had mild amusement with stick-on RFID chips, so the recent question here piqued my curiosity. Are there any devices in existance that go across all frequencies used by RFIDs as to trigger them. Thus allowing for push button activation of the beeping theft obelisks at the enterance of stores.
I've had mild amusement with stick-on RFID chips, so the recent question here piqued my curiosity. Are there any devices in existance that go across all frequencies used by RFIDs as to trigger them. Thus allowing for push button activation of the beeping theft obelisks at the enterance of stores.
Anti-theft devices in the UK commonly use RFIDs, with large antennas attached to increase the range, the antenna typically looks like a spiral of wire printed onto paper or card.
The tags are neutralised by the checkout staff when you buy something, so that the tags don't have to be removed. They stay on the product, but no longer set off the alarm.
A common theft trick is a bag lined with tin foil. Tags placed in such a bag don't trigger the alarm.
posted by Mwongozi at 3:01 PM on October 2, 2005
The tags are neutralised by the checkout staff when you buy something, so that the tags don't have to be removed. They stay on the product, but no longer set off the alarm.
A common theft trick is a bag lined with tin foil. Tags placed in such a bag don't trigger the alarm.
posted by Mwongozi at 3:01 PM on October 2, 2005
Those aren't RFIDs.
posted by cillit bang at 3:20 PM on October 2, 2005
posted by cillit bang at 3:20 PM on October 2, 2005
I don't know if there's actually something "on the market" that does this, but one of my professors once explained the concept of an "RFID jammer" that effectively identifies itself as every possible ID #. Apparently RFID readers don't simply "pick up" the code number, but instead repeatedly query bit positions for the code (as it was explained to me; this doesn't sound quite right to me, but I don't really have any basis not to trust the prof, who does a lot of research into wireless security and such).
posted by Godbert at 4:01 PM on October 2, 2005
posted by Godbert at 4:01 PM on October 2, 2005
Not RFID, but it's quite often possible to trigger the passive-tag detectors using car keys. Take 2 keys side-by-side on your key ring, then slide them apart into a V-shape such that the notches are facing each other. Walk repeatedly through a detector, moving the keys slightly each time, until it goes off. Memorise this position for much future fun, hilarity, and bag-searching...
(Put simply, the tags work by resonance stimulated by a field from the gates in the doorway, and if you get it right the gap between the teeth of the 2 keys matches the resonant frequency of a tag.)
posted by Pinback at 4:14 PM on October 2, 2005
(Put simply, the tags work by resonance stimulated by a field from the gates in the doorway, and if you get it right the gap between the teeth of the 2 keys matches the resonant frequency of a tag.)
posted by Pinback at 4:14 PM on October 2, 2005
Response by poster: Ooh, Godbert, if you have any links about such a thing, or terms for me to search, I'd be most interested! Then a best answer is you!
After I try that, Pinback, a best answer will also be yours!
posted by TwelveTwo at 8:21 PM on October 2, 2005
After I try that, Pinback, a best answer will also be yours!
posted by TwelveTwo at 8:21 PM on October 2, 2005
Slightly related: TagZapper, a handheld device for deactivating RFID tags, for the paranoid. Not yet available.
posted by IndigoRain at 10:48 PM on October 2, 2005
posted by IndigoRain at 10:48 PM on October 2, 2005
Best answer: There are a ton of different things that fall under the term "RFID tag" and there are a ton of other technologies that look the same on the surface.
First, the theft tags. Most of these don't do any identifying, so I wouldn't call them RFID. They're just RF-detectable in some way. Some are just resonant circuits that "ring" at a particular frequency. Those usually have a small amount of nonlinearity added so that they emit harmonics as well, which makes it easier for the reader/gate (which is constantly sending out that particular frequency and listening for answering notes) to distinguish the tag from its own emissions. These are the tags that usually look like a square patch with a spirally trace, which is the antenna and the inductive part of the resonant circuit. (See.) (There's a "magnetostriction" resonant tag technology out there too which i know nothing about.) Another kind I know of has a magnetic material with a very low saturation, and the reader produces a varying magnetic field which drives the metal strip into and out of saturation. Again that produces a detectable nonlinearity and accompanying harmonics. (Most everyday materials have a fairly linear magnetic response.)
Okay, after that are RFID tags. There are assloads of different tags out there. Lots of different standards, and lots of proprietary, non-standardized protocols as well. The really simple kind, often used for building keyless entry cards, just have a serial number and will mindlessly broadcast it as soon as they're energized by the reader. (They power themselves from the field emitted by the reader.) Problem is, if more than one tag is within the reader's range, they talk over each other and nobody gets heard. More sophisticated tags have anticollision algorithms, which is what Godbert's prof was probably talking about: the reader has ways to query only some tags ("any tags out there starting with 00001? .. no ? ... okay, 00010? ...") and eventually discover all tags in the area. Some tags have nonvolatile storge on board: the ones used by my local library, for example, can be told whether the book they're in is checked-out or not, and the library exit gate presumably interrogates this bit. Even more sophisticated tags, once they've been discovered by the reader, have the CPU power to set up a cryptographically-secured channel à la SSL and have a nice private dialogue with the reader.
Back to the OP's question: false-triggering of anti-theft gates. It seems to me that that should be easy because, as I said, they're usually not ID tags, so you don't have to give the theft gate a specific 80-bit magic number or something. Presumably you could manufacture your own tag with a coil of wire, an appropriately-sized capacitor, and a diode. Disconnect the wire to keep it from triggering. Depending on how the gate works, you could maybe just broadcast the harmonic it's looking for, which would work at a longer range. (The gates might be too smart to be fooled by that though.) A prank-minded EE undergrad could probably whip something up in a few weeks.
posted by hattifattener at 12:37 AM on October 3, 2005
First, the theft tags. Most of these don't do any identifying, so I wouldn't call them RFID. They're just RF-detectable in some way. Some are just resonant circuits that "ring" at a particular frequency. Those usually have a small amount of nonlinearity added so that they emit harmonics as well, which makes it easier for the reader/gate (which is constantly sending out that particular frequency and listening for answering notes) to distinguish the tag from its own emissions. These are the tags that usually look like a square patch with a spirally trace, which is the antenna and the inductive part of the resonant circuit. (See.) (There's a "magnetostriction" resonant tag technology out there too which i know nothing about.) Another kind I know of has a magnetic material with a very low saturation, and the reader produces a varying magnetic field which drives the metal strip into and out of saturation. Again that produces a detectable nonlinearity and accompanying harmonics. (Most everyday materials have a fairly linear magnetic response.)
Okay, after that are RFID tags. There are assloads of different tags out there. Lots of different standards, and lots of proprietary, non-standardized protocols as well. The really simple kind, often used for building keyless entry cards, just have a serial number and will mindlessly broadcast it as soon as they're energized by the reader. (They power themselves from the field emitted by the reader.) Problem is, if more than one tag is within the reader's range, they talk over each other and nobody gets heard. More sophisticated tags have anticollision algorithms, which is what Godbert's prof was probably talking about: the reader has ways to query only some tags ("any tags out there starting with 00001? .. no ? ... okay, 00010? ...") and eventually discover all tags in the area. Some tags have nonvolatile storge on board: the ones used by my local library, for example, can be told whether the book they're in is checked-out or not, and the library exit gate presumably interrogates this bit. Even more sophisticated tags, once they've been discovered by the reader, have the CPU power to set up a cryptographically-secured channel à la SSL and have a nice private dialogue with the reader.
Back to the OP's question: false-triggering of anti-theft gates. It seems to me that that should be easy because, as I said, they're usually not ID tags, so you don't have to give the theft gate a specific 80-bit magic number or something. Presumably you could manufacture your own tag with a coil of wire, an appropriately-sized capacitor, and a diode. Disconnect the wire to keep it from triggering. Depending on how the gate works, you could maybe just broadcast the harmonic it's looking for, which would work at a longer range. (The gates might be too smart to be fooled by that though.) A prank-minded EE undergrad could probably whip something up in a few weeks.
posted by hattifattener at 12:37 AM on October 3, 2005
No anti-theft devices use RFIDs, since they don't have enough range. Instead they use passive reflectors that echo the signal sent by the posts.
The ones the college I used to work at used echoed and rectified; if you pulled on open it was a copper loop antenna with a resistor. My understanding was that it clipped the peaks and valleys on the transmitted waveform in a distinctive way. It was complete crap, so perhaps ones that actually work are made differently.
posted by phearlez at 10:39 AM on October 3, 2005
The ones the college I used to work at used echoed and rectified; if you pulled on open it was a copper loop antenna with a resistor. My understanding was that it clipped the peaks and valleys on the transmitted waveform in a distinctive way. It was complete crap, so perhaps ones that actually work are made differently.
posted by phearlez at 10:39 AM on October 3, 2005
TwelveTwo, I can't really help you out with search terms or more info, but hattifattener bit about the "anticollision algorithms" is exactly what was explained to me, so you may want to look to that for some more direction.
posted by Godbert at 11:59 AM on October 3, 2005
posted by Godbert at 11:59 AM on October 3, 2005
This thread is closed to new comments.
posted by cillit bang at 12:42 PM on October 2, 2005