From: Sancho Panza on 9 Dec 2009 20:44 December 8th, 2009 RFID passport identity theft made simple Posted by Robin Harris @ 11:20 pm <http://blogs.zdnet.com/storage/?cat=5>, Public policy <http://blogs.zdnet.com/storage/?cat=8>, Security <http://blogs.zdnet.com/storage/?cat=7> You're confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don't know is that the man behind you is recording the data sent by your passport's RFID chip as it is scanned.Your name, nationality, gender, birthday, birthplace and a nicely digitized photo is in his hands. With that info he can photoshop up a passport, get a copy of your Social Security card and with that get credit cards and bank accounts in your name. *Rewarding individual enterprise* Thanks to bureaucratic confidence in RFID technology this is a real threat. An article in the Communications of the Association for Computing Machinery <http://cacm.acm.org/magazines/2009/12/52836-a-threat-analysis-of-rfid-passports/fulltext> goes into the details: For successful data retrieval the perpetrator's antenna must catch two different interactions: the forward channel, which is the signal being sent from the RFID reader to the RFID token; and the backward channel, which is the data being sent back from the RFID token to the RFID reader. . . . . . . the perpetrator would need only an antenna and an amplifier to boost the signal capture, a radio-frequency mixer and filter, and a computer to store the data. The amplifier itself would not even need to be that powerful, since it would need to boost the signal over only a short distance of three to five meters. . . . These RFID "sniffers" can then be plugged into a laptop via a USB port. *They've got your data, now what?* The weak 52-bit key encryption is easily broken. Then just counterfeit the passport, get a social security card and start shopping! As the article notes, forging a passport can be expensive. It might be easier just to steal it. *The Storage Bits take* The RFIDiocy keeps getting worse. The Feds were pwnd at DefCon <http://blogs.zdnet.com/storage/?p=565> earlier this year. But these are just the risks we know about today. What new technologies will appear in the next 15 years to make both eavesdropping and forgery easier? The RFID passport is a technological sitting duck for bad guys of all kinds - criminals and terrorists - courtesy of the US State Department. As I noted in previous post: The time to end this nonsense is now. There are perfectly usable non-RF storage technologies - like 3D barcodes - that can safely store data in hard to crack, hard to hack formats. We can do better. And we must. Robin HarrisRobin Harris has been messing with computers for over 30 years and selling and marketing data storage for over 20 in companies large and small. See his full profile <http://blogs.zdnet.com/bio.php#harris> and disclosure <http://blogs.zdnet.com/storage/?page_id=154> of his industry affiliations. http://blogs.zdnet.com/storage/?p=713&tag=nl.e550
From: William Black on 10 Dec 2009 07:03 Sancho Panza wrote: > You're confident your RFID passport is safe in its signal-blocking > wallet as you pass through immigration. What you don't know is that the > man behind you is recording the data sent by your passport's RFID chip > as it is scanned.Your name, nationality, gender, birthday, birthplace > and a nicely digitized photo is in his hands. With that info he can > photoshop up a passport, get a copy of your Social Security card and > with that get credit cards and bank accounts in your name. > Any evidence that anyone has done this yet? I don't mean someone has done something clever in a lab, I mean a criminal stealing an identity via a passport at an airport. -- William Black "Any number under six" The answer given by Englishman Richard Peeke when asked by the Duke of Medina Sidonia how many Spanish sword and buckler men he could beat single handed with a quarterstaff.
From: tim.... on 10 Dec 2009 14:07 "Sancho Panza" <otterpower(a)xhotmail.com> wrote in message news:4b205286$0$22549$607ed4bc(a)cv.net... > December 8th, 2009 > RFID passport identity theft made simple > Posted by Robin Harris @ 11:20 pm > <http://blogs.zdnet.com/storage/?cat=5>, Public policy > <http://blogs.zdnet.com/storage/?cat=8>, Security > <http://blogs.zdnet.com/storage/?cat=7> > > You're confident your RFID passport is safe in its signal-blocking wallet > as you pass through immigration. What you don't know is that the man > behind you is recording the data sent by your passport's RFID chip as it > is scanned. And why should I worry about this? The only things that are broadcast are the things that can be obtained by reading the passport, I really don't see why anybody sees this as a problem. Scare mongering for the sake of it tim
From: Sancho Panza on 11 Dec 2009 15:45 "tim...." <tims_new_home(a)yahoo.co.uk> wrote in message news:7ocv9kF3q6nkoU1(a)mid.individual.net... > > "Sancho Panza" <otterpower(a)xhotmail.com> wrote in message > news:4b205286$0$22549$607ed4bc(a)cv.net... >> December 8th, 2009 >> RFID passport identity theft made simple >> Posted by Robin Harris @ 11:20 pm >> <http://blogs.zdnet.com/storage/?cat=5>, Public policy >> <http://blogs.zdnet.com/storage/?cat=8>, Security >> <http://blogs.zdnet.com/storage/?cat=7> >> >> You're confident your RFID passport is safe in its signal-blocking wallet >> as you pass through immigration. What you don't know is that the man >> behind you is recording the data sent by your passport's RFID chip as it >> is scanned. > > And why should I worry about this? The only things that are broadcast are > the things that can be obtained by reading the passport, > > I really don't see why anybody sees this as a problem. > > Scare mongering for the sake of it A lot more people are victims of ID theft.
From: tim.... on 11 Dec 2009 15:54
"Sancho Panza" <otterpower(a)xhotmail.com> wrote in message news:4b22af4d$0$22537$607ed4bc(a)cv.net... > > "tim...." <tims_new_home(a)yahoo.co.uk> wrote in message > news:7ocv9kF3q6nkoU1(a)mid.individual.net... >> >> "Sancho Panza" <otterpower(a)xhotmail.com> wrote in message >> news:4b205286$0$22549$607ed4bc(a)cv.net... >>> December 8th, 2009 >>> RFID passport identity theft made simple >>> Posted by Robin Harris @ 11:20 pm >>> <http://blogs.zdnet.com/storage/?cat=5>, Public policy >>> <http://blogs.zdnet.com/storage/?cat=8>, Security >>> <http://blogs.zdnet.com/storage/?cat=7> >>> >>> You're confident your RFID passport is safe in its signal-blocking >>> wallet as you pass through immigration. What you don't know is that the >>> man behind you is recording the data sent by your passport's RFID chip >>> as it is scanned. >> >> And why should I worry about this? The only things that are broadcast >> are the things that can be obtained by reading the passport, >> >> I really don't see why anybody sees this as a problem. >> >> Scare mongering for the sake of it > > A lot more people are victims of ID theft. and just how useful is knowing someone's name and date of birth, if you don't know their address? tim > > |