Monday, December 05, 2005

fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.Ads_xl=0;Ads_yl=0;Ads_xp='';Ads_yp='';Ads_xp1='';Ads_yp1='';Ads_par='';Ads_cnturl='';Ads_prf='page=article';Ads_channels='RON_P6_IMU';Ads_wrd='privacy,security,politics';Ads_kid=0;Ads_bid=0;Ads_sec=0; Fatal Flaw Weakens RFID Passports Log in/Create an Account | Top | 265 comments | Search Discussion Display Options Threshold: -1: 265 comments 0: 258 comments 1: 210 comments 2: 144 comments 3: 50 comments 4: 23 comments 5: 16 comments Flat Nested No Comments Threaded Oldest First Newest First Highest Scores First Oldest First (Ignore Threads) Newest First (Ignore Threads) The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way. Put away your tinfoil hats... (Score:5, Funny) by phpm0nkey (768038) on Friday November 04, @10:59AM (#13950465) (http://www.namefuse.com/) Time to don the full body tinfoil armor! [ Reply to ThisRe:Put away your tinfoil hats... by slavemowgli (Score:2) Friday November 04, @11:56AMBut the Dungeon Masters Guides says by Sir_Eptishous (Score:1) Friday November 04, @12:41PMRe:Put away your tinfoil hats... by Anonymous Coward (Score:3) Friday November 04, @12:38PMRe:Put away your tinfoil hats... by moro_666 (Score:3) Friday November 04, @02:14PMRe:Put away your tinfoil hats... by Hrodvitnir (Score:2) Friday November 04, @04:30PM1 reply beneath your current threshold.Re:Put away your tinfoil hats... by cgenman (Score:2) Friday November 04, @09:22PM1 reply beneath your current threshold.2 replies beneath your current threshold. Microwave your Passport? (Score:5, Interesting) by n76lima (455808) on Friday November 04, @11:00AM (#13950468) So its time to Microwave your new Passport for a few seconds to cook the RFID device, right?--We don't NEED no stinkin' sig! [ Reply to ThisRe:Microwave your Passport? by despe666 (Score:1) Friday November 04, @11:02AMRe:Microwave your Passport? by MntlChaos (Score:3) Friday November 04, @11:05AM Re:Microwave your Passport? (Score:4, Insightful) by krakelohm (830589) on Friday November 04, @11:10AM (#13950587) So what would the point be if they just have to give you another passport? Just sounds like a waste of many peoples time to me. [ Reply to This | ParentRe:Microwave your Passport? by njyoder (Score:1) Friday November 04, @11:23PM Re:Microwave your Passport? (Score:5, Insightful) by johnpaul191 (240105) on Friday November 04, @11:23AM (#13950718) (http://www.phillyshreds.com/) but if you cook it a second or two longer than needed it will burn the area where the chip is. a chip embedded in a plastic ID card is easier to destroy than one embedded in a basically paper document. did you ever see the pictures of the money people microwave? they have obvious burn marks where the chips supposedly are.and as also stated, having a non-functional passport may be flagged as possible forgery and lead to bigger issues.i am just as against the chips as anyone else, but think it through before you react. personally my passport needs to be renewed now so i will do that and not be an early adopter of the RFID model. hopefully any issues will show up and a fix will be worked out before i get a chipped one. by fix i even mean some 3rd party idea of a shielded passport wallet or something if that is what it comes down to. [ Reply to This | ParentRe:Microwave your Passport? by _bug_ (Score:3) Friday November 04, @12:00PMRe:Microwave your Passport? by johnpaul191 (Score:2) Friday November 04, @05:44PMRe:Microwave your Passport? by njyoder (Score:1) Friday November 04, @11:27PM1 reply beneath your current threshold.Re:Microwave your Passport? by Rob the Bold (Score:2) Friday November 04, @11:52AMPop Secret by Sir_Eptishous (Score:1) Friday November 04, @12:44PMRe:Pop Secret by Obfuscant (Score:2) Friday November 04, @03:07PMntoskrnl by Sir_Eptishous (Score:1) Friday November 04, @04:41PMRe:Microwave your Passport? by haraldm (Score:2) Friday November 04, @03:59PM Re:Microwave your Passport? (Score:5, Insightful) by UTPinky (472296) on Friday November 04, @11:04AM (#13950520) (http://www.clickdave.com/) Yep... because tampering with federal documents is always the smartest thing to do... [ Reply to This | Parent Re:Microwave your Passport? (Score:5, Interesting) by Marillion (33728) <ericbardes@gmailCOBOL.com minus language> on Friday November 04, @11:39AM (#13950869) If the destruction can appear as innocent "wear and tear" one can always feign innocence. It wouldn't put a foil lined document in a microwave, however.I'm not too worried about the data that's on there. The level of sophistication required to acquire and decrypt my details is pretty high. I'd be more worried about a lightning strike.This is the scenario that give me the willies: The "ping" scenario. Most of us know about the internet tool called ping. A terrorist (or anyone else with strong motivations against the US) is walking down the streets of Paris or Frankfort or Cairo or wherever looking for Americans. He doesn't care who the American is, he just cares that someone is an American. He walks down the street getting within a foot or two of people until he gets an RFID ping.RFID Ping == American.American == Target.I've yet to hear anyone adequately appease this concern. [ Reply to This | Parent Re:Microwave your Passport? (Score:5, Funny) by bastion_xx (233612) on Friday November 04, @11:53AM (#13951002) Well, you could always keep your passport locked in the hotel safe.Of course, the supposed terrorist could always check:a) Does the individual wear white tennis shoes (black socks and shorts optional)?b) Speak in a loud and/or abrasive manner?c) Stands to the left on an escalator (or any other cultural misqueue)Being an US citizen and traveling abroad quite often to Europe, it's not too hard picking out my compatriots.The same can be said for European's in the US. European males -- LOSE THE MAN-CAPRI'S PLEASE! :) [ Reply to This | ParentRe:Microwave your Passport? by imadork (Score:2) Friday November 04, @12:17PMRe:Microwave your Passport? by 6*7 (Score:1) Friday November 04, @04:57PM1 reply beneath your current threshold.Re:Microwave your Passport? by BewireNomali (Score:2) Friday November 04, @12:44PMSure... by Hurricane78 (Score:1) Friday November 04, @06:44PMRe:Microwave your Passport? by TX297 (Score:1) Friday November 04, @11:05PM1 reply beneath your current threshold.Re:Microwave your Passport? by Dun Malg (Score:2) Friday November 04, @12:02PMRe:Microwave your Passport? by Hillgiant (Score:3) Friday November 04, @12:21PMRe:Microwave your Passport? by 87C751 (Score:2) Friday November 04, @12:58PMRe:Microwave your Passport? by haraldm (Score:2) Friday November 04, @04:03PMRe:Microwave your Passport? by e2ka (Score:3) Friday November 04, @02:32PM1 reply beneath your current threshold.Re:Microwave your Passport? by VikingDBA (Score:1) Friday November 04, @03:00PMRe:Microwave your Passport? by Marillion (Score:2) Friday November 04, @04:38PMRe:Microwave your Passport? by seven7h (Score:1) Friday November 04, @05:52PMRe:Microwave your Passport? by darkmeridian (Score:2) Saturday November 05, @12:01AMRe:Microwave your Passport? by dcam (Score:2) Saturday November 05, @12:23AM2 replies beneath your current threshold.Re:Microwave your Passport? by k31bang (Score:1) Friday November 04, @01:29PMRe:Microwave your Passport? by hypergreatthing (Score:1) Friday November 04, @11:51AMRe:Microwave your Passport? by jacksonj04 (Score:2) Friday November 04, @11:57AM1 reply beneath your current threshold.Re:Microwave your Passport? by PerlDudeXL (Score:2) Friday November 04, @01:26PMNot a good idea .... by taniwha (Score:2) Friday November 04, @01:35PM TFA is inconsistent (Score:5, Informative) by Agelmar (205181) * on Friday November 04, @11:01AM (#13950488) TFA is flawed and inconsistent with its own citations. RFID chips in passports can not be read from a distance of 69 feet. If one reads TFA, it links to a Washington Post blog about RFID tags being read from 69 feet at Defcon. If you actually follow the link [washingtonpost.com] and read the story, however, you see:Los Angeles-based Flexilis set the world record for transmitting data to and from a "passive" radio frequency identification (RFID) card -- covering a distance of more than 69 feet. (Active RFID -- the kind being integrated into foreign passports, for example -- differs from passive RFID in that it emits its own magnetic signal and can only be detected from a much shorter distance.)The author is misrepresenting articles that he cites! wtf? [ Reply to ThisRe:TFA is inconsistent by Goaway (Score:2) Friday November 04, @11:04AM Re:TFA is inconsistent (Score:5, Informative) by starrift (864840) on Friday November 04, @11:05AM (#13950533) The RFIDs in the passports are passive. They were to be active but that was canceled. I think you may be "misrepresenting articles." [ Reply to This | ParentRe:TFA is inconsistent by Anonymous Coward (Score:1) Friday November 04, @11:08AMRe:TFA is inconsistent by Bastian (Score:2) Friday November 04, @11:11AMRe:TFA is inconsistent by Dun Malg (Score:2) Friday November 04, @11:58AMRe:TFA is inconsistent by drinkypoo (Score:3) Friday November 04, @12:06PMRe:TFA is inconsistent by wiredlogic (Score:2) Friday November 04, @12:02PMTFA is consistent and TFS is wrong by A nonymous Coward (Score:2) Friday November 04, @11:12AM Re:TFA is inconsistent (Score:5, Informative) by SiliconEntity (448450) on Friday November 04, @12:28PM (#13951367) Los Angeles-based Flexilis set the world record for transmitting data to and from a "passive" radio frequency identification (RFID) card -- covering a distance of more than 69 feet. (Active RFID -- the kind being integrated into foreign passports, for example -- differs from passive RFID in that it emits its own magnetic signal and can only be detected from a much shorter distance.)This article (from the WaPost blog) is confused. Active RFID has a battery attached to the chip. It has MUCH higher power and MUCH higher range. It can be used for tracking animals in the field and similar purposes. You can receive a signal from hundreds of yards away or even more. It's really unlimited depending on how much power you use.Passive RFID has no internal power supply. It gets power from the radio signal that is used to query it. These chips have a much lower range. Generally, the power required to query a passive RFID goes as the fourth power of the distance. I can't imagine successfully querying one of these things from 70 feet. That is some pretty impressive antenna technology, either that or they were using a microwave beam so intense that it would be dangerous to get in front of it.AFAIK all passports would be passive RFID. Nobody has proposed to put batteries in them, because of battery lifetime issues among other problems. [ Reply to This | ParentRe:TFA is inconsistent by dgatwood (Score:2) Friday November 04, @01:16PMRe:TFA is inconsistent by Cili (Score:1) Saturday November 05, @12:28AMRe:TFA is inconsistent by mpe (Score:2) Friday November 04, @12:56PM2 replies beneath your current threshold. sheesh... (Score:1, Redundant) by tuxette (731067) * <tuxetteNO@SPAMgmail.com> on Friday November 04, @11:01AM (#13950496) (Last Journal: Friday November 04, @01:11PM) *sigh*Remind me to go out and buy a tinfoil money belt the next time I go on a trip... [ Reply to ThisRe:sheesh... by irc.goatse.cx troll (Score:2) Friday November 04, @01:17PMRe:sheesh... by tuxette (Score:2) Friday November 04, @01:31PM Tin-hat tin-pot (Score:1) by Gingernads (831161) on Friday November 04, @11:02AM (#13950498) Isn't the whole point of the tin-hat to give the public confidence, while still allowing tracking by suitably equipped (funded) parties?Or did I just wake up? [ Reply to ThisRe:Tin-hat tin-pot by igny (Score:2) Friday November 04, @02:01PM What a surprise. (Score:4, Insightful) by iainl (136759) on Friday November 04, @11:03AM (#13950509) As with the UK's attempts to push through ID cards, the politicians in charge have at best a vague fuzzy idea of what the technology can do, but it sounds funky so let's do it anyway.Tiny details like monumental security problems and the things plain not working don't exist in the simplified pitch they get from their lobbyists, so they continue to push it through anyway, on the grounds that it's "Anti-Terror".You don't support Terror, do you? [ Reply to ThisRe:What a surprise. by Karma_fucker_sucker (Score:2) Friday November 04, @11:08AMRe:What a surprise. by dwandy (Score:1) Friday November 04, @11:23AMOh, but I *do* support Terror. by Anonymous Coward (Score:1) Friday November 04, @11:53AMFirst the Dutch RFID passport, now this. by mcvos (Score:1) Friday November 04, @02:59PM1 reply beneath your current threshold. So... (Score:5, Insightful) by LiquidCoooled (634315) on Friday November 04, @11:04AM (#13950523) this magical RFID device needs to be opened manually, looked at, checked, optically scanned and then finally used as RFID to get the digital picture and print from the device?This is going to take 3x longer and be prone to more failures surely?This is a benefit how?Surely a 2d barcode would be better, or just use old tech mag swipe?Stupid mofo imbeciles. [ Reply to ThisBenenfits by Karma_fucker_sucker (Score:1) Friday November 04, @11:17AMRe:So... by origamy (Score:1) Friday November 04, @11:29AMRe:So... by LiquidCoooled (Score:1) Friday November 04, @11:43AMSo wrong by Conare (Score:3) Friday November 04, @01:56PMAJAX on passorts = great idea by bigtrike (Score:2) Friday November 04, @11:53AMRe:So... by compro01 (Score:2) Friday November 04, @12:14PMRe:So... by avdp (Score:3) Friday November 04, @11:35AMRe:So... by llefler (Score:3) Friday November 04, @11:56AMRe:So... by avdp (Score:2) Friday November 04, @12:17PMRe:So... by willCode4Beer.com (Score:2) Friday November 04, @02:49PMRe:So... by avdp (Score:2) Friday November 04, @03:50PMRe:So... by llefler (Score:2) Friday November 04, @06:11PMRe:So... by ralmin (Score:1) Friday November 04, @01:56PMUsama (let's put the USA back in Osama) by johnny cashed (Score:2) Friday November 04, @12:11PMRe:So... by Rob the Bold (Score:2) Friday November 04, @11:43AMRe:So... by Dun Malg (Score:2) Friday November 04, @12:08PMRe:So... by 87C751 (Score:3) Friday November 04, @01:33PMRe:So... by Conare (Score:2) Friday November 04, @01:46PM my understanding... (Score:5, Interesting) by YesIAmAScript (886271) on Friday November 04, @11:57AM (#13951055) I expressed similar questions when reading the previous articles. Why not a barcode? An RFID system only has an identifier, a key ot a database. A barcode could have actual data on it.From one of the responses to the previous articles of this sort, I understand that the system here is a bit different than regular RFID. One is that this system actually does have information in it, not just an ID. That doesn't relate to your question, but I found it very enlightening.Another thing this system does is it is a challenge-response system. That is, it has information in it that is not emitted until you give the right information to it. Perhaps this is the information in that barcode on the password, I dunno. Anyway, a barcode is there for everyone to read, it cannot hide itself until the right key is given to it. The content could be encrypted, but once you take a picture of the barcode, you have its data, you could work on cracking it later, and the "owner" of the barcode wouldn't even know you were doing it. With this system, you can only work on extracting its secrets when you are in proximity to the chip. In addition, it is possible for the chip to monitor and know that you successfully passed its test and got its info. So you will at least know if you've been had when the "successful reads" counter (if it has one) is higher than you expected.All in all, it seemed like a reasonable system to me. The actual presence of data (as opposed to just a key), the tinfoil cover and the requirement to read the barcode optically before you can get the data (other than ID) out all just adds up to a pretty good system to me. Definitely far better than the representations of it I had seen earlier. [ Reply to This | ParentRe:my understanding... by MCraigW (Score:2) Friday November 04, @01:22PMIncorrect by geekoid (Score:2) Friday November 04, @02:31PMIncorrect by oasisbob (Score:1) Friday November 04, @03:53PMRe:my understanding... by swillden (Score:2) Friday November 04, @03:38PMRe:my understanding... by anime_layer (Score:1) Friday November 04, @04:20PMRe:So... by Jerry Coffin (Score:3) Friday November 04, @12:01PMRe:So... by willCode4Beer.com (Score:2) Friday November 04, @01:50PMRe:So... by over_exposed (Score:3) Friday November 04, @12:42PM1 reply beneath your current threshold.1 reply beneath your current threshold. Don't use passports (Score:5, Funny) by pintpusher (854001) on Friday November 04, @11:04AM (#13950525) I only travel by climbing fences and digging tunnels. [ Reply to ThisMy voice is my passport. by Urusai (Score:1) Friday November 04, @12:32PMRe:My voice is my passport. by Dufftron 9000 (Score:1) Friday November 04, @01:57PM2 replies beneath your current threshold.Re:Don't use passports by k31bang (Score:3) Friday November 04, @01:36PMRe:Don't use passports by pintpusher (Score:1) Friday November 04, @02:12PM1 reply beneath your current threshold.1 reply beneath your current threshold. Why Change? (Score:1) by honeypotslash (927312) <honeypotmail@gmail.com> on Friday November 04, @11:04AM (#13950532) (http://minimacs.freepay.com/?r=23302571) And what is wrong with current passports?-- Get your Free MacMini's here [freepay.com] [ Reply to ThisRe:Why Change? by heson (Score:2) Friday November 04, @11:21AMRe:Why Change? by MCraigW (Score:2) Friday November 04, @01:32PMRe:Why Change? by IWannaBeAnAC (Score:2) Friday November 04, @02:35PMRe:Why Change? by Ironsides (Score:2) Friday November 04, @01:32PMRe:Why Change? by VikingDBA (Score:1) Friday November 04, @03:07PM1 reply beneath your current threshold. WARNING: Do not destroy your passport (Score:1) by Work Account (900793) on Friday November 04, @11:05AM (#13950534) (Last Journal: Friday November 04, @08:58AM) I have heard both THREATS and JOKES that privacy-conscious Slashdot crowd folks plan on destroying the RFID capabilities of their personal passports.Just an advanced warning: you will NOT be able to board flights using a passport that has no RFID response and thus has been tampered with. [ Reply to ThisRe:WARNING: Do not destroy your passport by Yvanhoe (Score:2) Friday November 04, @11:11AMRe:WARNING: Do not destroy your passport by TheOrangeMan (Score:3) Friday November 04, @11:15AMRe:WARNING: Do not destroy your passport by InvalidError (Score:2) Friday November 04, @12:42PMRe:WARNING: Do not destroy your passport by Chyeld (Score:3) Friday November 04, @11:16AM1 reply beneath your current threshold.Re:WARNING: Do not destroy your passport by peragrin (Score:2) Friday November 04, @12:09PMRe:WARNING: Do not destroy your passport by bentcd (Score:2) Friday November 04, @12:27PM Tracking (Score:3, Interesting) by kevin_conaway (585204) on Friday November 04, @11:05AM (#13950543) (http://pyscrabble.sf.net/ | Last Journal: Thursday April 28, @01:48PM) RFID chips, including the ones specified for U.S. passports, can still be uniquely identified by their radio behavior. Specifically, these chips have a unique identification number used for collision avoidance. It's how the chips avoid communications problems if you put a bagful of them next to a reader. This is something buried deep within the chip, and has nothing to do with the data or application on the chip. Ok, so it has a unique ID on it but it doesn't appear that the ID is tied to you or the data. FUD? [ Reply to ThisRe:Tracking by Daniel_Staal (Score:2) Friday November 04, @11:32AMRe:Tracking by LostCluster (Score:2) Friday November 04, @11:33AMRe:Tracking by Chrononium (Score:2) Friday November 04, @11:45AMRe:Tracking by avdp (Score:2) Friday November 04, @12:08PM1 reply beneath your current threshold. Who cares? (Score:1, Funny) by RandoX (828285) on Friday November 04, @11:07AM (#13950554) Why would I want to leave the US anyway?(Funny or Troll, your call...) [ Reply to ThisActually, your comment is INSIGHTFUL by Work Account (Score:1) Friday November 04, @11:11AMThe BEER..... by Karma_fucker_sucker (Score:1) Friday November 04, @11:14AMRe:Actually, your comment is INSIGHTFUL by slavemowgli (Score:2) Friday November 04, @12:16PMRe:Actually, your comment is INSIGHTFUL by fbjon (Score:2) Friday November 04, @12:18PM1 reply beneath your current threshold.Re:Who cares? by tomstdenis (Score:2) Friday November 04, @11:11AMRe:Who cares? by atari2600 (Score:1) Friday November 04, @11:19AMRe:Who cares? by RandoX (Score:1) Friday November 04, @11:33AMRe:Who cares? by jdgeorge (Score:2) Friday November 04, @05:27PMRe:I cares?! by MCraigW (Score:2) Friday November 04, @01:45PM1 reply beneath your current threshold. RFID bandwagon? (Score:4, Insightful) by phorm (591458) on Friday November 04, @11:09AM (#13950575) (http://www.phormix.com/ | Last Journal: Monday May 19, @12:08PM) The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches I've got to wonder why, in this case, they don't use Magcards instead of RFID. Older technology, yes, but not any more limited for the use given, and a bit more secure as they require contact with the card to read. If they're supposedly going to limit the RFID to magcard limits, why not just use a magcard? [ Reply to ThisRe:RFID bandwagon? by tuxette (Score:2) Friday November 04, @11:21AMRe:RFID bandwagon? by belg4mit (Score:2) Friday November 04, @11:34AMRe:RFID bandwagon? by Jesus_666 (Score:2) Friday November 04, @01:39PMRe:RFID bandwagon? by totoanihilation (Score:2) Friday November 04, @11:38AMRe:RFID bandwagon? by lowrydr310 (Score:1) Friday November 04, @12:32PMRe:RFID bandwagon? by RoboRay (Score:1) Friday November 04, @01:05PMRe:RFID bandwagon? by lowrydr310 (Score:2) Friday November 04, @02:30PMRe:RFID bandwagon? by Dun Malg (Score:2) Friday November 04, @12:35PMRe:Mag-stripe Limitations by mpapet (Score:2) Friday November 04, @11:55AMRe:RFID bandwagon? by GooberToo (Score:2) Friday November 04, @12:10PMRe:RFID bandwagon? by Empty Threats (Score:1) Friday November 04, @02:14PM1 reply beneath your current threshold. Specialized Hardware... (Score:3, Informative) by NelsonM (906317) on Friday November 04, @11:09AM (#13950576) "A demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet."Is this anything like the BlueSniper [esato.com]? [ Reply to This Open the passport, the whole thing falls apart (Score:4, Insightful) by digitaldc (879047) on Friday November 04, @11:10AM (#13950591) "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed."Well there has to be better protection for identity theft than having the passport closed all the time. You may not know whether it is open or closed, but it should have some way of notifying you if it is unsecured. How about having the passport just become a single card with some kind of flash memory built in?There are many other scenarios where the RFID tags could be exploited, but you will first have to put on your tinfoil hat in order to even conceive of any of these conspiracies. [ Reply to This1 reply beneath your current threshold. Add another layer... (Score:3, Interesting) by asphinx (921110) on Friday November 04, @11:11AM (#13950600) Why not just make a container for the passport - like a cigarette holder - but lighter, which does not allow reading the RFID chip at all from any distance? [ Reply to This Beat the RFID - renew now (Score:3, Informative)

0 Comments:

Post a Comment

<< Home