GPS Tracking – for School Students?

The card, which will be worn on a lanyard around each student’s neck, will transmit location information via microchip to electronic readers throughout the campuses, NISD spokesman Pascual Gonzalez told (Courtesy: NISD via Foxnews)

According to Foxnews, students in Texas will soon be wearing special RFID based ID cards worn on a lanyard. The ID cards will have an embedded microchip that will transmit the students location. The signal is picked up by readers that are installed throughout the campus.

“It is like GPS in the school,” Gonzalez said. “As administrators, we are charged with the safety of students in our schools. So within the four walls of Jay High School and Jones Middle School during the school day, we will always know where those kids are.”

With all the crazy things that are happening in schools now, it may not be a bad idea to be able to pinpoint a student’s location at any time. But this has brought out many privacy concerns.

My question would be that the administrators of the school do know that these things are on lanyards don’t they? How hard would it be for students to switch lanyards for a few hours? Conveniently leave them in the library when they are doing something “questionable” somewhere else?

And could creepers be able to track the signals too? Apparently the IDs only work on school grounds, and do not store any personal information. But RFID experts have shown in the past that these signals can be picked up at a distance with the right antennas.

I can see how the school would think this is a good thing. But GPS tracking via lanyard seems like it would be too easy to bypass to be effective.

Pulling Passport, Drivers License and Credit Card Info from Thin Air

Can your ID be stolen by just walking past a hacker?

… According to the Identity Theft Resource Center, the Smart Card Alliance states that: “the financial payments industry has designed multiple layers of security throughout the traditional credit and debit payment systems to protect all parties involved in the payment transaction.” For contactless payments (RFID), the financial industry uses added security technology, both on the contactless device (RFID card), as well as in the processing network and system to prevent fraud.”

The article goes on to state that Industry standard encryption, Authentication, Confidentiality and Control are some of the security measures being used to protect your identity. But how well does this added security work?

Well, here is where things get really murky. You have some authorities claiming that contactless credit cards are safe, but you have others showing that they clearly aren’t.

Even Mythbusters has been caught up in the drama. In 2008, they were going to do a show on RFID, but caved in from external pressure not to do the show. Then, later they released a statement that they were not pressured to cancel the show.

In December of 2010, WREG, Channel 3 news in Memphis decided to put this to the test. In just one hour, Walt Augustinowicz (of Identity Stronghold) armed with a netbook computer and a wireless card reader he bought online for under $100 patrolled Beale Street looking for volunteers. He had 20 people volunteer to be scanned and of these, he was able to read the account number and expiration date of 5 people who carried RFID enabled credit cards…

Selection of an article written for The Office Survivalist, continue reading here.

Looks like Chris Paget has done a lot of research into this issue. Apparently the record for reading one of these chips is over 200 feet, and theoretically could be read from over a mile. For more info check out Chris’s Blackhat video “Extreme Range RFID”:

And Chris’s appearance on FoxNews:

Apparently, the security code on the back of the credit card is one of the saving graces. This is not transmitted wirelessly with the account info. But not all companies require this for a purchase. Most credit cards offer full refunds for fraudulent purchases and as far as is known, this technique has never been used to actually steal information.

It would seem hackers prefer databases that store thousands of credit card numbers compared to walking around and waving a RFID reader around people’s butts after a football game.

RFID blocking sleeves and wallets are available that prevent these signals from being read remotely. You can also ask for non-RFID credit cards from your bank. Passports have blocking material in the cover and currently only a few states issue RFID enabled cards.