Why an RFID-enabled iPhone?

[nagromme]

Quote:

Originally Posted by Winni

Orwell's nightmare. Powered by Apple.

You should have worried more when cell phones got GPS for emergency response service. GPS allows real tracking, and phones allow long-range data transmission, all tied to your phone account, address and payment info.

In the face of that, how does adding a radio tag (as already used for lots of things) that communicates a few inches make a phone so much scarier?

[VulchR]

As if security concerns weren't bad enough if your phone gets stolen.., If this is used to pay automatically for services and merchandise, what's to prevent a thief from running up a huge balance by using a stolen iPhone's RFID? Here in the UK we have to enter a PIN when using a credit card, and that seems to deter thieves. However, there are some places that require only a signature for some bank cards - my ex's purse was stolen in London and within the thirty minutes it took to report this to the bank 300 GBR pounds were charged to her bank card. Using a mobile phone for payment is not new - it's just a stupid idea.

[wolfshades]

Quote:

Originally Posted by VulchR

As if security concerns weren't bad enough if your phone gets stolen.., If this is used to pay automatically for services and merchandise, what's to prevent a thief from running up a huge balance by using a stolen iPhone's RFID? Here in the UK we have to enter a PIN when using a credit card, and that seems to deter thieves. However, there are some places that require only a signature for some bank cards - my ex's purse was stolen in London and within the thirty minutes it took to report this to the bank 300 GBR pounds were charged to her bank card. Using a mobile phone for payment is not new - it's just a stupid idea.

Your concerns are understood. My question is: how does this differ from having your wallet or credit card stolen? Amazing that we'll secure our computers up tightly to prevent online security breaches but we'll let the sketchy-looking waiter walk away with our credit card in the restaurant.....

[wackymacky]

Quote:

Originally Posted by libertyforall

No spy chips, thank you.

http://spychips.com

Umm. Doesn't my cellphone already have a unique identify number that it comuncates with my carrier while it is switched on and tells them where I am within the cell network. (And with the GPS chip I can be pin-pointed withing a couple of meters).

Ummm... I wonder..... Does Apple track when ever a iPhone onwer enters a Apple Store, Or Wallmart? They have the technology.

[kironin]

Quote:

Originally Posted by libertyforall

No spy chips, thank you.

http://spychips.com

I envision a market for some sort of faraday cage in an iPhone carrying case though grounding it maybe a challenge.

After-seller small business opportunity, become a chip remover or disabler perhaps.

[wackymacky]

Quote:

Originally Posted by tempusfugit

imagine being able to walk around a store and scan items with your iphone for the company's information about the product. That's the kind of stuff we're gonna see in the not-so-distant future imo.

Ummm. What about just snapping the barcode or data-matrix stamp on the product and looking it up, like you can already do?

Seems like a lot of un-necessary fuss.

[akbc]

Here in South Korea, all the RFID equipped phones are so useful.
I use it as a metropass, credit card, debit card AND i can ride taxi's with them and pay with it, too.
Heck, I don't even have to carry my bank card because most of the bank machines are RFID equipped too.

I am using iPhone 3GS here, but I miss my old phone that could do all that.
And if iPhone can do that, it'd be great for all the east asian countries that have RFID stuff in their everyday life; like Japan, Hong Kong/China and such.

[zacman]

RFID is insecure. The british RFID passports have been cracked within less than 48 hours, the German test ones in less than a day. I wouldn't trust RFID for any important and sensible information like payment services. It's fine for stuff like tracking packages or my skiing card - but that's it.

[VulchR]

Quote:

Originally Posted by wolfshades

Your concerns are understood. My question is: how does this differ from having your wallet or credit card stolen? Amazing that we'll secure our computers up tightly to prevent online security breaches but we'll let the sketchy-looking waiter walk away with our credit card in the restaurant.....

OK - I admit that I can a certain tendency toward paranoia , but...

With respect to credit cards, most eating places where I am in the UK bring a machine to the table rather than taking the card away. A PIN is required. Also, one can erase or cover the 3-digit number on the back so that you reduce the chances of your stolen card being used online. My worry is that the RFID will be so automatic ('convenient') that you'll be able to wave your phone to purchase goods or services, without any other conformation of your identity. And it is true that security so far on RFID is far from perfect: indeed, one can now purchase shielded passport covers that reduce the chance of criminal access to sensitive passport information via RFID .

EDIT: Also, didn't O2 trial something called 'Wallet' that allowed a mobile phone to be used to buy things? I wonder how the trial turned out...

[rdowns]

Quote:

Originally Posted by zacman

RFID is insecure. The british RFID passports have been cracked within less than 48 hours, the German test ones in less than a day. I wouldn't trust RFID for any important and sensible information like payment services. It's fine for stuff like tracking packages or my skiing card - but that's it.

If it is so insecure, why haven't we heard of all the peoplebeing ripped off where it's used quite extensively?

[wolfshades]

Quote:

Originally Posted by VulchR

OK - I admit that I can a certain tendency toward paranoia , but...

With respect to credit cards, most eating places where I am in the UK bring a machine to the table rather than taking the card away. A PIN is required. Also, one can erase or cover the 3-digit number on the back so that you reduce the chances of your stolen card being used online. My worry is that the RFID will be so automatic ('convenient') that you'll be able to wave your phone to purchase goods or services, without any other conformation of your identity. And it is true that security so far on RFID is far from perfect: indeed, one can now purchase shielded passport covers that reduce the chance of criminal access to sensitive passport information via RFID .

EDIT: Also, didn't O2 trial something called 'Wallet' that allowed a mobile phone to be used to buy things? I wonder how the trial turned out...

Evidently, sanity prevails in the U.K. Here in Canada - not so much. Since very few places bring the credit card machine to the table, (and since I have an allergy to sketchy waiters) I make a point of walking over to it myself.

I really do think your concerns are valid. There are some credit card companies and banks here which have already implemented RFID technology on credit cards and phones (non are iPhones obviously). Not too sure about how the Motorola RIFD phones work but with the credit cards, you only need to wave it at a reader and the transaction is done. I'd like to see what they're security folk have to say about this.

[ConanTX]

If a store's inventory uses RFID, then a retail associate could quickly locate merchandise if their iPhone was able to detect RFID signals. Walking up to a wall of jeans and being able to instantly find the size and style you need in a mess left after a big sale would be a great time saver. The employee could also take inventory just by walking through the department.

[tknelson]

Quote:

Originally Posted by kironin

I envision a market for some sort of faraday cage in an iPhone carrying case though grounding it maybe a challenge.

After-seller small business opportunity, become a chip remover or disabler perhaps.

1) A Faraday cage doesn't need to be grounded to work.
2) A "Faraday case" is a dumb idea. How would you receive calls?
3) The paranoid posts in the thread are stupid to the point of hilarity. Go live in an igloo somewhere, OK?

[longofest]

Quote:

Originally Posted by zacman

RFID is insecure. The british RFID passports have been cracked within less than 48 hours, the German test ones in less than a day. I wouldn't trust RFID for any important and sensible information like payment services. It's fine for stuff like tracking packages or my skiing card - but that's it.

RFID in passports is kind of another ball of wax. One of the issues with so-called e-Passports is that they store all of the information on the RFID tag (i.e. your personal information) rather than just a reference number to a database. This is so you don't have different countries accessing other countries' databases. However, the level of encryption used on these passports is very weak, so all of that data on the tag is potentially vulnerable.

It is generally considered best practice to put only reference numbers to a database on RFID tags. That way if you skim the tag all you have is jibberish without the accompanying database info.

Don't blame the technology... blame the incorrect use of the technology. I don't see how the above examples of Apple's potential usage could be a serious privacy threat like the passports are.

[sn00p]

Quote:

Originally Posted by longofest

RFID in passports is kind of another ball of wax. One of the issues with so-called e-Passports is that they store all of the information on the RFID tag (i.e. your personal information) rather than just a reference number to a database. This is so you don't have different countries accessing other countries' databases. However, the level of encryption used on these passports is very weak, so all of that data on the tag is potentially vulnerable.

It is generally considered best practice to put only reference numbers to a database on RFID tags. That way if you skim the tag all you have is jibberish without the accompanying database info.

Don't blame the technology... blame the incorrect use of the technology. I don't see how the above examples of Apple's potential usage could be a serious privacy threat like the passports are.

E-Passports are however resilient to casual scanning (i.e the bad guy standing behind you in the queue) because you need to know personal details about the passport holder in order to generate the access key (this information is physically written inside the passport and the reader uses OCR to read it and then generate the key to access the electronic information).

There have been many unfounded stories about E-Passports, mainly by scaremongering newspapers who find the dumbest "security export" money can buy.

Yes you can duplicate the electronic portion of an E-passport with the right equipment, but what you cannot do is change this original information to create a fake passport that will pass validation, the data is signed using public key cryptography and the private keys are exactly that, private.

Providing that the authorities validate e-passport data with the authentic public keys, there is no problem and no security hole.

[madina]

I don't believe I'd use this for payment. Well not if I had my debit card on me.
RFID Maybe useful for locating the device if it was stolen. Please Apple, can you render these small & expensive mobile devices useless if they are stolen?! It would deter thieves!

[Stately]

Quote:

Originally Posted by BuddyTronic

Why RFID?

Vending Machines

Gas Pumps

Door locks and passage locks

Home security system thing - let's you know who came to your door etc.

Subway Train Token

Movie Tickets

Digital "tickets" for anything.

Museum audio program guide thingies.

Micro Payment systems

Demographic plotting of people passing a turnstile

I hope people try to see beyond the "evil Gubment" spy stuff.

I think most do, even those who aren't conspiracy theorists. But it doesn't alleviate the fact that what you said remains true. The question is, do you want that type of control hovering overhead for a gadget that would make life easier? If someone had a million dollar motorcycle made for you but later they said, I get to watch you wherever you go. And you were uneasy about it, but loved the speed and the adrenaline rush of the ride and said to yourself "well I'll be obeying the speed limit anyway" so you let it go and kept the bike. Soon you found out they weren't just watching you when you were riding, they watched you wherever the bike was. Therefore, regardless of speed limit and adherence to the law, you were still monitored. A little creepy huh? Lol.