New RFID technology in the parks?

[flavious27]

I'm going to notice some moron standing next to me with a black box touching my arm. Don't know about you but I'm alert. My medication works.

This is some of what is being sold

Some are contactless, and some are small enough to be hidden in someone's palm. As a criminal justice major you should know that any system is going to be cracked and exploited by someone to make a quick buck.

As I said, I hope that disney has systems in place to protect guests from criminals looking to exploit what should be a way to make the experience better.

 

[G00fyDad]

Really?

Yes. But try reading all of the posts. I did say that it may have been because I bought expensive items on the card. Thanks for playing.

Really now. Wow. Hackers hack things because they can. That's all there is to it. Anytime someone creates a "hack proof" system, people will hack it. Just to do it. Remember the video game Doom? Well, there is a running joke to see if hackers can get a device to run Doom. If you can get it to do that, you can get it to do almost anything. Those giant display phones you see in some electronic stores? People have rooted those just to install stupid crud and then post the video on YouTube to show they did it.

RFID devices can be cloned in a fraction of a second. As quickly as the device can be read, one can be cloned. It's not that noticable. A proficient electronics person could hide the tech in something perfectly normal, be it a book, eletronics game device, something like that. All they need to do it walk by you and they have your info. Stick it in their bag, you would never notice. Check out this post from 2009 about what is involved - > http://cyberinsecure.com/cheap-rfid-sniffing-and-cloning-device-for-sale-by-researcher/ For $250 they can scan anything within a 30 foot radius.

Now it is possible to do some things to lock down the data a bit, but if a company can create a certain device, another can create a copy of it.

Why would someone go through the hassle of doing this? Why would people make fake pins that then retail for $.50? Or buy non transferable tickets to resell? Profit. If someone gets a valid band, they can easily buy say 5 different DVDs to resell at a flea market or on eBay. Doesn't necessarily have to be a huge item, if anything smaller items are quicker to resell.

As a PP said, typically people try stolen CC's on a very small item, just to see if its valid. Try to buy a soda see if it works. If it comes back as no charging, "Ooops, grabbed my daughters bracelet." Pay cash and know that one is garbage, or say "I have to go get money, let me go grab some from my wife" and just not come back. It may even be easier, if they add NFC style payment methods on vending machines, no humans to interact with.

Is any of this really going to happen? Beyond someone hacking the braclets, probably not. I can almost guarantee that once the AAs read your bracelet to say "Welcome Johnny!" that someone will hack them just to record Peter Pan saying "Welcome to the 5th gate of h-e-double hockey stick!" and upload it to YouTube. As much as guests forget it, WDW is part of the real world, and bad things do occasionally happen despite WDWs best efforts to prevent them.

Really now. Wow. I think I see your foil hat slipping there.

Lets try something here.... if you hate change, if you don't like this system, whatever your personal issues may be.... opt out of the program and don't take the bracelet. But don't sit here trying your best to scare the living crap out of people over a system you know nothing about. You were most likely one of the people that ran around yelling about the biometric systems at the gates. "It's gonna steal my soul!!" Calm yourself and get down off the cross. Someone else needs the wood.

They are most likely going to use passive RFID and not active RFID. But even if they used active RFID Disney will have measures in place to prevent any hacking and abuse of the system. Do you live in a bubble? Based on your statements, probably. But don't force others into that bubble. :zipit:

 

[G00fyDad]

This is some of what is being sold

Some are contactless, and some are small enough to be hidden in someone's palm. As a criminal justice major you should know that any system is going to be cracked and exploited by someone to make a quick buck.

As I said, I hope that disney has systems in place to protect guests from criminals looking to exploit what should be a way to make the experience better.

:ROFLOL::ROFLOL::ROFLOL:

That's for ACTIVE RFID. LOL :ROFLOL::ROFLOL:

Those do not have the capability to activate a passive RFID system.

My God. This has gotten out of control. I tell you what. All of you that are on here to spread fear, go ahead. You seem hell bent on arguing with everyone about everything (Hey, the grass is green and the sky is blue. Wanna argue about that? Probably.) I'm unsubscribing from this ridiculous thread before I waste another minute of my time arguing with people who only investigate half of the truth and love scaring people. Good luck! I'll take the bracelet any day!

 

[Hakunamatata]

I would imagine Disney has weighed what all the costs would be to this system, including if they have to reimburse funds to customers because of an unauthorized band use. It would also not surprise me if since the transaction time is recorded in their system that they could not go back and review security footage of who purchased the items. Disney having to put $500 of stuff back on someones account probably only costs them $75 in all reality, depending on what was purchased. I just dont think its going to be that big of a deal.

 

[flavious27]

:ROFLOL::ROFLOL::ROFLOL:

That's for ACTIVE RFID. LOL :ROFLOL::ROFLOL:

Those do not have the capability to activate a passive RFID system.

My God. This has gotten out of control. I tell you what. All of you that are on here to spread fear, go ahead. You seem hell bent on arguing with everyone about everything (Hey, the grass is green and the sky is blue. Wanna argue about that? Probably.) I'm unsubscribing from this ridiculous thread before I waste another minute of my time arguing with people who only investigate half of the truth and love scaring people. Good luck! I'll take the bracelet any day!

No, did you read the description of the products. The rfid reader, the one that is shown as fitting in your hand, is designed for contactless smart cards. Those are what is inside of a credit card and passive, they don't have a battery and are not continuously sending out a signal.

Exposing what could be a mess for disney and their guests is not about scaring people, it is educating them.

 

[dreamfinder]

Yes. But try reading all of the posts. I did say that it may have been because I bought expensive items on the card. Thanks for playing.




Really now. Wow. I think I see your foil hat slipping there.

Lets try something here.... if you hate change, if you don't like this system, whatever your personal issues may be.... opt out of the program and don't take the bracelet. But don't sit here trying your best to scare the living crap out of people over a system you know nothing about. You were most likely one of the people that ran around yelling about the biometric systems at the gates. "It's gonna steal my soul!!" Calm yourself and get down off the cross. Someone else needs the wood.

They are most likely going to use passive RFID and not active RFID. But even if they used active RFID Disney will have measures in place to prevent any hacking and abuse of the system. Do you live in a bubble? Based on your statements, probably. But don't force others into that bubble. :zipit:

Not at all. I have never complained about the finger print scanners. I know what a hash is and how it works and how if properly done, renders the data completely useless.

I live and make my living from the tech world. As much as you are spreading statements about everything being all rosy and no problems, I am simply providing a counterpoint to show that these things can be, and will be hacked. Like the ATM's that most of us use on a daily basis and can easily have a card skimmer installed, the computers that contain more data on you and I than any of us want to know exists that get broken in. I spend more of my time having to try to stay one step ahead of people who break stuff like this than I care to.

The data that Disney collects and stores on me is trivial. Am I concerned about what they hold? Not really. I am concerned with people. Not technology, but people. People are the weak link in any system. People not knowing how something works and what it can do bothers me. People not following procedures like checking IDs, comparing signatures bother me. Handing my credit card to wait staff who disappears into the back out of sigh to run the card bothers me alot more than someone having my KTTW number with a spending limit that is only good on WDW at certain locations.

I like knowing what risks are involved with things I do on a day to day basis. Doesn't mean I don't do them.

 

[parmejm]

Annual Pass Holders

What will happen with WDW Passholders if RFID comes into place?

i think it is a good idea though.

 

[sublimesting]

I have a good idea to solve all of these security concerns you all have. When you use your new wristband your fingerprints will now be required as well! Problem solved. I hope you are listening Disney...and I'm sure you are....

 

[notnothin]

I live and make my living from the tech world. As much as you are spreading statements about everything being all rosy and no problems, I am simply providing a counterpoint to show that these things can be, and will be hacked. Like the ATM's that most of us use on a daily basis and can easily have a card skimmer installed, the computers that contain more data on you and I than any of us want to know exists that get broken in. I spend more of my time having to try to stay one step ahead of people who break stuff like this than I care to.

While you have some good points, if you are really up to date on your RFID knowledge you likely know that there have been tremendous advancements in RFID which incorporate PKI, thus rendering skimmers entirely useless. As a user on another forum mentioned, this very technology has already been successfully deployed to protect ePassports from skimming attempts. My guess is that Disney will deploy this type of system, utilizing digital signatures and PKI in an effort to prevent fraud. The possibilities of such a system are almost endless. It's not rocket science, just a little math. :animwink:

Not to say that a brute force attack couldn't happen, that potential is always there. However, 'man in the middle' isn't going to work here.

 

[wvdisneyfamily]

The bands are a little too big brother for me.

 

[NoChesterHester]

The bands are a little too big brother for me.

10 pages into this thread and you feel you have to add this? Thanks.

 

[Theosus]

I think these would be cool, although I'm not so fired up about having my credit card linked to the bracelet. (But then, I wouldn't want it linked to my room key either.) Unless that's mandatory -- which I can't imagine -- it's not a problem.

As far as the photopass/video/other stuff... meh. Those are perks?

I never link a credit card to a room card. I also tell them not to let any kttw have charge privileges. So I don't have to worry about lost cards winding up charging stuff to my room. Just tell them no when they ask you during check in. Your kttw will say "no charging" or something on front.

 

[disneenut]

I really dont like RFID but heres my take.


For everyone talking about hacking, can it been done? Yes, with out a doubt... anything wireless can only be secured SO much.

With that said what info will be on said bracket... most likely a unique number, THATS IT. This unique number will cross reference with one of WDW servers on their network, (and my bet is these servers are on a LAN not a WAN) after the bracelet has interacted with the RFID receiver no other information is transmitted.

Heres the best I can do with what will most likely happen with the data.

RFID Bracelet # > RFID Receiver
(guest info does not pass this point)
RFID device (store register) < Guest #< Database < Guest Info

Disney would not risk something as catastrophic as a loss of guest data the remonstrations would be crazy.


Just my $.02

 

[theguitarman]

I really dont like RFID but heres my take.


For everyone talking about hacking, can it been done? Yes, with out a doubt... anything wireless can only be secured SO much.

With that said what info will be on said bracket... most likely a unique number, THATS IT. This unique number will cross reference with one of WDW servers on their network, (and my bet is these servers are on a LAN not a WAN) after the bracelet has interacted with the RFID receiver no other information is transmitted.

Heres the best I can do with what will most likely happen with the data.

RFID Bracelet # > RFID Receiver
(guest info does not pass this point)
RFID device (store register) < Guest #< Database < Guest Info

Disney would not risk something as catastrophic as a loss of guest data the remonstrations would be crazy.


Just my $.02

DISCLAIMER: I am not afraid of the wristbands, nor trying to scare people!

Your post is accurate! However, the worry is not that someone can scan your bracelet and know your name and address. The worry is that if they can read your bracelet, they can copy it and then act like they are you (charging, access to your room, ect). I am sure it will be very secure, but that is the concern.