RFID was supposed to revolutionize asset tracking, replacing the barcode everywhere. Or at least that was the prediction once tags got under five cents apiece. They still cost seven to fifteen cents, even in bulk, and the barcode is still sitting pretty. [Chouchang (Jack) Yang] and [Alanson Sample] of Disney Research hope to change that.
Instead of tagging every electronic device, they use whatever electromagnetic emissions the device currently produces when it’s powered up. What’s surprising is not that they can tell an iPhone from a toy lightsaber, but that they can tell the toy lightsabers apart. But apparently there’s enough manufacturing and tolerance differences from piece to piece that they appear unique most of the time.
The paper (PDF) goes through the details and procedure. The coolest bit? The sensor they use is an RTL-SDR unit with the radio-mixer front end removed and replaced with a simple transformer. This lets them feed baseband (tuning from 0 to 28.8 MHz) straight into the DAC ADC and on to the computer which does the heavy math. Sawing off the frontend of a TV tuner is a hack, for those of you out there with empty bingo cards.
If you like statistics, you’ll want to read the paper for details about how they exactly do the classification of objects, but the overview is that they first start by figuring out what type of device they’re “hearing” and then focusing on which particular one it is. The measure that they use ends up being essentially a normalized correlation.
While we’re not sure how well this will scale to thousands of devices, they get remarkably good results (around 95%) for picking one device out of five. The method won’t be robust to overclocking or underclocking of the device’s CPU, so we’re concerned about temperature and battery-voltage effects. But it’s a novel idea, and one that’s ripe for the hacker-rebuild. And for the price of an RTL-SDR, and with no additional per-tag outlay as with an RFID system, it’s pretty neat.
Thanks [Static] for the tip! Via Engadget.
Am I the only one getting weirded out at the term “Disney Research”?
… Disney?? I’m almost waiting for the press release “We’ve created a real Mickey Mouse!”
Although that would be kinda neat, too, I guess. ;)
The real challenge would be if someone makes a computer mouse called Mickey and markets it succesfully without getting sued into death by Disney.
Market it as a ‘cursor control device’ named Mickey and you’re safe…. *It’s not a mouse!*
Disney has (had?) the Infinity toy-for-life line of figures with RFID chips and some games with unlockable content.
They recently announced they’re sunsetting that program, though they’ve got a couple movies worth of characters in the pipeline which will be sold this spring & summer. Apparently it’s one of those things where, in grand Disney fashion, despite the fact that the program was profitable, it just wasn’t profitable *enough*. Just not enough extra millions to make it worth continuing. Meanwhile, back in the salt mines…
Just like Google manufactures their own servers, Disney does researches for interaction technologies.
I wonder what the range of this electronic fingerprinting is…
Short to very short, but I would never use it for anything serious: overclocking aside, the electronic noise generated by devices is highly dependent on what load they are under at that moment, so on a PC or any device with a complete OS you can modify that noise just by rearranging times and priorities of what is running in the background.
And… yes, by the same principle you can push data out of a machine just by modulating its CPU load and read it without physical contact.
Fun way to listen to noises from various devices: http://essentialscrap.com/emfwand/
Isn’t this also how they would weed out scanner cloned gen-1 analog mobile phones too?
Oh, absolutely. Who uses those now, BTW?
I have seen european 1g mobile phones which I believe were in a 400(ish)mhz band hacked to use in the 70cm amateur radio band.
Heh. That’s cool.
I knew somebody, who did it the other way round. Using a full duplex 70cm amateur radio set with a very small (in the last version) self built adapter in the Austrian “B-Netz” mobile phone system. Which was already nearly obsolete at the time of this experiments and was shut down completely short time later.
You mean NMT phones? Worked at 450 Mhz at first, then came the 900 Mhz NMT.
“… for those of you out there with empty bingo cards” … LMAO!!!
+1
Grrr. I’m missing the joke. I feel like I should know this.
it’s a play on the pun many commentators make that various things posted to hackaday aren’t a hack.
Haha! Okay, it went over my head. But so obvious now.
Armchair Hackaday Editors blown the fuck out
Might want to reread the paper and proofread your article. DAC is “digital to analog convertor”. Not likely to help someone receive. And the paper is using baseband from 0 – 500KHz, not 0-28.8 MHz. The paper is OK, but the HaD article is a poor description.
re: DAC / ADC. Thanks for the catch. Fixed.
The paper only samples at 1 MHZ, so they’re looking at the bottom 500 kHz. But the ADC/mixer on the RTL-SDR _is_ capable of sampling at ~3 MHz anywhere between the 0-28 MHz. They could look around elsewhere too, with the same hardware, if they wanted.
“Converter”.
We all make mistakes. Good thing I’m not an editor, they would rip me a new one! Thank you for correcting/replying to us.
I can proofread 5 times and still miss something blatantly obvious. I am such a grammar nazi, but Android is trying to kill me with crappy speel Czech.
isnt this how smart meters are supposed to determine what is running so they can invade your privacy by for example seeing that you are using a porn toy and even what porn toy to be exact?
nope, much simpler. they just look at variations in load that signify turning things on/off. This, of course, can get very advanced, but they can tell a lot of things reasonably accurate
just some paper from the first results: https://www1.ethz.ch/im/publications/weiss_Percom2012.pdf
“Captain, I’m picking up some strange EM emissions; it might be an active handheld device.”
Yet another gadget any tricorder worth its salt should have! I swear the real world becomes more and more like Star Trek every day. We already have Uhura’s ear piece (bluetooth headset), the Taser was no doubt inspired by the “stun setting”, the iPad concept was clearly designed by the prop makers of ST:TNG and don’t forget transparent aluminum (aluminum oxynitride)!
I still watch TOS. Holds up remarkably well!
“Scotty, beam us up”
You all forgot the flip phone ‘communicator’….. I always thought Nextel got their ‘Push to Talk’ chirp from Star Trek.
Hahaha! +1
I did too.
You can pick up a surprising amount of stuff from your computer with an RTL-SDR, a while ago someone was able to make out their laptop’s screen from all the emissions- extremely distorted, but still there.
I once got a faint ghost image of my CRT monitor to appear on an old TV when the rabbit ears came in contact with the face of the monitor. :P
I wonder if this would identify cars at a distance, given how much radio noise many of them make.
Wow! You are right! That should be trivial to accomplish. I bet some three-letter-agency has had that for at least a decade. And most new models have Wifi, Bluetooth, keyless remotes.
They are practically yelling out their VIN’s.
Well it is a method that does not require a warrant, they just need a device the stakes out a given location and listens for one or more signatures then phones home if they are detected. Add two or more devices separated by a block and you also have direction of travel. I am just talking about what would even work with an old car with it’s alternator noise etc., so as you say new cars would be even easier.
I think older cars would be easy. If I (and I assume anyone reading this) can detect by sound when the neighbors or the spouse…ect… have driven nearby than certainly EMF noise should be a beacon as pertaining to identity. Each cylinder fires different. The crappy alternator is so noisy in my dad’s truck that it cuts into the radio.
Who needs a tachometer when I can hear brrrrrrrrrrrrr through the radio. But on the other hand some brands must be better at this. I wonder what a Tesla or a Prius emits.
I am curious about diesels; no spark, glow plugs. Maybe they would be harder to ‘hear’. Sorry about talking about Wifi and Bluetooth. That doesn’t count as ‘unintentional radiation’ at all.
I believe that old mechanical diesel is required for working vehicles at a certain proximity to the dishes in the US national radio quiet zone in West Virginia. Other than an alternator for charging the starter battery and to run lights, signals, wipers, and blowers what would emit RF?
Anything with switch contacts or electric motor brushes, so even the indicator lights? I’m sure you could make a radio quiet vehicle, but I doubt if any stock models are.
Haha. Just my radio blaring Metallica. I think we’re right, diesels might be a dead zone. Most have fuel pumps, but that can’t be a very stable source. Maybe the radiator fan will give it away!
That’s all I can think of. Old bare-bones dump truck will be safe from Skynet. : )
Until you turn a corner and use your indicators and activate your turn signal relay? As shown in this video, https://www.youtube.com/watch?v=KlVSNX_NaOs
Ouch. Forgot about relays.
Hmm, are you sure the stuff they removed is a “frontend”. From my perspective as a user this is an end that is in the back where I wouldn’t look.
Earlier today i happened to see how they checked the time trial bikes in the Giro d’Italia bicycle race for hidden electric motors. They simply used an app on a tablet; i assume it must work in a similar way with a RFID reader looking for electric emissions.
I’m suprised they don’t just run a magnet along the frame. Every single bike is titanium, carbon fiber, or aluminum. (Aluminium? British spelling I think.)
Haha, I would be the .5% that has a steel frame, though I would place last.
Are you sure they didn’t use a FLIR?
http://hackaday.com/2016/04/25/cyclists-use-tiny-motors-to-cheat/
could have been a metal detector app too
Is it really constant over time? Capacitors might degrade over time, changing impedance and thus also emissions.
I saw a popup in my news feed on facebook about a device that does something similar but attaches to the lines in your breaker box and uses the “noise signature” to assign power usage to different devices in your house.