Friday, December 1, 2017

RFID Tags in Clothing – What Could Go Wrong

Sometimes we need a break from all of the serious security issues we deal with and talk about. This blog is a break from breaches, sabotage, espionage and camouflage. If you want serious security today might I recommend Top 4 Reasons Why Hackers Plant Geolocation Malware on Websites, or some of my previous blogs such as Evasion and Regeneration; Decoys and Deception, or New Equifax Website Compromise.

Recently I had to shop for a washing machine. I had forgotten that now a days washing machines are part of the Internet of Things (IoT).  It was pretty easy to narrow down my choices of washing machines; if the washing machine listens and tells all to Google then I don’t want it, I have my Android phone for that. I would need to remember not to talk about confidential information when I am in the laundry room… Google hears all, Google sells all.

All of these high tech washing machines made me contemplate what other absurd things we can apply IoT technology to?  I decided that IoT clothes would be absurd… until I had my million dollar idea for a ground breaking application of the technology.

You see, I am really about function over form. My sense of fashion is only marginally better than most IoT vendor’s knowledge of the need for IoT security. I reason that if I could have RFID tags in my clothes, I could put my sports coat next to a shirt and then my mobile phone will tell me if the clothes work together. Next I put a tie with the shirt and sports coat and my phone tells me if it is business casual or a misdemeanor.

RFID tags would be solve my fashion impairment affliction. I could take pictures of my clothes to the store with me and know if something will pop before I buy it. It’s not just me, it’s a wonderful application for color blind people (who without exception have a better sense of color coordination than I do).

I could bring my clothes to the washing machine and it will TELL me which items can safely be washed with each other! The cost savings would be enormous. No more buying clothes that work together at the store and then inadvertently dyeing them to a color that no longer works with anything -including impressionist paintings.

There's also the problem that fashion changes. My app will be updated every time there is a new fashion (black is timeless). At last, if I buy on the first day of the cycle, my clothes can be fashionable for the full six months of their planned obsolescence. What's more, I could enter the name of an opera house or a burger joint and my phone will tell me if the clothes are acceptable for the dress code. Evidently sandals do not count as shoes at those fancy shmancy opera houses. I actually knew that and intentionally wore them when my ex-girlfriend tried to make me go to see the opera Lily.

So what could go wrong with putting RFID tags in clothes? Perhaps a manufacturing error puts the wrong chip in my clothes I'm wearing for an interview at T.J. Maxx. Suppose a hacker is able to hack the RFID chips and flash them to the 1970's fashion styles? If there is a manufacturing product recall for a defective RFID tag (the cheap ones are read only) is the shirt replaced with a refurbished shirt? Will the shirt be depreciated based on wear? If I am a clothing manufacturer would my competition hack into my system and sabotage my RFID tag stock?

Yes, there are potential security risks but still, if we nerds can finally go incognito in public it is a risk we are willing to take.

Randy Abrams
Independent Security Analyst

No comments:

Post a Comment