Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RFID Passports Cloned Without Opening the Package

ScuttleMonkey posted more than 7 years ago | from the step-one-cut-a-hole-in-a-box dept.

Security 168

Jeremy writes to tell us that using some simple deduction, a security consultant discovered how to clone a passport as it's being mailed to its recipient, without ever opening the package. "But the key in this first generation of biometric passport is relatively easy to identify/crack. It is not random, but consists of passport number, the passport holder's date of birth and the passport expiry date. The Mail found it relatively easy to identify the holder's date of birth, while the expiry date is 10 years from the issue date, which for a newly-delivered passport would clearly fall within a few days. The passport number consists of a number of predictable elements, including an identifier for the issuing office, so effectively a significant part of the key can be reconstructed from the envelope and its address label."

Sorry! There are no comments related to the filter you selected.

Ohhh (5, Funny)

Anonymous Coward | more than 7 years ago | (#18265652)

10 seconds in the microwave sounds about right!

Re:Ohhh (3, Funny)

mdm-adph (1030332) | more than 7 years ago | (#18265772)

I've heard smashing it with a hammer works just as well, and it doesn't invalidate the passport. Someone correct me if I'm wrong about this!

Re:Ohhh (3, Funny)

db32 (862117) | more than 7 years ago | (#18265852)

Temporal hammer? You would have to smash it before you get it.

Re:Ohhh (2)

kpainter (901021) | more than 7 years ago | (#18265786)

That sounds like an excellent idea to me, seriously. I wonder what the effect of doing that would be on the user though?

Re:Ohhh (3, Informative)

Sunburnt (890890) | more than 7 years ago | (#18265922)

Not sure about the effects on a UK passport holder, but you can still use [state.gov] a U.S. passport if the RFID is disabled. The only advantage of having one seems to be shorter lines at Immigration. (Which isn't true yet, at least at LAX as of two weeks ago. They're probably waiting for more people to get the new passports before they set up the equipment.)

Re:Ohhh (5, Insightful)

misterhypno (978442) | more than 7 years ago | (#18266634)

It doesn't matter if YOU disable the chip, because it can be cloned BEFORE THE OWNER EVER GETS THE FRENORKING THING!!

If you read the article, the cloning took place while it was IN TRANSIT TO the intended receipient - which means that ANYONE getting a Passport through the mail could have their Passport cloned BEFORE they ever GET it.

Without the package that the Passport is shipped in EVER BEING OPENED!

Try reading for content next time.

So, even if you disable the RFID after you GET it, the thing has been compromised BEFORE you ever get your hands ON it!

RFID = Real Fast Identity Destruction... courtesy of Homeland Security and the rest of the paranoids who don't understand technology up on the Hill who probably think that RFID is "totally tubular, man! Like the internets!"

And I will bet long odds that this post gets me audited - again - too.

Re:Ohhh (1)

vrwarp (624266) | more than 7 years ago | (#18266964)

Well... they can always just shield the passport before sending it?

Re:Ohhh (5, Funny)

Clazzy (958719) | more than 7 years ago | (#18267102)

I can see it now, get an RFID-enabled passport and get a tin foil hat for free!

Re:Ohhh (1)

Lurker187 (127055) | more than 7 years ago | (#18267294)

The cover supposedly has some shielding, but apparently not enough to foil a high-gain antenna, as I suspected. I'm ordering a Faraday wallet for my daughter's passport.

Unrelated but interesting: my wife sent in her renewal at the same time we applied for my daughter's first passport, in Nov. 2006, and the renewal arrived sooner but without an RFID chip, only the new passport had one, although they both should have been manufactured at the same time, so you would think using the same methods and materials. My WASG is: certain offices/facilities handle new orders, and others handle renewals.

Re:Ohhh (1)

NerveGas (168686) | more than 7 years ago | (#18266912)

My suspicion is that you don't necessarily get the shorter line with the RFID, but that you will get a MUCH longer line if your RFID doesn't work...

That's based on a trip back east a few years ago where the travel agent booked the tickets with my wife's maiden, not married name. She was able to get the tickets by producing various documents, but each time through security, we would be told "No, the two of you step over here, please." Let's just say that it was a good thing that we arrived early. :-(

Re:Ohhh (0)

Anonymous Coward | more than 7 years ago | (#18267182)

has anyone confirmed what happens if your RFID check fails? I have to get a new passport soon and am planning on microwaving it, but it would suck if that means I get strip searched by US customs whenever I travel. Also, how long should it be microwaved for to disable the RFID without sparking a far or anything?

Re:Ohhh (0)

Anonymous Coward | more than 7 years ago | (#18267012)

10 is way too much. I fried everything but the screen in a notebook in 5 sec when I was (unsuccessfuly) comitting warranty fraud.

I get it... (1, Insightful)

Lithdren (605362) | more than 7 years ago | (#18265674)

we make it harder for the terrorists to get passports (ha, yeah right) but make it really easy for them to dup them!

That way, we can insist there are no terrorists, only home grown bad guys, and we can spend a few billion more dollars on less lethal weapons, killing our own citizens in the name of the greater good!

????

Profit!

Re:I get it... (0, Offtopic)

drinkypoo (153816) | more than 7 years ago | (#18266598)

We don't want to kill our own citizens, unless we can make more money selling their organs (hello, China!) than by incarcerating them. Which we can't. It costs us an enormous amount of money to keep someone incarcerated for a year. In fact, prisoners cost us more than students! This is pretty well inexplicable to me. There's no reason it should be so expensive to keep people locked up and fed. Well, there is a reason; the corrections system is padded at every level, and the kickbacks go to the people who make the campaign contributions. Regardless, the point is that it's more cost-effective to incarcerate them, because then you can milk more money out of the taxpayers.

Embedded Linux is a major security risk (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18265682)

Just have to look at the source to have all the keys and algorithms. Not exactly hacker proof...

Re:Embedded Linux is a major security risk (0)

Anonymous Coward | more than 7 years ago | (#18265804)

You, sir, are an idiot. It has long been a tradition in the cryptoanalysis community to disclose fully your algorithms. This is because most algorithms fail when tested by outside parties so you want peer review to make sure your algorithm doesn't contain a flaw you missed. And keys are set by the user so they can be anything the user wants and being user generated they are private to the user from the get-go. This combination of user-private keys and publically-tested algorithms is the best we've come up with so far and I highly doubt that you would be able to even scratch a current protocol much-less crack it.

Re:Embedded Linux is a major security risk (4, Funny)

Lumpy (12016) | more than 7 years ago | (#18265886)

Wow! I did not know that there were any oblivious morons left in the wild.
What number is on your ear tag? OH! are you one of the rare untagged morons? Where is my camera! National Geographic is gonna pay for a photo of a untagged wild moron!

hey, come back! this camera won't steal your soul....... dammit.

Does anyone remember Press Your Luck? (5, Interesting)

Aurelfell (520560) | more than 7 years ago | (#18265728)

It was the game show with the Whammies that stole your money. As I recall, there was a guy who watched the show long enough that he figured out a pattern that would let him win every time. He played for like three days, and won a crazy amount of money. The show went of the air, but I remember reading that the programmers who created the game board offered to make it 'true random' for another $600, and the network refused to pay it.

This article reminds me of that story.

Does anyone remember Rainman? (0, Offtopic)

TheRealMindChild (743925) | more than 7 years ago | (#18266012)

It was the movie with the retard that won some money. As I recall, there was a guy who watched cards long enough that he figured out a pattern that would let him win every time. He played for like three days, and won a crazy amount of money. The movie went to DVD, but I remember reading that the dealers who hosted the game offered to make it 'true random' for another $600, and the pit boss refused to pay it. This article reminds me of that story.

Re:Does anyone remember Rainman? (0)

Anonymous Coward | more than 7 years ago | (#18266396)

It was the movie with the retard that won some money

The parent was describing a real-world event. You're talking about a movie. Ass.

Re:Does anyone remember Press Your Luck? (5, Informative)

rufey (683902) | more than 7 years ago | (#18266030)

Yes, this really did happen on Press Your Luck. The contestant was Michael Larson. He had spent quite a bit of time before appearing on the show analyzing how the different squares on the board flashed and in what sequence. He managed to win over $100,000 USD on the show.

More can be found at Snopes [snopes.com] and at Wikipedia [wikipedia.org] .

Re:Does anyone remember Press Your Luck? (1)

GizmoToy (450886) | more than 7 years ago | (#18266156)

I'd never heard of that story before. I looked it up, and it turns out it was pretty interesting. I used to watch that show long ago.

Thanks for the tip!

Packaging (2, Insightful)

Radon360 (951529) | more than 7 years ago | (#18265736)

I guess they should have considered mailing them inside a sealed aluminum foil pouch inside the envelope. Not that something like that would stop all of the other vulnerabilities, however.

Re:Packaging (2, Insightful)

VorpalRodent (964940) | more than 7 years ago | (#18265876)

In every article we've seen on this, there is always the discussion of the government's position of "no one can read it if it's closed". What happened to that? I don't recall my passport arriving opened inside the pouch.

This implies, at least to me, that there is no security whatsoever protecting it from being read, closed or open. Are we to believe that this is seriously the best that they could come up with?

Re:Packaging (3, Interesting)

Sunburnt (890890) | more than 7 years ago | (#18265964)

In every article we've seen on this, there is always the discussion of the government's position of "no one can read it if it's closed". What happened to that? I don't recall my passport arriving opened inside the pouch.
Mine did, actually, but the article is referring to the U.K. passports. Different kind of RFID on the U.S. models, and the cover is definitely a different (and thicker) material than the older passports.

Re:Packaging (1)

smaddox (928261) | more than 7 years ago | (#18266558)

I agree... I think the idea was to put a wire mesh in the covers so that no communication can be made with the RFID without opening the cover. I'm not sure how effective this would be, since its not a perfectly closed surface. It would definitely weaken the signal, but they all the hacker has to do is increase his signal enough to where he can actually read the return signal.

Then again, I don't really know anything about RFID. This is just going on my knowledge of electro-magnetics.

Re:Packaging (1)

Billosaur (927319) | more than 7 years ago | (#18265900)

I guess they should have considered mailing them inside a sealed aluminum foil pouch inside the envelope. Not that something like that would stop all of the other vulnerabilities, however.

Mmmmmmmmm... vacuum-packed for freshness!!

Re:Packaging (1)

Archon-X (264195) | more than 7 years ago | (#18267412)

Would that make passports get that new hardware smell?
I'd be hooked.

Re:Packaging (1)

Ayal.Rosenthal (1070472) | more than 7 years ago | (#18267164)

While a good idea, it assumes that the government will implement practical, efficient solutions as temporary measures until they can get their act together. Its ideal, just not likely. - Ayal Rosenthal

Same old Daily Mail (3, Interesting)

goldaryn (834427) | more than 7 years ago | (#18265758)

From the Daily Mail article: "More significantly, we had the details which would allow a fraudster, people trafficker or illegal immigrant* to set up a new life in Britain. The criminal could open a bank account, claim state benefits and undertake a myriad financial and legal transactions in someone else's name. "

So basically, exactly what goes on now, except for the new false sense of security. Great!

* I knew they'd bring this up

Re:Same old Daily Mail (0)

Werrismys (764601) | more than 7 years ago | (#18265956)

* I knew they'd bring this up"

And shouldn't they have? Immigration is Britains #1 problem.

Re:Same old Daily Mail (2, Insightful)

Cinnamon Whirl (979637) | more than 7 years ago | (#18266840)

And shouldn't they have? Immigration is Britains #1 problem.
+4 insightful for that? He didn't even say "illegal immigration", he said "immigration"! And even then, that wouldn't be insightful: various factors are a play in any social situation, so a one line summary of "Britain's problems" shouldn't cut it.

Re:Same old Daily Mail (2, Funny)

Rob the Bold (788862) | more than 7 years ago | (#18267086)

And shouldn't they have? Immigration is Britains #1 problem.

You seem to be forgetting national dental care, the horrible rise of drug abuse, particularly among the working class and the minorities, the removal of troops from Northern Ireland, the parking situation in Benchley, and preventing Liam Gallagher from leaving Oasis.

Re:Same old Daily Mail (5, Insightful)

drinkypoo (153816) | more than 7 years ago | (#18266062)

I knew they'd bring this up

You know, it's not just governments concerned about illegal immigration. It's residents, too. Illegal immigration does help keep prices low, but it also helps drive down wages by reducing the value of laborers.

As such, they would be remiss in not mentioning it, as it is of interest to their readership.

Re:Same old Daily Mail (1)

geekoid (135745) | more than 7 years ago | (#18266718)

First off, you need to look at the jobs they do.

I do know that in the US, there are farms that can not get american laborers at over 10 bucks an hour with benefits.

It's the type of work someone will do day in and day out when setting up a new life.

So, that farmer cuold pay more, but they don't have the funds right now, and how much are we willing to buy a potato for?

Looking at the history of migrant labor, the US was a lot better off when migrant laborers went backa nd forth across the border. It was when it became really difficult to go back did we start to see problems.

Re:Same old Daily Mail (4, Insightful)

drinkypoo (153816) | more than 7 years ago | (#18266938)

First off, you need to look at the jobs they do.

Having grown up in Santa Cruz, which is in a highly agricultural area, and now living in Kelseyville, which is/was the Pear capital of the world (lots of pears coming out and grapes going in these days though) I'm pretty highly aware of the jobs they do.

I do know that in the US, there are farms that can not get american laborers at over 10 bucks an hour with benefits.

What? That sentence doesn't really say anything. There are no farms, for example, that could not get American laborers at 30 bucks an hour. That's over 10 bucks an hour. Maybe we could revisit this point?

It's the type of work someone will do day in and day out when setting up a new life.

I'm not sure what that has to do with anything. Lots of people in the US need a new life, too.

So, that farmer cuold pay more, but they don't have the funds right now, and how much are we willing to buy a potato for?

Well, that's precisely my point. The farmer needs to charge more in order to pay more. As long as some employers are happy to hire illegals, they can charge less, and that makes them more competitive. So their competitors are forced to do the same thing.

Consequently we have cheap produce... but it's only cheap at the store. The simple fact is that every taxpayer in America is subsidizing that "cheap" food. We're paying for medical care for these immigrants, for example. Their employers work them part-time or they otherwise do not receive benefits. They do not pay taxes, or if they do pay taxes, their income is underreported and they're using someone else's SSN (in fact one used mine one year, but they reported only a few dollars of income so it didn't actually harm me.) There is also a very real issue with Mexican (in particular) gangs, especially in California. This is not a joke, this is not a made-up problem designed to scare people. It's real, and it's here. And it is largely a result of illegal immigration.

Now, look at the alternative to illegal immigration. If people are here legally then they can afford to report labor code abuses, because they don't just get kicked out of the country when they interface with the law. So this tends to have the result that people who are worked full-time actually get their benefits, and they have health insurance. So now they no longer need to depend on the taxpayer for medical care.

Of course, it also has the effect that food appears more expensive on the store shelf, or in the produce aisle, et cetera. But in fact the ACTUAL costs may go down overall! I say "may" because let's face it, I am not an economist, and I have not run the numbers. But I'm also not a complete idiot and I'm capable of understanding simple cause and effect.

What we have created is a system that encourages unemployment. It reduces not only the total number of jobs, but also the number of jobs capable of supporting a family. Wouldn't it be better if food cost a little more, or in some cases even a lot more, and the actual cost were reflected directly at the store shelf?

Looking at the history of migrant labor, the US was a lot better off when migrant laborers went backa nd forth across the border. It was when it became really difficult to go back did we start to see problems.

That's not really true. We only see different problems now. One issue is that we the US have constantly sought to degrade the quality of life south of the border in order to protect our pool of ready and willing labor. NAFTA, for example, was simply another way to fuck over the Mexicans. And now that manufacturing is cheaper in other countries, we just take whatever is valuable (even for scrap) and abandon the factories to sit and rust on the polluted ground we left them on, and move our manufacturing, so that Mexico really gets nothing out of it. But long before NAFTA we would simply go on raids across the border, or send our warships down to bombard towns to force them to sell their local fruit to the United Fruit Company at whatever price we deemed fair. We've been fucking Mexico as long as we've known it was there.

But if we were to permit the quality of life to improve there, then maybe all those Mexicans wouldn't be coming over here to pick our lettuce and send the money home...

The thing is that our nation is full of shit like this. We outlaw drugs here, so we create a huge market in importing it that sends money out of the country and - it's true! - some of that money supports terrorism. In fact we paid Osama a pretty serious chunk of change to stop opium production, which lasted for one year, and we were rewarded by having some buildings blown up. It's a good thing we're also one of the world's largest exporters of Marijuana, or we wouldn't have any money left in the country at all.

And let's not even get started on our dependence on foreign oil. You think the three bucks you're paying at the pump right now is bad? How many soldiers per gallon does it take to fuel your SUV? (The global "you", not you(geekoid).) How many Afghanis? How many Iraqis?

We might as well just rename the United States of America to the Disjointed States of Hidden Costs right now.

The terrorists have won. (0)

Anonymous Coward | more than 7 years ago | (#18265762)

I'm a libertarian so now I feel justified in supporting open borders. Having enough money to live in a gated community and owning machine guns is a private matter.

I'm a "Law 'n Order Anarchist" (2, Interesting)

Ungrounded Lightning (62228) | more than 7 years ago | (#18266446)

I'm a libertarian so now I feel justified in supporting open borders. Having enough money to live in a gated community and owning machine guns is a private matter.

I, on the other hand, characterize myself as a "Law 'n Order Anarchist" (or "Law 'n Order Minarchist" on even-numbered days). That means I think we should get rid of all (or all but the minimum necessary) of the laws - but believe it must be done in the right ORDER or it makes things worse rather than better.

(Actually, I'm more of a "Constitutional Law 'n Order Anarchist/Minarchist" Let's get there by legal means, such as repeals and amendments.)

A prime example of this order-dependence is the immigration barriers. Open borders would be nice. But you have to remove the cancerous overgrowth of the social services first. Otherwise you get an inrush of people who put a far larger load on the services than any taxes on them cover, while depressing wages and breaking unions. A double pick of the workers' pocket - for the dubious "benefit" of giving employers a break on wages. The mass of workers gets hit twice - once in the paycheck, again in taxes. A perfect, though indirect, example of "corporate welfare".

Then the citizens retaliate in elections. Libertarians, with their track record of going after any piece of their agenda without regard for the consequences of the order, become further marginalized. Naturalizing the incoming won't help Libertarians either: The bulk of their votes will go for more benefits for themselves.

Your situation is another example: To do what you want you need to get rid of the laws that make owning a machine gun or using it for home defense nearly impossible before you retreat to your fortress neighborhood and open the borders. B-)

Re:The terrorists have won. (2, Interesting)

istartedi (132515) | more than 7 years ago | (#18266458)

If there are no borders, then there is effectively no government. This is one of my big problems with the Libertarians. Taking away borders would, in theory, lead to anarchy. In practice, any anarchy gives rise to power centers since nature abhors a power vacuum just as much as it abhors a physical vacuum. In the past, this vacuum was filled by feudal systems that coalesced into nation states. In the present, the porosity of borders combined with the mobility and rapid communications of technological society, allows multinational corporations to fill the void. If you support this particular bit of Libertarian ideology, you indirectly support rule by multinational corporations. I know I'll get heated rebuttals on this from Libertarians. The counter-arguments will probably end up sounding a lot like the GPL zealots who argue that their ideal of freedom is more important than having a video driver that works. If we lose control of the borders, we may all end up so poor that we find ourselves dreaming of the day we can afford to buy a PC from WorldMart that runs GNU/Linux at 640 by 480.

Re:The terrorists have won. (1)

Ucklak (755284) | more than 7 years ago | (#18267062)

The only way you end up poor is by giving goods and services away.

Likewise, there are ideologies that sound attractive in most or all political parties, just not 100% of a particular party.

Re:The terrorists have won. (2, Insightful)

AJWM (19027) | more than 7 years ago | (#18266788)

I'm a libertarian so now I feel justified in supporting open borders. Having enough money to live in a gated community and owning machine guns is a private matter.

You call yourself a libertarian and you can't see the internal inconsistency in that position?

Sigh, what happened to the good old days when libertarians were people who had read and understood Ayn Rand? Our borders are our gated community, how else keep out people who are opposed to the libertarian ethic? (I.e., who want to take things from us by force or fraud.)

One of the problems with RFID (5, Insightful)

StewedSquirrel (574170) | more than 7 years ago | (#18265788)

One of the primary problems with RFID is that it is "wireless" in nature. It is also designed to be "simplistic" for the simple case of economic savings.

While it is a great technology for information such as Barcode scanning and inventory tracking, its use in biometrics, identification and access controls is less secure. Transmitting significant and irrevocable information in an RFID pulse is irresponsible.

Where a barcode is ubiquitous and the concept of "stealing" it is silly, and even where the ID number of a "proxmity card" employee ID badge is easily revocable, information stored on a passport, such as biometrics, permanent identification numbers and the like are not revocable.

If you have such a passport, it is advisable that you either fry the RFID chip (i am not responsible for the legal issues surrounding it) or you store your passport in a metal safe, where RF cannot pass. There are already bags on the market with an integrated faraday cage, it is not entirely practical to keep your RFID identity perpetually in this bag while traveling (not to mention the headache at the airport screening area with a metal-laced bag). [tgdaily.com]

In short, this new RFID identity system is one of the most ill-advised and potentially dangerous (vulnerable to easy identity theft) systems in recent history, and is simply ASKING for people to duplicate it, while providing no benefit other than the government control ("papers please") that it demands.

Stewed

Re:One of the problems with RFID (4, Interesting)

Sandbags (964742) | more than 7 years ago | (#18266054)

RFID may be easy to copy or crack, but someone gets that info on their screen and still validates it against the hard copy when entering/exiting using a passport. You don't just wave it and go on... Passport information by itself is not enough to steal someone's identity or bank account. You still need physical proof. This first pass with RFID is simply making data tracking easier. It was not designed to be secure, just difficult to completely copy or forge. A truly secure passport system would have to include fingerprinting, pass codes, facial scanning technology, or some other system to prove the identity of the bearer. Of course, the RFID could not be responsible to pass that information, it would likely merely possess some simply information allowing it to access a secure database system that actually contains the remainder of the data. That data could be on a government server, or even an integrated SIM in the passport itself requiring connection to a proprietary system. 3 point data validation would work, but it would be very expensive. You'd still need hard copy for entering nations that do not yet have the technological capacity to electronically scan passports. One solution I hear proposed was that not only would the passport itself have an RFID tag, but also the person himself embedded under the skin, plus the addition of a fingerprint and 6 digit pin number. All 4 would have to match, be combined, and then be compared to a CRC value stored in an international database. All this would be simply for identity confirmation and nothing more, with the FBI and other similar branches still needing to cross validate your identity to your criminal record or a watch list. Are we really that concerned/paranoid?

Re:One of the problems with RFID (0)

Anonymous Coward | more than 7 years ago | (#18266256)

I wasn't... but now I am. Embedding something under my skin? No thanks.

Re:One of the problems with RFID (2, Insightful)

Jah-Wren Ryel (80510) | more than 7 years ago | (#18266922)

RFID may be easy to copy or crack, but someone gets that info on their screen and still validates it against the hard copy when entering/exiting using a passport. You don't just wave it and go on... Passport information by itself is not enough to steal someone's identity or bank account. You still need physical proof. This first pass with RFID is simply making data tracking easier. It was not designed to be secure, just difficult to completely copy or forge. A truly secure passport system would have to include fingerprinting, pass codes, facial scanning technology, or some other system to prove the identity of the bearer.

The question is not just, "Is an RFID passport secure authentication?"
The question is, in the big picture when all costs and all benefits are accounted for, are RFID passports a good value compared to the previous system?

The ability to clone a passport that is in a sealed envelope is a significant cost compared to the previous system because it opens up a whole class of attacks that did not exist previously. Factor in other costs, like the direct cost of the equipment upgrades and the inevitable over-reliance on the system by the people who check passports, the risk to American Freedom from ever expanding government and corporate databases with semi-public access, and even the ability to remotely detect a passport's presence without decrypting the contents (the RFID equivalent of walking around with a sign on your back that says "I'm an American, kick my ass") and the cost-benefit ratio of RFID passports starts to look really, really poor.

Re:One of the problems with RFID (0)

Anonymous Coward | more than 7 years ago | (#18266356)

If you have such a passport...

What you describe is apparently inadequate, though. If you have such a passport, it was out of trusted hands for some time... and could have been cloned without your even knowing it, before you even got it.

So what? (0)

snark23 (122331) | more than 7 years ago | (#18265798)

Is this really a big deal?

The issue with RFID passports would be if they could be /forged/... it doesn't matter if they can be duplicated.

Sure, there's a minor privacy issue if the passport can be read by proximity (how close do you need to be? ten inches?), but really... this is blown out of proportion.

Re:So what? (4, Insightful)

Arker (91948) | more than 7 years ago | (#18266052)

Is this really a big deal?

Yes.

The issue with RFID passports would be if they could be forged... it doesn't matter if they can be duplicated.

A distinction without a difference. An organisation (and it doesn't matter if this is a terrorist group or a run-of-the-mill little mafia type operation) coöpts a few postal employees. Not particularly hard to do. Those employees use a relatively inexpensive piece of equipment to scan the passports that pass through their hands. This is nearly instantaneous, and non-invasive, so good luck noticing that. The passports go right along to their intended recipients with no delay, and no one's the wiser. Yet the organisation now has all the information needed to create forged passports with valid data, which will raise no flags when used and allow their operatives to assume the identity of the citizen. All the supposed security benefits of the plan are gone, in fact, it's worse than old-style passports from a standpoint of security.

Sure, there's a minor privacy issue if the passport can be read by proximity (how close do you need to be?

Depends on how good your receiver is. Just because customs will be using an el cheapo setup that needs to be within ten inches to read the signal doesn't mean that no one will be able to construct a better reader. You think that's a *minor* issue? That someone could steal your identity, or detonate a bomb, based on that information without even having to set hands on your passport? Sounds pretty major to me.

Re:So what? (1)

Bill, Shooter of Bul (629286) | more than 7 years ago | (#18266384)

I could be wrong, but I believe some of the information stored on the rfid ( or linked in a database of some kind) chips is biometric. Ie ( finger print information, retinal scan). So you'd have to beat that level of security as well. Not impossible, but not a walk in the park.

Re:So what? (4, Informative)

Kristoph (242780) | more than 7 years ago | (#18266768)

I cannot believe this was voted insightful.

A copy of 'biometric' passport information has no value in a security context. If a copy of a passport is created using the biometric information then, obviously, that biometric information will not match the passport holder which will mean he/she will be identified as carrying a forged passport. If the biometrics are changed the digest of the passport information will be invalid and so, again, he/she will be identified as carrying a forged passport.

This is really only an issue because someone can get your personal information (for use in, for example, financial identity fraud) without having to actually open any of your mail.

]{

Re:So what? (1)

fractalVisionz (989785) | more than 7 years ago | (#18266086)

Actually, it does matter. The passport readers do not require the passport inspector to actually open up the passport. This allows the fake passport to be "real" with a added RFID device as long as the operator doesn't look inside. And since this is a technology used to speed up transactions through checkpoints, inspectors will not be opening many passports from now on. Thus, it is a huge deal.

Additionally, a normal reader may only be able to read it from 4 inches or so, but a scoped antenna could potentially extend the distance to a few feet to even a few hundred feet. Be scared about this technology, I am.

I recently got a new credit card with it, I immediately destroyed the card and chip inside, and requested a new card without the chip, as there have been attacks on this too. Be scared...

Re:So what? (2, Insightful)

jimicus (737525) | more than 7 years ago | (#18266756)

The issue with RFID passports would be if they could be /forged/... it doesn't matter if they can be duplicated.

Not true.

There's a lot to be said for not bothering to forge passports anyway - sooner or later customs at most first-world countries will probably link up, so the passport number can be checked instantly against a database to make sure the details match up. The only way a "forged" passport will work then is if it's not forged at all, but rather made with the collusion of someone at the passport office.

However, if you can duplicate a passport, you can pretend to be someone else. Someone who (you hope) has no criminal record and is not even vaguely interesting to the authorities. With access to a crooked person in authority, you can confirm this. Without such access, you simply make a few flights and see if you get stopped. The only way I can see around this is if government starts tracking where everyone is, and if the passport handed over at customs belongs to someone you know for a fact was a thousand miles away only ten minutes ago, you know something fishy's going on. But we're a long way from having that level of technology - and while I absolutely hate the sound of it, I wouldn't be even remotely surprised if someone in government is mulling it over right now.

Because It's a Dumb Chip! (4, Insightful)

mpapet (761907) | more than 7 years ago | (#18265814)

I know the average /.'er will be up in arms about how insecure the new passport is but it's simply not one of the design goals.

The primary goal is to have a document that's harder (it's never impossible) to forge and easier to collect and process entry/exits. That's it. End of story.

It's not a silver bullet. Treating it as such is demanding something you won't ever get.

Re:Because It's a Dumb Chip! (2, Insightful)

WinterSolstice (223271) | more than 7 years ago | (#18265928)

Seems like it's actually *harder*, to process and *easier* to forge though, not easier. Or am I the only one that thinks so?

Re:Because It's a Dumb Chip! (3, Insightful)

EdMack (626543) | more than 7 years ago | (#18266002)

You're missing the point. It *is* now easier to forge, since the chip is easily copied without the receiver knowing, and people perceive the chip to be more secure and harder to copy.

Re:No No! No! (4, Insightful)

mpapet (761907) | more than 7 years ago | (#18266150)

Here's the how-to on forging a new passport:

1. Create a falsified passport jacket capable of holding a chip and antenna.
2. You embed the _right_ chip with the _right_ number encoded (oh yeah, you need to encode the chip) AND the _right_ antenna required for the chip in your garage into the faked passport jacket.
3. Create secure paper used in passport.
4. You'll need to work up all of the print security features.

It's not trivial, it's not a silver bullet it's not a fake ID you used to buy beer in college. Stop expecting more from the new passport than the design requirements fulfill.

Re:No No! No! (2, Insightful)

maxume (22995) | more than 7 years ago | (#18266910)

Is the chip required to get through customs? If not, the procedures is more like:

1. Read and crack data without being detected(this is perhaps easier than stealing a traditional passport).
2. Forge now even more legitimate passport using cracked data.

Re:No No! No! (1)

POPE Mad Mitch (73632) | more than 7 years ago | (#18267010)

if it was so hard to forge a passport then they wouldnt need the extra security they claim the rfid chip gives. but guess what, passports are already being forged.

the rfid chip contains photo biometrics certainly (not a high res picture either, theres only a tiny amount of storage space), but fingerprints arent included yet in many cases (and were never mandated by ICAO) it also doesnt include your signature.

so somebody that looks a bit like you, enough to pass casual observation (we all know computer face matching is very unreliable, people are even worse at it), can have a passport with your details on and their own choice of signature, which world+dog will assume is totally authentic, and which they can now use to claim your name and address as their own identity.

Re:Because It's a Dumb Chip! (1)

Kristoph (242780) | more than 7 years ago | (#18266606)

No, I think it is you are missing the point. If you *copy* the chip you will copy the picture / fingerprints of the original owner of the passport. You will thus be immediately caught when attempting to use the passport because the 'biometrics' will not match. If you change the picture or other biometrics the key of the password will no longer be valid and thus it will be identified as a forgery.

So the fact that someone can copy your the chip is more of a privacy issue then a security issue.

]{
 

Re:Because It's a Dumb Chip! (2, Insightful)

Ungrounded Lightning (62228) | more than 7 years ago | (#18266546)

The primary goal is to have a document that's harder (it's never impossible) to forge and easier to collect and process entry/exits. That's it. End of story.

So if you "need" a chip to handle the data, what's wrong with using a CONTACT-read chip like those on credit cards?

Sticking the passport in a slot is THAT much more inconvenient than waving it over a reader that you have to make the passport subject to drive-by scanning?

(Just imagine the next generation of "wardrivers". The term might end up being literal.)

Re:Contact in Paper Doesn't Work. (1)

mpapet (761907) | more than 7 years ago | (#18266728)

What you are advocating is a card approach which is not compatible with legacy passport systems still in use. The old ways die hard in gov't.

Not at all. (1)

Ungrounded Lightning (62228) | more than 7 years ago | (#18267124)

What you are advocating is a card approach which is not compatible with legacy passport systems still in use. The old ways die hard in gov't.

Not at all. There's no reason the material the chip is embedded in -and the electrodes are on the surface of - has to have the form factor of a credit card. You can use the the cover of the passport - front or back, outside or inside - just fine.

Passports have had plastic-coated covers for over a decade. There's no reason the plastic layer can't be made thick enough to contain the chip and support its contact patches.

Re:Because It's a Dumb Chip! (1)

POPE Mad Mitch (73632) | more than 7 years ago | (#18266900)

ironically you have to stick these rfid passports through a slot reader anyway.

an optical reader decodes the printed values on the bottom edge of your passport in order to construct the key to connect to and decrypt the rfid data.

Re:Because It's a Dumb Chip! (1)

orielbean (936271) | more than 7 years ago | (#18267072)

No, it is easier now. Before I had to pickpocket your passport, copy the info, and then slip it back to you without you knowing it was compromised. Now I buy the sniffer, goto the airport bar, and I can copy 200 passports in one day's work.

Easier.

What about US passports? (4, Interesting)

Sunburnt (890890) | more than 7 years ago | (#18265880)

I received one of the new U.S. Passports - the day I handed in my application happened to be the first day of the change, and I had my order expedited, so I have one of the first new passports.

There's no "chip:" the electronic storage is embedded in the photo page of the passport, among a series of wires covered with laminate. The Department of State says the cover of the new passports prevents RFID scanning when closed, which probably explains why the cover is a different thickness and flexibility than the previous passports.

Funny thing, though: the passport itself was opened flat in the shipping envelope from the passport center. So, presumably, it could be read. I wonder what sort of security the USDoS is using on these things?

The article has nothing to do with U.S. passports, since the Brits are using a different RFID mechanism. So, no help there. I wonder how many people read the article summary (which fails to mention this detail - it probably should, since this is a rather U.S.-centric website) without RTFA and are busy microwaving their new U.S. passports?

Re:What about US passports? (1)

Arker (91948) | more than 7 years ago | (#18266096)

IIRC the British and US passports are using essentially the same mechanism, so as to be compatible with each others readers. The US passports added the cover-shield, which is of dubious value as you note, but other than that I think they'll have the same vulnerability. Could be wrong though.

Re:What about US passports? (1)

drinkypoo (153816) | more than 7 years ago | (#18266102)

USDoS

What are you talking about? Every department of the US government is about denial of service. They deny you service at every step.

But seriously, I'm sure they ship them flat specifically so that they CAN read them. Exactly why they would want to do this is anyone's guess.

I'd say that so long as they don't have the same weak-key problem (or similar) as UK passports, who cares? The issue isn't reading my passport when it's in the mail. The issue is reading my passport when it's on me, and knowing things about me that you can use for pretexting etc.

Re:What about US passports? (1)

Prophet of Nixon (842081) | more than 7 years ago | (#18266158)

When was this? I got a new passport mailed about two weeks ago, and now I'm curious if mine has that (I would check, but its at home... I glanced at it and put it back in the envelope for now).

Re:What about US passports? (1)

drew (2081) | more than 7 years ago | (#18266814)

FWIW, my wife got her new passport a week or two ago, and as far as I can tell it's not one of the RFID ones.

it's != its (0, Troll)

doug141 (863552) | more than 7 years ago | (#18265998)

it's = "it is"
its = possessive of "it"

Re:it's != its (0)

Anonymous Coward | more than 7 years ago | (#18266148)

its = something possessed by eBay

Re:it's != its (1)

istartedi (132515) | more than 7 years ago | (#18266750)

Of course, this depends on what the meaning of "is" is.

That's no "security researcher"... (3, Informative)

OriginalArlen (726444) | more than 7 years ago | (#18266026)

...that's Adam [rfidiot.org] Laurie [google.co.uk] ! The godlike genius of Shepherd's Bush! Seriously though... he's something of a geek hero to me. Dunno why (apart from respect for a fellow-survivor of Bush) -- lots of other people write code and do research, but he just seems like such a nice chap with it.

RFID passports to be abandonded? (2, Informative)

mrtexe (1032978) | more than 7 years ago | (#18266060)

Secretary Chertoff, US Department of Homeland Security: RFID passports to be abandonded [playfuls.com] .

That said, it looks like some of these passports are out there already. Secondly, I haven't come across a definitive statement or timeline from DHS as to when RFID passpots will be abandonded.

Re:RFID passports to be abandonded? (1)

drinkypoo (153816) | more than 7 years ago | (#18266630)

Secondly, I haven't come across a definitive statement or timeline from DHS as to when RFID passpots will be abandonded.

Right after all the people they really want to track either a) have one or b) have been tagged with RFID through other means. You can make a passive RFID tag the size of a grain of rice (smaller!) now. You could trivially hide it inside of anything... a key chain, or even a key! With the right design, in fact, you could probably use a key as an antenna.

RFID is not going to save the world (4, Informative)

unPlugged-2.0 (947200) | more than 7 years ago | (#18266070)

As a software developer in the RFID industry and trying to effectively merge open source and RFID I always hear these kinds of things from our clients, slashdotters, family and random people on the street. RFID is insecure, it's the end of the world, we are all going to be puppets, you wouldn't believe the kind of responses I get during thanksgiving.

And what I tell everyone is RFID is not the end-all technology to solve every identification need. Also there is no one kind of tag so it is silly to say that RFID in and of itself is insecure.

The truth is that tags can be secure or they can be cheap but very rarely both. It is impossible to be able to have them both with the current economies of scale. The ones used in the passport are most definitely not the high-end tags with memory and cryptographic capabilities. There are some active tags that can do public/private key validation but they also cost a fortune. The governments are going to go with the cheapest version.

They know full well it is going to be cracked. It is not a big deal as it is not that hard to steal or copy the current passport anyways so they have not really digressed. This was meant to be a pilot (that somehow went into production) to check how efficient it could be and also serve as a vehicle for making further enhancements and putting more data.

As other slashdotters have pointed out it is still impossible to actually modify the information on the tags. When this is possible then that is really newsworthy because now people can actually change other people's information and wreak havoc.

But until then there are far easier and cheaper ways to find out someone's Social Security and date of birth on the web.

Re:RFID is not going to save the world (2, Interesting)

drinkypoo (153816) | more than 7 years ago | (#18266548)

As a software developer in the RFID industry and trying to effectively merge open source and RFID I always hear these kinds of things from our clients, slashdotters, family and random people on the street. RFID is insecure, it's the end of the world, we are all going to be puppets, you wouldn't believe the kind of responses I get during thanksgiving. And what I tell everyone is RFID is not the end-all technology to solve every identification need. Also there is no one kind of tag so it is silly to say that RFID in and of itself is insecure.

RFID in and of itself causes security problems outside the realm of whether RFID is secure or not.

It is a simple fact that RFID tags are going in everything. Sooner or later they will be as ubiquitous as UPC codes.

It is also a fact that RFID tags can be read at a distance with off the shelf hardware.

It is ALSO a fast that even more RFID tags can be read at a distance with custom hardware.

It is also a fact that RFID tags are going into the soles of shoes and into tires, both cases in which the tag will be very easily readable because it will be both parallel and close to a flat surface that can easily have an antenna embedded within it.

It's easy enough to stop people from reading your passport. Put it in a metal case, or even a mylar bag (although the latter may not be proof against it, while the former is pretty damned good.) But what we NEED to be able to stop is to stop the government from tracking where each and every person is during their every waking hour. RFID tags are smaller than grains of rice now. They can trivially be secreted in your clothing. In fact you could disguise them as little bits of grit! No one is going to be surprised at some grit in their pants cuff.

I think it's quite reasonable to be paranoid about RFID in a world of continual surveillance and when no government has respect for your rights.

Re:RFID is not going to save the world (1)

unPlugged-2.0 (947200) | more than 7 years ago | (#18266860)

Those are some good points but methinks you should should go a little light on the X-Files reruns. Just kidding, pardon my dry humor and I love X-Files too before they got all wacky.

The bottom line is that RFID is not any more secure or any less secure than what you currently have. Do you have a credit card? A bank card? Then you are have already been violated.

The RFID used in credit cards and passports are HF (13.56 mhz). The range on these tags is incredibly small. Even with the best equipment you cannot read farther than 6 - 12 inches. You can build a fancy contraption with a huge antenna and power co-efficient but you will probably cause a lot of damage to other components before you are going to increase that range not to mention looking like a walking weather station.

Also HF is notoriously bad at high speed so it is going to be hard for anyone to track your tires much less to hide an antenna in the ground they are quite fragile too. Also the readers themselves require power, circuitry, and ethernet/wireless conection etc etc blah blah. You can see my point.

The point is that there are far easier ways to steal information. Take for instance myself. I know quite a bit about RFID, I can get acess to the best RFID equipment but even with all that if I wanted to steal your information I would much rather hold you up (or hire someone else to do it) than to devise an elaborate plot where I would have to monitor your habits and then set up readers in your path so that I can get your information.

Also now that I know you are going to be armed with tin-foil I guess I pretty much have no other choice than to stick you up.

Now, Hands UP and hand over your wallet!!!

All your Id's are belong to us....

Re:RFID is not going to save the world (2, Interesting)

drinkypoo (153816) | more than 7 years ago | (#18267074)

The bottom line is that RFID is not any more secure or any less secure than what you currently have. Do you have a credit card? A bank card? Then you are have already been violated.

No card in my wallet is remotely readable, at least to the best of my knowledge. You missed the point entirely.

The RFID used in credit cards and passports are HF (13.56 mhz). The range on these tags is incredibly small. Even with the best equipment you cannot read farther than 6 - 12 inches. You can build a fancy contraption with a huge antenna and power co-efficient but you will probably cause a lot of damage to other components before you are going to increase that range not to mention looking like a walking weather station.

All that is required is more gain on the receiving side, which in turn requires intelligent filtering and design to have a useful SnR to begin with. Anyway here [idtechex.com] is an article about a company with a solution currently in the field for reading HF tags at ranges up to ten meters.

Also, 6-12 inches is enough if you can get people walking through doorways, or walking up and pressing a button on a traffic light, et cetera. You can always also just bump into them and then you can get absolute proximity.

Also HF is notoriously bad at high speed so it is going to be hard for anyone to track your tires much less to hide an antenna in the ground they are quite fragile too. Also the readers themselves require power, circuitry, and ethernet/wireless conection etc etc blah blah. You can see my point.

Making the antenna durable is a triviality. You can place it into the road surface at the same place as the metal detector used to see if your car has pulled up to a light. Want to know what RFIDs are in the tires of an upcoming car? Just switch the light at the right time to stop them. And if they run the light, now you can drag them into court and look up their ass with a flashlight.

I suspect in fact that sooner or later they will devise the technology to use the same loop antenna used to detect your car to read RFID.

The point is that there are far easier ways to steal information. Take for instance myself. I know quite a bit about RFID, I can get acess to the best RFID equipment but even with all that if I wanted to steal your information I would much rather hold you up (or hire someone else to do it) than to devise an elaborate plot where I would have to monitor your habits and then set up readers in your path so that I can get your information.

It's not about stealing information via RFID. Get that idea out of your head right now. It's about uniquely identifying people by their RFID tag constellation, and being able to track them. It's one more piece in the "ubiquitous surveillance" puzzle. Just as RFID can't save the world, it can't doom it, either. It's part of the problem.

Re:RFID is not going to save the world (1)

unPlugged-2.0 (947200) | more than 7 years ago | (#18267254)

I guess we can agree to disagree :)

I think the government has much more information on you anyways than you would think they do with an RFID card. The RFID tag is just another identification marker. It is slightly more secure, more convenient than Barcodes and that is all. Yes it can be read at a range and sometimes you may not know they are being read but the costs and effort to do that is astronomical. Wireless also is easy to track. There are gps, cell phones and a host of other markers as well.

One thing we do agree on is that RFID is not going to save or doom the world. We will work from there. I think the RFID puzzle is just too hyped. It is a good identification solution, not terribly secure but efficient and has the ability to be mass produced for good economical value. There will invariably be mistakes made in its application just like mistakes made in the early days of the web with shopping carts, phishing sites, etc. I believe it will work itself out. Call me an optimist but I use the web daily and it is incredibly insecure.

I simply don't buy the fact that it makes it easier to track or identify bits of you. If you wanted to spend the money then anything can do that. I am more scared of cell phones as they contain a lot more information. Google has more information on you too but that is another topic altogether.

With technology comes more data and with more data comes the ability for abuse. This is how it has always been. But I wouldn't go back to the middle ages because I could live in obscurity and have my privacy preserved.

Why would you tag this with haha? (0)

Anonymous Coward | more than 7 years ago | (#18266084)

It's you American's who are going to be using these insecure passports so I wouldn't be "haha'ing" at all.

RFID (4, Funny)

mypalmike (454265) | more than 7 years ago | (#18266184)

RFID = Ready For Immediate Duplication?

If you want something done right... (1)

mi (197448) | more than 7 years ago | (#18266214)

... you have to do it yourself.

If you want something done really wrong (and very expensive) — have the government to do it.

It boggles the mind, that despite continuous and numerous reports of various government screw-ups, the majority of fellow Slashdotters still seem to favor things like "Municipal WiFi"...

Oh, yeah, "local government" is supposed to be better than federal... But is it really? Not in my experience...

Re:If you want something done right... (4, Insightful)

geekoid (135745) | more than 7 years ago | (#18266602)

The federal, state and city government do a lot of things right. In fact most of there projects are quite successful. The media shines a light on the problems* so thats all most people here.

Most agencies are more fiscally responsible then most corporations.

Go the the ligrary and look at all the projects that get done.

remember, with a company all you here is the success, with the government all you hear about is the problems.

90% of all government projects are done on time, 90% of all corporate projects fail.

*and they should

Sorry for the double post (1)

geekoid (135745) | more than 7 years ago | (#18266778)

Muni wi-fi is good. Just like freeways.

It gives a lot more power to the people then private corp. would do.

Re:If you want something done right... (1)

maxume (22995) | more than 7 years ago | (#18267296)

I think you got your tubes crossed. Maybe anyway(there was a story about muni wifi on the front page earlier today, but your post seems fairly tangential to this story).

security does not matter (1)

Alien Being (18488) | more than 7 years ago | (#18266220)

Our federal government doesn't care about security. If we were secure, they would be out a lot of jobs. It all makes sense once you realize how they work.

Bush's administration isn't the first subversive government we've had, but they are one of the nastiest.

Psssttt (1)

geekoid (135745) | more than 7 years ago | (#18266888)

this happen in England.

mod do3n (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18266318)

Chronic abuse of an arduous Op3nBSD, ags the I'm discussing

Easy way to beat RFID (1)

Plekto (1018050) | more than 7 years ago | (#18266666)

This also works for any implanted chip/scanner/biometric data tracker/etc.

Just hit the thing with a stungun for a second. This also will fry a computer motherboard instantly by just touching the case with the arc.(not that I've done this - lol - just to show how effectively it nukes anything with a microchip in it)

Anybody surprised by this? (1)

PingXao (153057) | more than 7 years ago | (#18266662)

I know I'm not. I'm not a dyed-in-the-wool free marketeer (or rather I am, but there's no such thing as a truly free market), but a long held belief of theirs is that government produces NOTHING. I don't necessarily agree with that statement 100%, but these new passports are emblematic of what the government is getting into the business of. They are getting into the business of providing security, and, quite frankly, they are not very good at it.

Of all the things I can think of that the government ought to produce for its citizens (efficiency, level playing fields, regulated markets, affordable health care) this garbage - fake security - isn't on the list.

People are still using that ? (1)

Programmer_In_Traini (566499) | more than 7 years ago | (#18266820)

This is so funny (in a sarcastic kind of way),

we keep readin about RFID tags being breached for this, or for that, that the content can be read if you do this, hacked if you do that.

LOL.

How many holes in your armor do you need before you understand that its not bulletproof ?

Its like those electronic voting machines. As far as my knowledge goes, there is yet to exist a tamper proof machine for safe e-Voting. Why are they still going this way how many millions are they gonna spend before they realize it costs less to go the good ole paper ballot way.

Sometimes, simpler is better.

not a security issue, a privacy issue (1)

Kristoph (242780) | more than 7 years ago | (#18266846)

A copy of 'biometric' passport information has no value in a security context. If a copy of a passport is created using the biometric information then, obviously, that biometric information will not match the passport holder which will mean he/she will be identified as carrying a forged passport. If the biometrics are changed the digest of the passport information will be invalid and so, again, he/she will be identified as carrying a forged passport.

This is really only an issue because someone can get your personal information (for use in, for example, financial identity fraud) without having to actually open any of your mail.

]{

already been done... (1)

ninjapiratemonkey (968710) | more than 7 years ago | (#18266864)

...slashdot already covered the exact same story about four months ago [slashdot.org] .
is there any difference that I have failed to notice?

New RFID to Secure HID, Passports, ID and CreditC (1)

ktija (785397) | more than 7 years ago | (#18267006)

http://www.immuneid.com/ [immuneid.com] [immuneid.com] Immune ID works in a very simple, safe and practical way. With Immune ID on documents, credit cards and credentials, the identification device on them will always remain deactivated unless the user activates them through physical touch. Without human contact, any reading and/or writing attempt will fail. Thus, your information is protected from harmful use. The user will also have a visual and/or audio confirmation included in the device*. Immune ID is an innovative protection system for all electronic documents using technologies such as RFID, Rubee, Smart Dots, EAS, etc.: passports, credit cards, driving licenses, access cards, etc. Immune ID eliminates the risk of having all your important and personal information broadcasted on public air, at the reach of anyone who may want to duplicate, steal, modify or use it in dangerous and harmful ways. Immune ID is the best solution for those who want to ensure themselves a safer and protected life.

just hax your RFID! (1)

TimeSpeak (873865) | more than 7 years ago | (#18267274)

[most] /. readers should be prepared for: mandatory civilian RFID tags...
get your RFID Experimentation kit now! http://www.thinkgeek.com/geektoys/science/907a/ [thinkgeek.com]

It's a feature, right? (1)

DimGeo (694000) | more than 7 years ago | (#18267278)

Isn't this exactly what RFID passports are intended for? I mean, facilitating ID theft? :)

Solution for passport office... (0)

Anonymous Coward | more than 7 years ago | (#18267426)

Obviously they need DRM! They need to talk to the bright lights of the DRM field (e.g., Macrovision or the people who came up with ACCS), who have all sorts of sophisticated techniques and years of experience dealing with situations where you are handing over the encrypted content and the key to a third party, but still manage to keep the whole thing secure. :-)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?