Jesse Brown: Ethical hacker sniffs passport tags in driveby
- February 5, 2009 7:53 AM |
A few months back I reported on security problems with RFID chips, the radio scannable tech embedded in next-generation Enhanced Driver's Licences. EDLs are in use in B.C. and set to hit Ontario en masse this summer.
The problem was that sensitive info could theoretically be "sniffed" by anyone with a cheap RFID scanner.
Well, it's no longer theoretical.
White Hat hacker Chris Paget hit the streets of San Francisco with a $250 Motorola RFID scanner, an antenna and a laptop. RFIDs are embedded in new U.S. "passport cards," and within 20 minutes, Paget "sniffed" three distinct passport tags. The test was filmed and uploaded to YouTube.
These numbers could be used to clone new, fake passports or simply to track the number's owners.
Besides the technical proof his driveby provides, Paget's demo illustrates another problem with RFIDs that policy-makers should note: despite warnings, cardholders are clearly not taking the precaution of storing their IDs in scan-resistant wallets (i.e. wallets lined with foil).
Unleash a few hundred thousand of these sloppy cards on to the streets of Ontario and watch the province become the identity theft capital of the world.
About the Authors
- Tara Kimura
is a multimedia producer for CBCNews.ca.
Categories
All News blogs
Most Commented
Most Recommended
Tech Bytes
Most Commented
Most Recommended
Recent Entries
- Universe hates Higgs boson, Chicago Cubs
- By John Bowman, CBCNews. A physicist working on the Large Hadron Collider doesn't think much of the theory that the universe is sabotaging the project to prevent the discovery of the Higgs boson. Might as well say that Nature hates... Continue reading this post
- Large Hadron Collider goes Back to the Future
- By Peter Evans, CBCNews.ca. Two respected physicists have put forward the theory that the Large Hadron Collider's stated aim of finding the Higgs boson might be so abhorrent to nature that mysterious forces are traveling back through time and sabotaging... Continue reading this post
- Multi-touch concept for desktops: 10/GUI
- By John Bowman, CBCNews.ca. I'm a fan of alternative ideas for human-computer interaction, so this video caught my attention. It shows an idea for a ten-finger touchpad interface and associated changes in the way a computer would handle multiple windows.... Continue reading this post
Comments (3)
Nice work Jesse. You're making it a better place for everyone by doing this research.
Jesse. You mentioned scan resistant wallets. When I looked at the State Department website, I found an indication that these passport cards are supposed to be issued with the scan resistant wallets. Any indication of how good the supplied ones are? If they are any good, then the problem found, while an issue, is related to sloppy use of the cards.
Of course, the next question is why these things are RFID enabled in the first place? At the State Department website, in the FAQ, it indicated that the Customs and Border Protection folks wanted to be able to scan them at a distance and have the photos available when the vehicle got to the checkpoint.
Not a chance in hell I will ever carry an RFID tag, willingly. I will never bow to anti-privacy, totalitarian rule, whether it be government or corporate. I'm not religious, but if anything is the "Mark", this is it.