backtop


Print 19 comment(s) - last by rrsurfer1.. on Mar 22 at 3:29 PM

New RFID passports carry your bio information. Similar Dutch passport previously cracked in 2 hours

The US government has started seeding its new bio-passports. The new passports have the bearer's bio-data embedded in the passport and can be read with a wireless scanner. RFID is the technology being used in the new passports. Just a few weeks ago, we reported that the US government started phase two testing of these passports.

The new Dutch passports, which uses similar technologies was previously thought to be a new secure form of passport technology. Unfortunately, the system was reported to be cracked in a mere 2 hours. The inherent problems with these new "wireless" passports are that they are all prone to being sniffed. Rogue readers can grab the information that is embedded inside the passport's RFID chip and the decoding process begins.

At IDF last week, the entire show was tracked using RFID technology. Every show case, keynote, or press event exit and entry point was carefully guarded with RFID scanners that took readings off of the tags that basically everyone who attended the show was wearing. Interestingly, back in 2003, the UN mandated that new RFID passports must be able to be read from a distance, and not by contact. This is exactly what concerns privacy groups.

The US government has already gone through several designs of its new RFID biometric passport but so far, testing has been limited. As of right now, only a few US diplomats are carrying the new passports.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Tin foil hats!
By DRavisher on 3/14/2006 4:52:45 AM , Rating: 2
Well I can't say I like the UN thing about being able to read the passport from a distance. But it won't be very difficult to protect one self, except when the passport has to be used of course. Any consipracy theorist can wrap some aluminum foil or some such around their password and feel rather safe :)




RE: Tin foil hats!
By DRavisher on 3/14/2006 4:56:20 AM , Rating: 2
A question. Does the passport actually have the bio data on board, or is it only a code which allows the customs people or what ever to find the data on a network? Can these RFID chips really be passive if they must transmit so much data as a finger print, or do I have to recharge my passport in the future?


RE: Tin foil hats!
By masher2 (blog) on 3/14/2006 9:31:51 AM , Rating: 3
RFID circuits are typically powered by the signal that wakes them up; there is no internal power source. And it doesn't take a conspiracy theorist to be concerned by passports readable at a distance. From someone who travels to many countries-- some of which are not always friendly to the US-- the thought of carrying around a radio signal broadcasting "I'm an American" to one and all is rather alarming.


RE: Tin foil hats!
By DarthPierce on 3/14/2006 9:37:45 AM , Rating: 2
RFID does not use battery power, it receives its power from the interrogating transmitter. If you've bought clothes or software and found a square about 1.75 in on a side that was kinda firm, and when held up to a light had a spiral pattern towards the outside and a solid square (~1cm) at the center, that is an RFID tag.

so when you walk out of the store, they know exactly what's in the bag. it is not removed or deactivated by store clerks.... The system just checks that the exact items you bought (at the counter) are the same exact items you left the stor with.

It's actually some pretty impressive stuff, but I don't like the idea of my passport having RFID regardless of what data is on it.

If nothing else, someone with an RFID sniffer could certainly determine for example that there are 3 americans (or at least 3 american passports) behind that door on the train. Not good times....

the wrapping your passport in foil is not that far-fetched. (foil does block RFID). If you have a school or work id that opens doors without a swipe, or one of the new no-swipe credit cards, notice that if you wrap it in foil, it will not work.

(there are a lot of directions on how to make an RFID-blocking duct tape and foil wallet, for exactly these kinds of security concerns.


RE: Tin foil hats!
By DRavisher on 3/14/2006 9:46:20 AM , Rating: 2
I am aware that RFID can use the transmitters power (what I meant when I said "passive"), but I would think that a finger print would be too much data to send without a dedicated power source. But perhaps a finger print is not transmitted as an image (which is the only way I know of)?

And I was indeed serious about the tin foil (a Faraday cage), and I could even use such a thing myself when travelling, since I am not all that happy about anyone being able to aquire my prints and personal information remotely like that. Even being Norwegian can be dangerous these days :)


RE: Tin foil hats!
By masher2 (blog) on 3/14/2006 9:53:09 AM , Rating: 2
Fingerprints are typically encoded and stored as reference point maps....but even a digital image is easily stored and transmitted by RFID chips. You'd be surprised just how much power a transponder can parasitically collect from an incoming signal.


RE: Tin foil hats!
By DarthPierce on 3/14/2006 10:07:28 AM , Rating: 2
well, passive RFID has a maximum capacity of ~16kbits (2k bytes). So I would imagine that it would not encode fingerprints, but other biometric data such as height, weight, eye and hair color, name, date of birth, place of birth, nationality, identification numbers, etc. would be easy to store. (Basically everything in a passport except your picture and prints)

Range is only about 3meters in Europe due to transmitter power laws, but up to 10 meters in the states is possible.

Data on most tags is rated at stable for >10 years... so it would only need to be replaced about as often as a normal passport anyway.

Oh... One other thing they could easily store, since RFID can be both read and write, is information about every place you've visited like location (of border crossing), date/time in/out, etc.


RE: Tin foil hats!
By masher2 (blog) on 3/14/2006 11:22:58 AM , Rating: 2
> "well, passive RFID has a maximum capacity of ~16kbits (2k bytes)."

Well, most passive transponders on the market are 16KB or less, but there is no physical limitation on storage. Already there are 32KB transponders on the market. The real limit isn't storage, its playback speed. The fastest chips today are limited to 106 Mbps, which means large data fields would take several seconds to read...which is impractical for a tag in motion.



> "So I would imagine that it [encode] basically everything in a passport except your picture and prints..."

The Dutch RFID passports encode a digital picture of the bearer.



RE: Tin foil hats!
By AnnihilatorX on 3/15/2006 1:41:17 PM , Rating: 2
Won't data store in government database be more secure and tamper and piracy proof? When the RFID boardcast a very long encriypted ID that cannot be spoofed (much like softwareserials)?


RE: Tin foil hats!
By rrsurfer1 on 3/22/2006 3:29:58 PM , Rating: 2
It should be only a code, but from what I understand it contains the actual information (probably in some sort of at least lightly encrypted form, but still). They should use a database to lookup the code where the info is actually stored... that way the code would be of no use without access to the database (which you would hope is secure).


RE: Tin foil hats!
By appu on 3/15/2006 8:26:51 AM , Rating: 2
It depends on the frequency being used by the reader and tag to exchange information. UHF and Microwave frequencies can easily penetrate metals. And most tags, including the newer Gen2 tags are designed to operate at UHF. It's only when you use LF/HF (125 kHz/13.56 KHz) can you expect a tin foil or any other layer of metal around the tag to block the communication.


RE: Tin foil hats!
By masher2 (blog) on 3/15/2006 9:28:53 AM , Rating: 2
No idea why you believe this, but its incorrect. A Faraday cage easily blocks UHF and microwave frequencies. If you disbelieve this, go look at the door of any microwave oven.


Tin Foil FTW
By UlricT on 3/14/2006 2:42:24 PM , Rating: 2
Wrap your passports in Tin Foil for privacy!




RE: Tin Foil FTW
By h04x on 3/14/2006 3:33:21 PM , Rating: 2
5 seconds in the microwave will permanently terminate any RFID device lurking in your passport and will cause no damage to the passport itself. I wouldn't recommend this procedure on electronic devices though.


.:h04x:.
-Despite the cost of living, it is still popular.-


RE: Tin Foil FTW
By DarthPierce on 3/14/2006 4:26:18 PM , Rating: 2
I wouldn't suggest destroying the RFID tag in a passport.... you might actually need it while you're in customs. The foil thing is a much better solution, since it is effective and temporary


RE: Tin Foil FTW
By Wwhat on 3/16/2006 4:57:46 PM , Rating: 2
Last I heard the US government planned to weave copper into the cover of US passports to protect americans from being id'd from a distance, the idea being that when you open them you can allow a scan.
Whatever happened to that plan?


RE: Tin Foil FTW
By czarchazm on 3/14/2006 10:05:56 PM , Rating: 2
Sure, that works when the bearer has it in the aluminum Faraday Cage, but what about when the bearer removes it to be checked?

The tag is then vulnerable to "sniffing." And believe you me that tag is visible to sensitive directional equipment of anyone in line-of-site.

That is the problem with the RFID tags.


RE: Tin Foil FTW
By Zoomer on 3/15/2006 7:57:40 AM , Rating: 2
They should lower the range, and on sensitive appications, make it directional.


RE: Tin Foil FTW
By masher2 (blog) on 3/15/2006 9:30:33 AM , Rating: 2
Range is dependent on transmission power, and for a passive device, that in turn depends on the power of the device scanning it.


"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki