Hackers Crack New Biometric Passports...
binauralsounds
Posts: 1,357
This is one of the MANY reasons I'm against this bullshit!!
by Glenn Chapman
Sun Aug 6, 9:54 AM ET
LAS VEGAS, Nevada (AFP) - High-tech passports touted as advances in national security can be spied on remotely and their identifying radio signals cloned, computers hackers were shown at a conference.
Radio frequency identification technology, referred to as RFID, used in cash cards and passports, can be copied, blocked or imitated, said Melanie Rieback, a privacy researcher at Vrije University in the Netherlands.
Rieback demonstrated a device she and colleagues at Vrije built to hijack the RFID signals that manufacturers have touted as unreadable by anything other than proprietary scanners.
"I spend most of my time making the RFID industry's life miserable," the doctorate student told AFP. "I am not anti-RFID. It has the potential to make people's lives easier, but it needs to be used responsibly."
Rieback and university compatriots expected to have a reliable portable version of their device, RFID Guardian, finished in six months and "had no plans to immediately mass-produce these things."
A cheer rose from the legion of hackers in the conference room when Rieback announced that the schematics and the computer codes for the device would be made public.
"The industry and government needs to not be scared of us," Rieback said. "They need to talk with us and to work with us. Hopefully, together we can come up with some kind of reasonable compromise."
RFID tags consist of a computer chips wrapped with tiny radio antennae. The chips store financial, identity, or other data that can then be sent to scanners by radio signals.
Retail behemoth Wal-Mart about two years ago embarked on a campaign to use RFID to track inventories and shipments from suppliers, and the devices are used on cargo shipped overseas in containers.
RFID tags have been used for decades to track cattle or wild animals.
It has become common in the United States for pet owners to have chips encased in glass, about the size of grains of rice, implanted under the skin of their dogs or cats so they can be identified and returned if they run away.
The European Central Bank has talked of putting RFID technology in euro currency, and such tags were used in World Cup Soccer tickets, according to the researcher.
Smart chips have been crafted into German passports and are being put into US passports. Stores have experimented with using the tags not only to track inventory, but to bill shoppers for purchases invisibly as they leave.
"It has been getting new life, and creating quite a stir," Rieback said of RFID use.
RFID equipment makers would be wise to ramp up encryption and other security while technology is catching on, according to Rieback. Rieback was not the only speaker at the gathering who claimed to have found RFID vulnerabilities.
"If you are using RFID on cows, who cares?" Rieback asked rhetorically. "But, with a passport, it only takes one breach at the wrong time and it could wreck it for the RFID industry."
The potential exists for unauthorized reading of cards, cloning, and tracking people who carry them, Rieback said.
Hacked chips could even be used to launch attacks on software in computers linked to scanning devices, according to the researcher.
RFID Guardian was designed to also block any selected tag from being read by scanners, legitimate or illicit.
"We are being foisted into this world where these tags are all around but we don't know when and how they are there," Rieback said. "The Guardian puts the control back in your hands."
by Glenn Chapman
Sun Aug 6, 9:54 AM ET
LAS VEGAS, Nevada (AFP) - High-tech passports touted as advances in national security can be spied on remotely and their identifying radio signals cloned, computers hackers were shown at a conference.
Radio frequency identification technology, referred to as RFID, used in cash cards and passports, can be copied, blocked or imitated, said Melanie Rieback, a privacy researcher at Vrije University in the Netherlands.
Rieback demonstrated a device she and colleagues at Vrije built to hijack the RFID signals that manufacturers have touted as unreadable by anything other than proprietary scanners.
"I spend most of my time making the RFID industry's life miserable," the doctorate student told AFP. "I am not anti-RFID. It has the potential to make people's lives easier, but it needs to be used responsibly."
Rieback and university compatriots expected to have a reliable portable version of their device, RFID Guardian, finished in six months and "had no plans to immediately mass-produce these things."
A cheer rose from the legion of hackers in the conference room when Rieback announced that the schematics and the computer codes for the device would be made public.
"The industry and government needs to not be scared of us," Rieback said. "They need to talk with us and to work with us. Hopefully, together we can come up with some kind of reasonable compromise."
RFID tags consist of a computer chips wrapped with tiny radio antennae. The chips store financial, identity, or other data that can then be sent to scanners by radio signals.
Retail behemoth Wal-Mart about two years ago embarked on a campaign to use RFID to track inventories and shipments from suppliers, and the devices are used on cargo shipped overseas in containers.
RFID tags have been used for decades to track cattle or wild animals.
It has become common in the United States for pet owners to have chips encased in glass, about the size of grains of rice, implanted under the skin of their dogs or cats so they can be identified and returned if they run away.
The European Central Bank has talked of putting RFID technology in euro currency, and such tags were used in World Cup Soccer tickets, according to the researcher.
Smart chips have been crafted into German passports and are being put into US passports. Stores have experimented with using the tags not only to track inventory, but to bill shoppers for purchases invisibly as they leave.
"It has been getting new life, and creating quite a stir," Rieback said of RFID use.
RFID equipment makers would be wise to ramp up encryption and other security while technology is catching on, according to Rieback. Rieback was not the only speaker at the gathering who claimed to have found RFID vulnerabilities.
"If you are using RFID on cows, who cares?" Rieback asked rhetorically. "But, with a passport, it only takes one breach at the wrong time and it could wreck it for the RFID industry."
The potential exists for unauthorized reading of cards, cloning, and tracking people who carry them, Rieback said.
Hacked chips could even be used to launch attacks on software in computers linked to scanning devices, according to the researcher.
RFID Guardian was designed to also block any selected tag from being read by scanners, legitimate or illicit.
"We are being foisted into this world where these tags are all around but we don't know when and how they are there," Rieback said. "The Guardian puts the control back in your hands."
0