Thursday, January 31, 2008

Microchips Everywhere: a Future Vision

AP Releases an interesting article on the concerns surrounding an RFID enabled world.

"Microchips with antennas will be embedded in virtually everything you buy, wear, drive and read, allowing retailers and law enforcement to track consumer items — and, by extension, consumers — wherever they go, from a distance."

Monday, January 21, 2008

Dutch RFID Transit Card Hacked

Bruce Schneier notes that the Dutch RFID Transit Card has been hacked.

Tiger Team uses RFID Cloning to break into jewlery store.

In a new Court TV television series which describes the work of a group of penetration testers, the attackers use a device to clone the RFID card of a jewelry store owner. The attackers follow the owner out of his store, and walk by him on the way to his vehicle, swiping their device by his pocket. The copied RFID card is then used to gain access to the store.

The episode number is S01E02 and is described in more detail on wikipedia. A trailer for the show can be found here.

Wednesday, January 02, 2008

Policy group warns over travel card

From a Securityfocus article

An identification card intended for use by Americans that frequently travel to nearby countries has significant security weaknesses that could be used to track U.S. travelers, the Center for Democracy and Technology, a policy group, said this week.

The U.S. Department of State issued federal rules on Monday describing the specifications of the card, known as the Passport Card. The electronic document contains a remotely readable chip known as a radio-frequency identification (RFID) tag but has far fewer security measures than the electronic passports, or e-passports, currently being issued to U.S. citizens, the CDT showed in a chart comparing the two formats. In addition, the Passport Card has a unique identification number that can be read at a distance of up to 20 feet, placing U.S. citizens in danger of being tracked, the group stated.

"The new rule calls for the use of 'vicinity read' RFID technology without the use of encryption -- this means the card will be able to be read remotely, at a long distance," the CDT said in an online statement. "CDT strongly objected to the use of this technology -- developed for tracking inventory, not people -- because it is inherently insecure and poses threats to personal privacy, including identity theft, location tracking by government and commercial entities outside the border control context, and other forms of mission creep."

Tuesday, January 01, 2008

Electronic Passports Raise Privacy Issues

From a Washington Post article:

The goal of the passport card, an alternative to the traditional passport, is to reduce the wait at land and sea border checkpoints by using an electronic device that can simultaneously read multiple cards' radio frequency identification (RFID) signals from a distance, checking travelers against terrorist and criminal watchlists while they wait.

"As people are approaching a port of inspection, they can show the card to the reader, and by the time they get to the inspector, all the information will have been verified and they can be waved on through," said Ann Barrett, deputy assistant secretary of state for passport services, commenting on the final rule on passport cards published yesterday in the Federal Register.