Sunday, July 12, 2009

Bad Security on Government Required RFID e-passports

Those that understood security and RFID said from the beginning embedding RFID chips in passports was a very bad idea. Now the Feds are saying you need to make sure you completely encase your e-passport inside something that blocks RFID transmission or take security risks. That sure is a recipe for disaster - how many millions of people are going to fail to do that. We sure do need the government to start making better technology decisions now that such decisions are so critical to the functioning of society.

Insecurity of Homeland Security RFID passports shown by researcher

The current EPC Gen 2 RFID tags used in the wallet-sized Homeland Security passports use no encryption, and are unable to selectively transmit any data. Instead, the RFID tags broadcast sensitive information, enabling anyone with the proper equipment -- such as Chris Pagent -- to collect information that could potentially be used for identity theft, or other nefarious purposes. "The passport card is a real radio broadcast, so there's no real limit to the read range. It's conceivable that these things can be tracked from 100 meters -- a couple of miles," he was quoted as saying.

Chris had no trouble collecting -- and copying -- information from the RFID passports of six people, in a half-hour of driving around.

No comments: