Jesse Brown: Ethical hacker sniffs passport tags in driveby

A few months back I reported on security problems with RFID chips, the radio scannable tech embedded in next-generation Enhanced Driver's Licences. EDLs are in use in B.C. and set to hit Ontario en masse this summer.

The problem was that sensitive info could theoretically be "sniffed" by anyone with a cheap RFID scanner.

Well, it's no longer theoretical.

White Hat hacker Chris Paget hit the streets of San Francisco with a $250 Motorola RFID scanner, an antenna and a laptop. RFIDs are embedded in new U.S. "passport cards," and within 20 minutes, Paget "sniffed" three distinct passport tags. The test was filmed and uploaded to YouTube.

These numbers could be used to clone new, fake passports or simply to track the number's owners.

Besides the technical proof his driveby provides, Paget's demo illustrates another problem with RFIDs that policy-makers should note: despite warnings, cardholders are clearly not taking the precaution of storing their IDs in scan-resistant wallets (i.e. wallets lined with foil).

Unleash a few hundred thousand of these sloppy cards on to the streets of Ontario and watch the province become the identity theft capital of the world.