Tweet
Apply for or renew your US passport before August
Insane. Almost as bad as paperless e-voting.
They are going to add RFID chips to our passports.
Luckily this will have been dropped as a fiasco before ours expire.
http://money.cnn.com/2006/07/13/pf/r...ex.htm?cnn=yes
They are going to add RFID chips to our passports.
Luckily this will have been dropped as a fiasco before ours expire.
http://money.cnn.com/2006/07/13/pf/r...ex.htm?cnn=yes
Originally posted by CNN
...
The equipment needed to skim an RFID chip neither has to be large nor expensive. Nokia sells cell phones capable of reading RFID chips. Texas Instruments sells kits to do the same thing.
In May, researchers at the University of Tel Aviv created a skimmer from electronics hobbyist kits costing less than $110. The equipment was small enough to fit into a briefcase or be disguised in any manner of luggage or clothes that could hide the 15-inch copper tube antenna.
The antenna boosts the read-range from a few inches to a few feet. To extend the range of surreptitious access much further, a second piece of equipment is needed to fake the RFID reader into sending a "read" signal, which is then relayed via radio waves to the skimmer's reader near the targeted RFID chip.
In 2005, a researcher at Cambridge extended the range to about 160 feet while successfully accessing a contactless smart card's details.
ID thieves who figure out a way around the security precaution on RFID passports, which includes anti-skimming material in the cover, can use this method in a crowded airport terminal or hotel lobby to conceivably "borrow" someone's ID data and spoof it to another official reader, effectively cloaking themselves in another's persons ID.
Or they could learn a person's nationality, or confirm the identity of someone they were searching for to harm.
"It's a great way for unfriendly elements to set up their own RFID scanning systems and pick Americans right out of a crowd...If you put an RFID scanner in a doorway or maybe a lamp-post," said Sterling, "you can just sit there automatically counting the passing passports."
Even if the skimmed data is encrypted -- as e-Passport information would be -- skilled hackers could potentially save the information and crack it elsewhere.
Researchers at the Dutch security test lab Riscure cracked the encryption on a mocked up RFID passport in two hours using a PC in 2005.
U.S. passports are issued for ten years, which means the RFID chip technology of those passports, along with their vulnerabilities, will be floating around for a decade. Technology would have to "stop cold" Schneier of Counterpane says for improvements in skimming and hacking equipment not to occur.
Moss said the State Department "recognizes that technology will change during the 10 year life cycle of US passports" and that's why it's focusing on more than one technology to protect data.
Sterling, however, compares RFID passports to a "nice yellow armband" -- a big sign on your body announcing your identity. "Would you pay anything for that device?" Sterling asks. "Would you buy it in a travel store because you thought it made you feel safer? Or would you conclude that this technology existed so that you could be treated like a can on a grocery-food shelf?"
Schneier says there are a number of ways to improve the security of RFID passports but the best trick is to not create RFID passports at all. "Someone in the government got it in their head to make it RFID. Yes, its cool technology," said Schneier, "but don't do it because it's cool."
The equipment needed to skim an RFID chip neither has to be large nor expensive. Nokia sells cell phones capable of reading RFID chips. Texas Instruments sells kits to do the same thing.
In May, researchers at the University of Tel Aviv created a skimmer from electronics hobbyist kits costing less than $110. The equipment was small enough to fit into a briefcase or be disguised in any manner of luggage or clothes that could hide the 15-inch copper tube antenna.
The antenna boosts the read-range from a few inches to a few feet. To extend the range of surreptitious access much further, a second piece of equipment is needed to fake the RFID reader into sending a "read" signal, which is then relayed via radio waves to the skimmer's reader near the targeted RFID chip.
In 2005, a researcher at Cambridge extended the range to about 160 feet while successfully accessing a contactless smart card's details.
ID thieves who figure out a way around the security precaution on RFID passports, which includes anti-skimming material in the cover, can use this method in a crowded airport terminal or hotel lobby to conceivably "borrow" someone's ID data and spoof it to another official reader, effectively cloaking themselves in another's persons ID.
Or they could learn a person's nationality, or confirm the identity of someone they were searching for to harm.
"It's a great way for unfriendly elements to set up their own RFID scanning systems and pick Americans right out of a crowd...If you put an RFID scanner in a doorway or maybe a lamp-post," said Sterling, "you can just sit there automatically counting the passing passports."
Even if the skimmed data is encrypted -- as e-Passport information would be -- skilled hackers could potentially save the information and crack it elsewhere.
Researchers at the Dutch security test lab Riscure cracked the encryption on a mocked up RFID passport in two hours using a PC in 2005.
U.S. passports are issued for ten years, which means the RFID chip technology of those passports, along with their vulnerabilities, will be floating around for a decade. Technology would have to "stop cold" Schneier of Counterpane says for improvements in skimming and hacking equipment not to occur.
Moss said the State Department "recognizes that technology will change during the 10 year life cycle of US passports" and that's why it's focusing on more than one technology to protect data.
Sterling, however, compares RFID passports to a "nice yellow armband" -- a big sign on your body announcing your identity. "Would you pay anything for that device?" Sterling asks. "Would you buy it in a travel store because you thought it made you feel safer? Or would you conclude that this technology existed so that you could be treated like a can on a grocery-food shelf?"
Schneier says there are a number of ways to improve the security of RFID passports but the best trick is to not create RFID passports at all. "Someone in the government got it in their head to make it RFID. Yes, its cool technology," said Schneier, "but don't do it because it's cool."
Comment