Wow, who knew?
Posted on 08/06/2006 6:29:12 PM PDT by diverteach
LAS VEGAS, Nevada (AFP) - High-tech passports touted as advances in national security can be spied on remotely and their identifying radio signals cloned, computers hackers were shown at a conference. ADVERTISEMENT
Radio frequency identification technology, referred to as RFID, used in cash cards and passports, can be copied, blocked or imitated, said Melanie Rieback, a privacy researcher at Vrije University in the Netherlands.
Rieback demonstrated a device she and colleagues at Vrije built to hijack the RFID signals that manufacturers have touted as unreadable by anything other than proprietary scanners.
"I spend most of my time making the RFID industry's life miserable," the doctorate student told AFP. "I am not anti-RFID. It has the potential to make people's lives easier, but it needs to be used responsibly."
Rieback and university compatriots expected to have a reliable portable version of their device, RFID Guardian, finished in six months and "had no plans to immediately mass-produce these things."
A cheer rose from the legion of hackers in the conference room when Rieback announced that the schematics and the computer codes for the device would be made public.
"The industry and government needs to not be scared of us," Rieback said. "They need to talk with us and to work with us. Hopefully, together we can come up with some kind of reasonable compromise."
RFID tags consist of a computer chips wrapped with tiny radio antennae. The chips store financial, identity, or other data that can then be sent to scanners by radio signals.
Retail behemoth Wal-Mart about two years ago embarked on a campaign to use RFID to track inventories and shipments from suppliers, and the devices are used on cargo shipped overseas in containers.
RFID tags have been used for decades to track cattle or wild animals.
It has become common in the United States for pet owners to have chips encased in glass, about the size of grains of rice, implanted under the skin of their dogs or cats so they can be identified and returned if they run away.
The European Central Bank has talked of putting RFID technology in euro currency, and such tags were used in World Cup Soccer tickets, according to the researcher.
Smart chips have been crafted into German passports and are being put into US passports. Stores have experimented with using the tags not only to track inventory, but to bill shoppers for purchases invisibly as they leave.
"It has been getting new life, and creating quite a stir," Rieback said of RFID use.
RFID equipment makers would be wise to ramp up encryption and other security while technology is catching on, according to Rieback. Rieback was not the only speaker at the gathering who claimed to have found RFID vulnerabilities.
"If you are using RFID on cows, who cares?" Rieback asked rhetorically. "But, with a passport, it only takes one breach at the wrong time and it could wreck it for the RFID industry."
The potential exists for unauthorized reading of cards, cloning, and tracking people who carry them, Rieback said.
Hacked chips could even be used to launch attacks on software in computers linked to scanning devices, according to the researcher.
RFID Guardian was designed to also block any selected tag from being read by scanners, legitimate or illicit.
"We are being foisted into this world where these tags are all around but we don't know when and how they are there," Rieback said. "The Guardian puts the control back in your hands."
Oh...joy...
Doesn't .001 inches of aluminum foil do that too?
Only on your head.
That, and the FT ping list has been slow lately, and RFID is a pet cause (pet peeve) of mine, and last but not least, no one's complained, yet. :)
|
Wow, who knew?
DEFCON rocks. Was too busy to make it this year, but next year I intend to be there.
Note that I am an IT professional, past 50. The information there is like nothing else available in the open.
This research is a good thing. It will be harder for the RFID crowd to push the technology further into our lives as people become aware of the risks to their privacy.
The privacy risks of 'loyalty' cards hasn't stopped their use.
I don't think the general public cares.
>"The industry and government needs to not be scared of us," Rieback said. "They need to talk with us and to work with us. Hopefully, together we can come up with some kind of reasonable compromise."
Translation: "Pay us off."
http://www.freerepublic.com/focus/f-news/1563271/posts
Healthy People 2010
>>>>Before Bill Clinton left office, he authorized 2001 an 84% increase in the government's investment in nanotechnology research and development, National Nanotechnology Initiative (NNI) and made it a top priority.<<<<
Too much grant money has been created for any of our corrupt politicos too listen.
Top that with the VeriChip is issued in MLM format. So all that are in position to make decisions on it's sale and use earn multiple income streams from it.
The RFID in the new passport has been thoroughly hacked for at least 6 months, though the info on how to hasn't been widely available. The US government and the contractors refuse to acknowledge the hack and make the new passport technology 'more' secure.
Within ten years, every American who carries a passport is a potential victim of identity theft in all unsecure locations the passport is carried. Only wrapping the passport in several layers of signal blocking metallic sheeting will protect the US citizen's identity from being trasmitted 24/7 from the passport. Or breaking the RFID chip by melting it in a microwave or something along those lines.
That is the short of it.
Silly wabbit. As long as RF is involved, it can be intercepted and duplicated. Now if they used spread-spectrum emissions for RFID tags, that would make things a bit more difficult... and expensive.
I remember an incident where an Amateur Radio UHF repeater system had hundreds of dollars worth of equipment to secure it's access to only a few members. The security was broken with a $9 tape recorder. If there's a will, there's a way.
I remember an incident where an Amateur Radio UHF repeater system had hundreds of dollars worth of equipment to secure it's access to only a few members. The security was broken with a $9 tape recorder. If there's a will, there's a way.
Yup...a $20 Radio Shack tone dialer modified with a $5 crystal gave you access to AT&T's ACTS system back in the day...unlimited free long distance calls.
There's always a way if you really want to...the trick is to make circumventing the security too expensive for 99.99% of the population. There will, however, always be that .01%...and so the battle rages on...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.