I'm obliged to reader Henry P. for e-mailing me the link to this information.
Engadget reports that a 'hacker' in San Francisco, Chris Paget, using a cobbled-together apparatus costing no more than $250, has been able to collect the RFID 'signatures' from the new-style passports, as well as other identification documents, simply by driving around the city.
Mr. Paget made a video recording his exploits. It's worth watching.
So much for our new high-security passports! I guess an RFID-blocking wallet and passport holder, something like this one, needs to go on my 'to buy' list.
Peter
5 comments:
Hopefully I can get through 2013 with my passport before I have to renew, and by then they will have killed the RFID crap!
Peter , not to come up for rfid but this story is bs . At the techonlogy of today you simply cannot drive down the street and harvest the rfid info ( asuming it is not encrypted , and even some cow tags are lol ) . Now lets look at the technology a bit , I am not an engeneer but the " tag " is began and it will only respond to a signal ( that being your reader ) it has no power sourse . It " reflects " or commands the rf from the reader . That basicly with todays tech means you need a reader within 2 ft ( generous ) of the chip . The vid made the impression that you can drive down a street and have rfid chips respond ( and thusly harvest info ) . Maby this is so , but ill tell you now that i cannot do that with cattle . In fact i cannot put a reader on a chute to load cattle single file and have it read the chips , i must also have a hand wand to re read them one by one swiping the implant spot . Now i dont know rfid from set or fetch , i just have occation to find out a bit about moving animals with rfid chips .
Farmdad, I'm not so sure this story is hokum. If I recall correctly, the chips in passports and similar documents are designed to be read at a distance, so that customs officers, etc. at airports can read them without having to swipe them over a physical device. If that's the case, and if their effective range (when 'tagged' by a reader) is sufficient, I can see that a car antenna could broadcast the signal to them and receive a response. However, I'm no expert, so I hasten to add that this is only how it appears to me. The fact that he was able to pick up responses suggests that it works.
Farm Dad -
A lot of it depends on the exact type of RFID and scanner that is being used. I have no doubt that what the guy did is possible as I have read several articles regarding this technology that discuss this same problem. As long as you have a sufficient ignal to key the chip it will respond. And if your receiver is sensitive enough you will receive a reponse to the query.
My thought at present - at least until somebody can prove that this isn't a problem - is that a short shot in a high power RF location should scramble things nicely.
The ability to clone passport RFID as the fellow in the video did is range-limited by line of sight and the ability to get a good signal back to the receiver.
Use a better directional antenna, increase the power, and increase the sensitivity of the gear, and the range can be extended manifold.
Take, for example, 802.11b/g Wifi we use every day in our homes, cafes, etc. Effective range given stock hardware and firmware is also ~30'. Toss in a good directional antenna and the effective range increases from ~30' to 173 miles, unamplified.
Check out the following:
http://en.wikipedia.org/wiki/Long-range_Wi-Fi#Longest_unamplified_Wi-Fi_link
This 173 mile link was done using common, off-the-shelf hardware and free for the download firmware. Matter of fact, I did something similar, using similar hardware/firmware, with my across the alley neighbor, when he had a TBI and could not afford internet connectivity.
My point is, do not delude yourselves into thinking someone has to be right up on you to make this happen. The physics says otherwise.
Post a Comment