Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

Jesse Brown: Ethical hacker sniffs passport tags in driveby

A few months back I reported on security problems with RFID chips, the radio scannable tech embedded in next-generation Enhanced Driver's Licences. EDLs are in use in B.C. and set to hit Ontario en masse this summer.

The problem was that sensitive info could theoretically be "sniffed" by anyone with a cheap RFID scanner.

Well, it's no longer theoretical.

White Hat hacker Chris Paget hit the streets of San Francisco with a $250 Motorola RFID scanner, an antenna and a laptop. RFIDs are embedded in new U.S. "passport cards," and within 20 minutes, Paget "sniffed" three distinct passport tags. The test was filmed and uploaded to YouTube.

These numbers could be used to clone new, fake passports or simply to track the number's owners.

Besides the technical proof his driveby provides, Paget's demo illustrates another problem with RFIDs that policy-makers should note: despite warnings, cardholders are clearly not taking the precaution of storing their IDs in scan-resistant wallets (i.e. wallets lined with foil).

Unleash a few hundred thousand of these sloppy cards on to the streets of Ontario and watch the province become the identity theft capital of the world.

« Previous Post | Main | Next Post »

This discussion is now Open. Submit your Comment.

Comments

Darren Whitworth

Scarborough

Nice work Jesse. You're making it a better place for everyone by doing this research.

Posted February 8, 2009 11:50 PM

Kevin

Ottawa

Jesse. You mentioned scan resistant wallets. When I looked at the State Department website, I found an indication that these passport cards are supposed to be issued with the scan resistant wallets. Any indication of how good the supplied ones are? If they are any good, then the problem found, while an issue, is related to sloppy use of the cards.

Of course, the next question is why these things are RFID enabled in the first place? At the State Department website, in the FAQ, it indicated that the Customs and Border Protection folks wanted to be able to scan them at a distance and have the photos available when the vehicle got to the checkpoint.

Posted February 11, 2009 12:44 PM

Brian L

Toronto

Not a chance in hell I will ever carry an RFID tag, willingly. I will never bow to anti-privacy, totalitarian rule, whether it be government or corporate. I'm not religious, but if anything is the "Mark", this is it.

Posted May 20, 2009 02:51 PM

« Previous Post | Main | Next Post »

Post a Comment

Disclaimer:

Note: By submitting your comments you acknowledge that CBC has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever. Please note that due to the volume of e-mails we receive, not all comments will be published, and those that are published will not be edited. But all will be carefully read, considered and appreciated.

Note: Due to volume there will be a delay before your comment is processed. Your comment will go through even if you leave this page immediately afterwards.

Privacy Policy | Submissions Policy

[an error occurred while processing this directive]
Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

World »

302 Found

Found

The document has moved here.

more »

Canada »

302 Found

Found

The document has moved here.

more »

Politics »

302 Found

Found

The document has moved here.

more »

Health »

302 Found

Found

The document has moved here.

more »

Arts & Entertainment»

302 Found

Found

The document has moved here.

more »

Technology & Science »

302 Found

Found

The document has moved here.

more »

Money »

302 Found

Found

The document has moved here.

more »

Consumer Life »

302 Found

Found

The document has moved here.

more »

Sports »

[an error occurred while processing this directive] 302 Found

Found

The document has moved here.

more »

Diversions »

[an error occurred while processing this directive]
more »