Disney’s RFID "Magic Band" arrives on the FCC

[flynnibus]

What's TWDC's motivation for implementing the RFID "Magic Band"?

Its just one aspect of a large interconnected features and values. People need to stop acting like 1 billion dollars is being spent on just ONE aspect of the much larger picture. Between integrated systems, park wide wifi, mobile app developments, FP+, interactive show elements, and many more.

All of it.. intending to build a theme park framework that no one else can just copy and clone like they could a ride.

 

[G00fyDad]

Its just one aspect of a large interconnected features and values. People need to stop acting like 1 billion dollars is being spent on just ONE aspect of the much larger picture. Between integrated systems, park wide wifi, mobile app developments, FP+, interactive show elements, and many more.

All of it.. intending to build a theme park framework that no one else can just copy and clone like they could a ride.

Exactly. Thank you. This is what I was (albeit inadequately) trying to articulate.

 

[danlb_2000]

Its just one aspect of a large interconnected features and values. People need to stop acting like 1 billion dollars is being spent on just ONE aspect of the much larger picture. Between integrated systems, park wide wifi, mobile app developments, FP+, interactive show elements, and many more.

All of it.. intending to build a theme park framework that no one else can just copy and clone like they could a ride.

But how does that framework eventually trace to profit? At the end of the day this is a business and they don't spend all the money and effort unless they know there will be a return on that investment.

 

[Clever Name]

Ahh, all you would have to spend would be about 25-30 dollars to be able to do it.

Where are you going to get a scanner that shifts and reads frequencies 1600 times per second with full cyclic redundancy checking (CRC) with 160 bit passwords? You can't clone what you can't see.

 

[unkadug]

Where are you going to get a scanner that shifts and reads frequencies 1600 times per second with full cyclic redundancy checking (CRC) with 160 bit passwords? You can't clone what you can't see.

My local computer store.

 

[flynnibus]

But how does that framework eventually trace to profit? At the end of the day this is a business and they don't spend all the money and effort unless they know there will be a return on that investment.

Like everything they put into the parks.. its about attendance draw, stays, and encouraging spending. When they put in a new minor ride, they don't expect the ride itself to generate revenue.. it's about making the WDW experience a place people want to come and visit.

NextGen is about trying to make a generational leap in how technology is used within theme parks which will enable many features and future features. Disney is trying to further differentiate their theme park experience vs other parks.

some of those things will directly feed revenue (imagine targeted advertising, coupons, location based notifications, upsold products, etc) but a lot is simply about a 'Disney difference'.

Adding elaborate queues is not about increasing revenues.. but it's a way Disney has differentiated.

 

[Clever Name]

My local computer store.

I wish you the best of luck. A scanner at your local computer store is going to shift frequencies at a maximum of 8 times per cycle or 480 times per second.

 

[flynnibus]

there isn't anything to say the active part of the radio will broadcast anything that could be used for purchasing. It's probably more like a beacon used for personalization and crowd monitoring. Purchasing will still likely be limited to contact and secondary authentication for purchase approval.

 

[bhg469]

There is no way they will be broadcasting data to link to your credit card. Disney will have to send a signal to "wake" the RFID chip. The wrong request and the bracelet will do nothing. The foil hat crowd makes me roll my eyes.

 

[unkadug]

I wish you the best of luck. A scanner at your local computer store is going to shift frequencies at a maximum of 8 times per cycle or 480 times per second.

So, do you know for a fact that Disney is using technology that "shifts and reads frequencies 1600 times per second with full cyclic redundancy checking (CRC) with 160 bit passwords"?

Link please?

 

[jme]

By adding the RCID system, TWDC is giving hackers a new and potentially easier way to steal data. Unlike a land line, all you need is a good sniffer and intelligent decryption software to hack into the system. Why is TWDC taking this risk? What is their motivation?

I know this new system has been in the works for a while now, and isn't reactionary to this years developments - but since you brought up hackers stealing data from the RFID system, and these bands will unlock your resort room, it reminded me of the story from BlackHat this year when someone released information on multiple vulnerability with card-reader style locks, and how to make a cheap device to bypass them in seconds. Here's a video of one in action.

My point is that perhaps it was to strengthen their security, not open a new gaping vulnerability. Also, you mentioned 'all you need is a good sniffer' - most rfid sniffers out there sniff the 13.56MHz tags, but according to this FCC filing, the wristbands will operate on 2401 to 2476MHz (or 2.4GHz)
And without a 2.4GHz RFID reader, and one of these wristbands, you have no way of knowing exactly what data will be on them, let alone what kind of encryption they will be using.

Bottom line: at this stage you really have no way of knowing if you should be paranoid or not. And most likely you have a shoppers loyalty card on your keychain right now with more sensitive data on it than these wristbands will hold.

 

[Clever Name]

So, do you know for a fact that Disney is using technology that "shifts and reads frequencies 1600 times per second with full cyclic redundancy checking (CRC) with 160 bit passwords"?

Link please?

It is part of the Bluetooth Standard:

Bluetooth employs a transmission technique called frequency hopping spread spectrum whereby the carrier frequency of the transmitter changes channels up to 1600 times per second. The frequency hopping pattern is known by the communicating devices ahead of time. Frequency hopping has two significant benefits:

1. Improved privacy. By switching the carrier frequency up to 1600 times a second, it becomes harder to eavesdrop on data. This is because the frequency pattern hopping pattern appears random except to the devices communicating with one another.​

​

1. Improved noise and narrowband interference rejection

http://www.ee.ucla.edu/~lerong/ee202a/hw2/

The Disney version uses an enhanced protocal. Even with standard Bluetooth, scanning one side of the data gets you nothing.

 

[Cosmic Commando]

Thanks for proving my point!

Do you know this to be true, or are you just making wild speculative and paranoid guesses? Because, to my knowledge, the specs have not been published on the technical details of exactly how this will work. However, IF it turns out that they are in fact broadcasting room keys and financial information, I will be flatly refusing this device. But, I seriously doubt this will be the way they implement it.

If I had to guess, I would think they would use a variant of the current KTTW card where you have a unique number that identifies you to the computer, and then an encryption algorithm that would allow it to communicate securely with Disney's computers. At least that's how other similar devices work. I would be horribly surprised if Disney didn't implement something like this. With a design like this, the user's information is all isolated on a server, the only thing remotely personal on the key itself is the unique number.

I have become somewhat cynical regarding Disney management... optimistic but cynical (running to thesaurus to see if those are antonyms). But, I will still give them the benefit of the doubt that on a $1B project, it won't be defeated as simply as standing in the hallway at the hotel, waiting for a family to leave their room, following them to the bus stop, spoofing one of their wrist bands in line, and going back to loot their room knowing that they are on their way to MK for the day.

 

[unkadug]

It is part of the Bluetooth Standard:

Bluetooth employs a transmission technique called frequency hopping spread spectrum whereby the carrier frequency of the transmitter changes channels up to 1600 times per second. The frequency hopping pattern is known by the communicating devices ahead of time. Frequency hopping has two significant benefits:

1. Improved privacy. By switching the carrier frequency up to 1600 times a second, it becomes harder to eavesdrop on data. This is because the frequency pattern hopping pattern appears random except to the devices communicating with one another.​

​

1. Improved noise and narrowband interference rejection

http://www.ee.ucla.edu/~lerong/ee202a/hw2/

The Disney version uses an enhanced protocal. Even with standard Bluetooth, scanning one side of the data gets you nothing.

http://www.alibaba.com/product-gs/357391396/RFID_bluetooth_RFID_Reader.html?s=p

$1.00 a piece!

http://www.aliexpress.com/item/RFID...fi-Bluetooth-Standard-GPRS-GPS/476548748.html

$749.00

 

[Clever Name]

You don't seem to understand how the protocol works. Those scanners will get you nothing. The master device controls the piconet and excludes all other devices.

 

[GoofGoof]

Like everything they put into the parks.. its about attendance draw, stays, and encouraging spending. When they put in a new minor ride, they don't expect the ride itself to generate revenue.. it's about making the WDW experience a place people want to come and visit.

NextGen is about trying to make a generational leap in how technology is used within theme parks which will enable many features and future features. Disney is trying to further differentiate their theme park experience vs other parks.

some of those things will directly feed revenue (imagine targeted advertising, coupons, location based notifications, upsold products, etc) but a lot is simply about a 'Disney difference'.

Adding elaborate queues is not about increasing revenues.. but it's a way Disney has differentiated.

Agreed 100%. Instead of just looking for reasons to hate this, I am going to wait until the entire project is revealed and we see the entire picture before killing Disney again. I think in the end there will be beneficial aspects which will enhance our experiences. We kill Disney for lacking the vision to be innovative anymore when developing new technology. This has the potential to be cutting edge and unique to WDW.

 

[SJFPKT]

It is part of the Bluetooth Standard:

Bluetooth employs a transmission technique called frequency hopping spread spectrum whereby the carrier frequency of the transmitter changes channels up to 1600 times per second. The frequency hopping pattern is known by the communicating devices ahead of time. Frequency hopping has two significant benefits:

1. Improved privacy. By switching the carrier frequency up to 1600 times a second, it becomes harder to eavesdrop on data. This is because the frequency pattern hopping pattern appears random except to the devices communicating with one another.​

​

1. Improved noise and narrowband interference rejection

http://www.ee.ucla.edu/~lerong/ee202a/hw2/

The Disney version uses an enhanced protocal. Even with standard Bluetooth, scanning one side of the data gets you nothing.

So you think this little battery that they are supposedly going to put in there would last running 24/7 over a 10 day vacation? I doubt it. While I understand what you are talking about, that's quite a bit of juice for a passive system in a wristband that has to be running 24/7 for 10 days.

 

[Clever Name]

So you think this little battery that they are supposedly going to put in there would last running 24/7 over a 10 day vacation? I doubt it. While I understand what you are talking about, that's quite a bit of juice for a passive system in a wristband that has to be running 24/7 for 10 days.

The battery will last for many years. I would guess that they are good for 10 years at least. As a matter of fact, they most likely had to "dumb down" the battery to keep them from lasting longer.

 

[danlb_2000]

Agreed 100%. Instead of just looking for reasons to hate this, I am going to wait until the entire project is revealed and we see the entire picture before killing Disney again. I think in the end there will be beneficial aspects which will enhance our experiences. We kill Disney for lacking the vision to be innovative anymore when developing new technology. This has the potential to be cutting edge and unique to WDW.

Sorry, it's against the rules of this message board to wait for all the facts before criticizing something Disney has done. Users are encouraged to make snap judgements with as little actual information as possible.

 

[John]

I'm on the technology side as well and, sadly, know that a system such as this would not be difficult to hack. I've dealt with too many teenagers/twenty-somethings who simply want to do it for the challenge, never mind the Eastern European/Third World companies who are intentionally hacking into systems.

I'm still trying to understand TWDC's motivation for this. What exactly does TWDC gain for itself by this new RFID system?

I too asked this question earlier in the thread. Where is the payoff? My ability to get thru the turnstyles quicker?
It has been said that it will help manage it resources better, to comcentrate where needed....when needed. You ask me they have done a decent job all these years. After running how many theme parks for how many years?....you would think they have this stuff down cold?

OHHHHHH Yeaaaaaa so those cool interactive things say my kids name. Is that pretty accurate? Being my child is 25 I am not so sure he will be impressed. It has also been mentioned that the information gathered will help TDO seperate me from my money. This is an investment, there has to be somekind of ROI, are we to assume that because they will know that the toilet paper is low in TL or the soda cart is low in Morroco that it will save them that much to justify the ROI? Will the guest experience be that more noticable that everyone will wonder why they didnt do this sooner?

My belief is that this will be a tool to manipulate my experience to get me to spend more money, is this some tinhat conspiracy? I think not. I dont care to be used like that. I understand that Disney dont need me to wear some wrist band to know more then enough information about me then is nesscesary. They have that already. What they want to know are my tendencies....what I do....when I do it. So they can market or subliminally get me to spend money. If anybody thinks this is cracy talk....your simply in denial.