FAD Magazine

FAD Magazine covers contemporary art – News, Exhibitions and Interviews reported on from London

Is the LVMH consortium’s Aura ‘the first global luxury blockchain’ open to hacking?

LVMH has partnered up with a quorum of other leading brands to plug into the blockchain.  
The ambitious venture kicks off with significant investment backing for the Aura Blockchain Consortium enabling the luxury fashion market to launch its own blockchain, with a goal comparable to the non-fungible token (NFT) provenance, in verifying ownership of a physical product and tracking of items from production to sale as items traverse the global supply chain.  

The lifecycle of an individual product will be irrevocably stored on the Aura blockchain; the general idea is to provide assurance on ownership, provenance and authenticity of a given product.

The decentralization of this information reduces the emphasis on potentially fraudulent paper certificates of authority. A research study published by Certilogo on consumer faith in counterfeit demonstrates the high levels of concern when purchasing luxury goods. The concept of an immutable record of authenticity and ownership on the blockchain is likely to soothe some of those concerns.  Tampering with the blockchain is not a trivial undertaking and at the Aura end of the, there will be far bigger fish to fry for hackers and counterfeiters. 

There remains, however, a much juicer target ripe for exploitation; the luxury products themselves need a “smart chip” of some sort in order to link the provenance of the physical item to its records on the blockchain.  

While the exact technology of the “smart chip” has not been shared publicly yet, there are a finite number of technologies: primarily these are comprised of nearfield communications (NFC) and radio-frequency identification (RFID).  These technologies have become part of our everyday lives: for example, we use RFID to open doors and NFC to make payments.

This introduces another vector for consideration: the blockchain is decentralized but the product itself, and the chip identifying it, is very much the contrary.  

Consider a situation where a counterfeiting group have purchased a luxury product chipped with its authenticity.  There are no restrictions or ability to monitor what research is performed on that chip – to clone it, to modify it, to analyse the types of encryption which are in use and the design of it – this is an area of constant interrogation by the information security industry, known as “vulnerability research”.

These same chips have been used at the extreme end of high value: RFID and NFC are employed to protect luxury cars and control entry to sensitive restricted areas, such as banks and government offices.   

Consequently, there have been years of published research describing how to circumvent and exploit insecure functions offered by these internet-connected technologies.   Consider it something of an arms race: the manufacturers of products are constantly trying to plug the gaps discovered by security researchers and hackers.  

The maturity of the vulnerability research, and the resulting ease of access to tools to facilitate exploiting these smart chips, have resulted in widespread theft of luxury cars where thieves could trivially open the doors to a brand new BMW or Range Rover in under 60 seconds.

https://youtu.be/hh8uvTlmh0w

Given the prevalence of internet-connected technology within a luxury car, it’s possible for their manufacturers to respond to these crises and deploy a fix to address the discoveries of the security research community.

Some, like Jeep with their onboard computer, have had a particularly bad time of it – resulting in the recall of 1.4 million Chrysler cars due to an inability to remotely address a hack made public.

However, how does this work with, say, a handbag?  What is the resolution chain when an insecurity is discovered in the smart chip for a product?  As soon as the first products are released there will be researchers, of both benevolent and counterfeiting persuasions, looking to disrupt the claims of authenticity via the blockchain.

In the event of a security failure with the product-embedded technology, it’s difficult to imagine a simple chain for recalling products or revoking the authenticity without significant reputational damage.  In the future where authenticity and our own personal security are under constant threat, will cybersecurity threats actually impact fashion choices?  If a particular brand is seen to have problems with counterfeiting, there’s a realistic likelihood of that further impacting the statistics reported in Certilogo’s study of consumer concerns.

Then there’s the potential for brands to discretely investigate their competitors and encourage counterfeiting; this calls back to the story of how the UK digital television network ITV Digital was dealt a fatal commercial blow owing to shady practices by a competitor, revealing the encryption keys and resulting in counterfeited products being sold at-scale. 

Can hackers start influencing fashion?  Let’s get it on the blockchain and find out.

Categories

Tags

Related Posts

Trending Articles

Join the FAD newsletter and get the latest news and articles straight to your inbox

* indicates required