Jesse Brown: Ethical hacker sniffs passport tags in driveby
Thursday, February 5, 2009 | 07:53 AM ET
A few months back I reported on security problems with RFID chips, the radio scannable tech embedded in next-generation Enhanced Driver's Licences. EDLs are in use in B.C. and set to hit Ontario en masse this summer.
The problem was that sensitive info could theoretically be "sniffed" by anyone with a cheap RFID scanner.
Well, it's no longer theoretical.
White Hat hacker Chris Paget hit the streets of San Francisco with a $250 Motorola RFID scanner, an antenna and a laptop. RFIDs are embedded in new U.S. "passport cards," and within 20 minutes, Paget "sniffed" three distinct passport tags. The test was filmed and uploaded to YouTube.
These numbers could be used to clone new, fake passports or simply to track the number's owners.
Besides the technical proof his driveby provides, Paget's demo illustrates another problem with RFIDs that policy-makers should note: despite warnings, cardholders are clearly not taking the precaution of storing their IDs in scan-resistant wallets (i.e. wallets lined with foil).
Unleash a few hundred thousand of these sloppy cards on to the streets of Ontario and watch the province become the identity theft capital of the world.
« Previous Post |Main| Next Post »
This discussion is nowOpen. Submit your Comment.
« Previous Post |Main| Next Post »
Post a Comment
Tech Bytes »
Recent Posts
- Who is behind 'leaked' Globalive plans?
- Wednesday, May 20, 2009
- Twitter's own 'Y2K' problem
- Tuesday, May 19, 2009
- Palm Pre to launch June 6 in U.S.
- Tuesday, May 19, 2009
- A new way to profit from other people's blogs?
- Friday, May 15, 2009
- #googlefail sweeps Twitter
- Thursday, May 14, 2009
- Subscribe to Tech Bytes
Archives
- May 2009 (12)
- April 2009 (17)
- March 2009 (13)
- February 2009 (11)
- January 2009 (12)
- December 2008 (10)
- November 2008 (10)
- October 2008 (9)
- September 2008 (4)
- August 2008 (4)
- July 2008 (16)
- June 2008 (9)
- May 2008 (12)
- April 2008 (15)
- March 2008 (13)
- February 2008 (13)
- January 2008 (47)
- December 2007 (12)
- November 2007 (12)
- October 2007 (17)
- September 2007 (18)
- August 2007 (17)
- July 2007 (27)
- June 2007 (18)
- May 2007 (28)
- April 2007 (25)
- March 2007 (28)
- February 2007 (25)
- January 2007 (35)
- December 2006 (25)
Comments
Darren Whitworth
Scarborough
Nice work Jesse. You're making it a better place for everyone by doing this research.
Posted February 8, 2009 11:50 PM
Kevin
Ottawa
Jesse. You mentioned scan resistant wallets. When I looked at the State Department website, I found an indication that these passport cards are supposed to be issued with the scan resistant wallets. Any indication of how good the supplied ones are? If they are any good, then the problem found, while an issue, is related to sloppy use of the cards.
Of course, the next question is why these things are RFID enabled in the first place? At the State Department website, in the FAQ, it indicated that the Customs and Border Protection folks wanted to be able to scan them at a distance and have the photos available when the vehicle got to the checkpoint.
Posted February 11, 2009 12:44 PM
Brian L
Toronto
Not a chance in hell I will ever carry an RFID tag, willingly. I will never bow to anti-privacy, totalitarian rule, whether it be government or corporate. I'm not religious, but if anything is the "Mark", this is it.
Posted May 20, 2009 02:51 PM