If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
December 8th, 2009
RFID passport identity theft made simple Posted by Robin Harris @ 11:20 pm http://blogs.zdnet.com/storage/?cat=5, Public policy http://blogs.zdnet.com/storage/?cat=8, Security http://blogs.zdnet.com/storage/?cat=7 You're confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don't know is that the man behind you is recording the data sent by your passport's RFID chip as it is scanned.Your name, nationality, gender, birthday, birthplace and a nicely digitized photo is in his hands. With that info he can photoshop up a passport, get a copy of your Social Security card and with that get credit cards and bank accounts in your name. *Rewarding individual enterprise* Thanks to bureaucratic confidence in RFID technology this is a real threat. An article in the Communications of the Association for Computing Machinery http://cacm.acm.org/magazines/2009/12/52836-a-threat-analysis-of-rfid-passports/fulltext goes into the details: For successful data retrieval the perpetrator's antenna must catch two different interactions: the forward channel, which is the signal being sent from the RFID reader to the RFID token; and the backward channel, which is the data being sent back from the RFID token to the RFID reader. . . . . . . the perpetrator would need only an antenna and an amplifier to boost the signal capture, a radio-frequency mixer and filter, and a computer to store the data. The amplifier itself would not even need to be that powerful, since it would need to boost the signal over only a short distance of three to five meters. . . . These RFID "sniffers" can then be plugged into a laptop via a USB port. *They've got your data, now what?* The weak 52-bit key encryption is easily broken. Then just counterfeit the passport, get a social security card and start shopping! As the article notes, forging a passport can be expensive. It might be easier just to steal it. *The Storage Bits take* The RFIDiocy keeps getting worse. The Feds were pwnd at DefCon http://blogs.zdnet.com/storage/?p=565 earlier this year. But these are just the risks we know about today. What new technologies will appear in the next 15 years to make both eavesdropping and forgery easier? The RFID passport is a technological sitting duck for bad guys of all kinds - criminals and terrorists - courtesy of the US State Department. As I noted in previous post: The time to end this nonsense is now. There are perfectly usable non-RF storage technologies - like 3D barcodes - that can safely store data in hard to crack, hard to hack formats. We can do better. And we must. Robin HarrisRobin Harris has been messing with computers for over 30 years and selling and marketing data storage for over 20 in companies large and small. See his full profile http://blogs.zdnet.com/bio.php#harris and disclosure http://blogs.zdnet.com/storage/?page_id=154 of his industry affiliations. http://blogs.zdnet.com/storage/?p=713&tag=nl.e550 |
#2
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
Sancho Panza wrote:
You're confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don't know is that the man behind you is recording the data sent by your passport's RFID chip as it is scanned.Your name, nationality, gender, birthday, birthplace and a nicely digitized photo is in his hands. With that info he can photoshop up a passport, get a copy of your Social Security card and with that get credit cards and bank accounts in your name. Any evidence that anyone has done this yet? I don't mean someone has done something clever in a lab, I mean a criminal stealing an identity via a passport at an airport. -- William Black "Any number under six" The answer given by Englishman Richard Peeke when asked by the Duke of Medina Sidonia how many Spanish sword and buckler men he could beat single handed with a quarterstaff. |
#3
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
"Sancho Panza" wrote in message ... December 8th, 2009 RFID passport identity theft made simple Posted by Robin Harris @ 11:20 pm http://blogs.zdnet.com/storage/?cat=5, Public policy http://blogs.zdnet.com/storage/?cat=8, Security http://blogs.zdnet.com/storage/?cat=7 You're confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don't know is that the man behind you is recording the data sent by your passport's RFID chip as it is scanned. And why should I worry about this? The only things that are broadcast are the things that can be obtained by reading the passport, I really don't see why anybody sees this as a problem. Scare mongering for the sake of it tim |
#4
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
"tim...." wrote in message ... "Sancho Panza" wrote in message ... December 8th, 2009 RFID passport identity theft made simple Posted by Robin Harris @ 11:20 pm http://blogs.zdnet.com/storage/?cat=5, Public policy http://blogs.zdnet.com/storage/?cat=8, Security http://blogs.zdnet.com/storage/?cat=7 You're confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don't know is that the man behind you is recording the data sent by your passport's RFID chip as it is scanned. And why should I worry about this? The only things that are broadcast are the things that can be obtained by reading the passport, I really don't see why anybody sees this as a problem. Scare mongering for the sake of it A lot more people are victims of ID theft. |
#5
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
"Sancho Panza" wrote in message ... "tim...." wrote in message ... "Sancho Panza" wrote in message ... December 8th, 2009 RFID passport identity theft made simple Posted by Robin Harris @ 11:20 pm http://blogs.zdnet.com/storage/?cat=5, Public policy http://blogs.zdnet.com/storage/?cat=8, Security http://blogs.zdnet.com/storage/?cat=7 You're confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don't know is that the man behind you is recording the data sent by your passport's RFID chip as it is scanned. And why should I worry about this? The only things that are broadcast are the things that can be obtained by reading the passport, I really don't see why anybody sees this as a problem. Scare mongering for the sake of it A lot more people are victims of ID theft. and just how useful is knowing someone's name and date of birth, if you don't know their address? tim |
#6
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
In article ,
"tim...." wrote: and just how useful is knowing someone's name and date of birth, if you don't know their address? At least in the US, if you the date of birth it makes it a lot easier to get addresses. -- To find that place where the rats don't race and the phones don't ring at all. If once, you've slept on an island. Scott Kirby "If once you've slept on an island" |
#7
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
On Dec 11, 9:45*pm, "Sancho Panza" wrote:
"tim...." wrote in message ... "Sancho Panza" wrote in message ... * * * December 8th, 2009 RFID passport identity theft made simple Posted by Robin Harris @ 11:20 pm http://blogs.zdnet.com/storage/?cat=5, Public policy http://blogs.zdnet.com/storage/?cat=8, Security http://blogs.zdnet.com/storage/?cat=7 You're confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don't know is that the man behind you is recording the data sent by your passport's RFID chip as it is scanned. And why should I worry about this? *The only things that are broadcast are the things that can be obtained by reading the passport, I really don't see why anybody sees this as a problem. Scare mongering for the sake of it A lot more people are victims of ID theft. I agree |
#8
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
"Kurt Ullman" wrote in message ... In article , "tim...." wrote: and just how useful is knowing someone's name and date of birth, if you don't know their address? At least in the US, if you the date of birth it makes it a lot easier to get addresses. This is a circular argument If there is a publicly accessible database that enables you to find someone's address from a name and date of birth, then there is also a publicly accessible database that enables someone to find a date of birth from an address and a name. ISTM that the ID thief is far more likely to have the name and address of the person who they wish to target than their name and date of birth. So, it is the accessibility of this database that is the major risk factor here, not the fact that chipped passports are potentially insecure. tim |
#9
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
"tim...." wrote in message ... "Kurt Ullman" wrote in message ... In article , "tim...." wrote: and just how useful is knowing someone's name and date of birth, if you don't know their address? At least in the US, if you the date of birth it makes it a lot easier to get addresses. This is a circular argument If there is a publicly accessible database that enables you to find someone's address from a name and date of birth, then there is also a publicly accessible database that enables someone to find a date of birth from an address and a name. "Your name, nationality, gender, birthday, birthplace and a nicely digitized photo is in his hands. With that info he can photoshop up a passport, get a copy of your Social Security card and with that get credit cards and bank accounts in your name."--Such useful databases include Nexis and others that charge even more and provide far more information. ISTM that the ID thief is far more likely to have the name and address of the person who they wish to target than their name and date of birth. So, it is the accessibility of this database that is the major risk factor here, not the fact that chipped passports are potentially insecure. Such databases are available to the public through workplaces, libraries and even anyone's home computer., if the price is paid. |
#10
|
|||
|
|||
If You Think Your RFID Passport Is Secure, Think Again
In article ,
"tim...." wrote: "Kurt Ullman" wrote in message ... In article , "tim...." wrote: and just how useful is knowing someone's name and date of birth, if you don't know their address? At least in the US, if you the date of birth it makes it a lot easier to get addresses. This is a circular argument Nonsense. You asked how useful it was to get the name and date of birth if you did not have an address. I said, that at least in the US, name and dob made finding the address easier. If there is a publicly accessible database that enables you to find someone's address from a name and date of birth, then there is also a publicly accessible database that enables someone to find a date of birth from an address and a name. Yeah, but as I outlined that is not my interpretation of the original statement you made. You seemed to be suggesting that if someone had a name and dob (from the passport) it would be less than useful unless they had an address. My suggestion was that what was available from the passport, made finding the missing piece easier. ISTM that the ID thief is far more likely to have the name and address of the person who they wish to target than their name and date of birth. So, it is the accessibility of this database that is the major risk factor here, not the fact that chipped passports are potentially insecure. The two go together. You need the chipped passport to start the process by allowing you to get the first two bits of information. Now how real any of this, don't know, don't care/ -- To find that place where the rats don't race and the phones don't ring at all. If once, you've slept on an island. Scott Kirby "If once you've slept on an island" |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Feds Rethinking RFID Passport | Chrissy Cruiser | Caribbean | 31 | May 5th, 2005 06:25 PM |
Feds Rethinking RFID Passport | Chrissy Cruiser | Cruises | 35 | May 5th, 2005 06:25 PM |
Feds Rethinking RFID Passport | Chrissy Cruiser | Caribbean | 0 | April 29th, 2005 07:57 PM |
Feds Rethinking RFID Passport | Chrissy Cruiser | Cruises | 0 | April 29th, 2005 07:57 PM |
Privacy coalition calls for halt to biometric/RFID passport plans | nobody | Air travel | 4 | March 30th, 2004 05:02 PM |