What is Digg?113 Comments
- Bhima, on 10/12/2007, -0/+37For not being an American, that's fine use of the word y'all!
- duncanm, on 10/12/2007, -6/+43Umm... I'm not American... but I'm downright afraid for all y'all. This idea sounds like somebody who's not terribly tech savvy got dazzled by a sales dude.
- jmonty, on 10/12/2007, -1/+21Read the following from leading security expert Bruce Schneier - this article is bunk:
http://www.schneier.com/blog/archives/2005/08/rfid_passport_s_1.html - duncanm, on 10/12/2007, -1/+20Umm... you mean like a database that can be stored on an employee laptop, left in a car momentarily so it can be smashed and grabbed kinda database? Or, do you mean the kind of database that's protected by some kind of firewall that some foreign hacker can break through to so it can be siphoned? Sorry. Somehow, I just don't trust any level of your government to be able to protect all that information. Anyone else think like this??
- IceSt0rm, on 10/12/2007, -2/+20With the right equipment, it's really not hard to pull this information from someone's passport without anyone the wiser. Linked is a good article about RFID hacking scenarios:
http://www.wired.com/wired/archive/14.05/rfid.html
Knowing that our passports, our very 'currency' for identity is so vulnerable is a scary thought. Sometimes less tech is better.
I see more and more RFID systems cropping up everywhere that use the cheaper, unsecured RFID tags. And the scary thing is, they implement these systems in the name of 'security'. - davidlow, on 10/12/2007, -1/+13Even if the RFID tag is totally secure (*ahem*), its existence would still be detectable. An I.D. thief with the right detector could stand on a corner and make absolutely sure that his next mark is a foreigner.
It doesn't matter to the thief what nationality or passport number it is, because just knowing someone is a foreigner means he's much less likely to have local resources after he becomes a victim. Remember Florida circa 1995? Rental cars all had special license plates marking the driver of such a vehicle as an out-of-towner, and those vehicles were targets for theft and murder. Florida changed the law regarding rental car plates a year later and the problem went away instantly. - lnxaddct, on 10/12/2007, -2/+14The idea is that I can read your number, which by itself is useless, but then create a fake passport that transmits the same number. I can then walk around just scanning this thing and pretending to be you. This of course could be highly abused.
- jmonty, on 10/12/2007, -1/+13Since I was dugg down above, I'll post what Bruce said here:
"The new design also includes a thin radio shield in the cover, protecting the chip when the passport is closed. More good security." - IceSt0rm, on 10/12/2007, -1/+12My guess is they'll be forced to periodically 'fix' and 'upgrade' these passports to solve for security vulnerabilities. The problem is the hackers will always be one step ahead. I guess it's my belief and probably the belief of many others that there's no secure way they can pull this off. At least not with something so sensitive as a passport. And to think top people in the state department are already using this technology? *sigh* The cost of all the fixes they'll have to do just isn't worth it.
- inactive, on 10/12/2007, -1/+11Unfortunately you're mistaken. RFID tags range from just having a number to having some finite amount of memory to store whatever information you need to have on that. All information required to be present on a passport can be easily saved on RFID tags and read using proper hardware, without need of any database access at all. This is scary!
- Mrkamikaze, on 10/12/2007, -9/+17Typical RFID tags only include a number. I highly doubt that this will be any different. Without a database of information backed to associate with a number the information is useless.
- info, on 10/12/2007, -1/+9Not to worry...
This isn't anything a few seconds in the microwave oven can't fix.
:-) - danlovejoy, on 10/12/2007, -0/+8Oh please - how tiresome.
Is anyone else tired of folks who threaten to leave if the election doesn't go their way, then DON'T ACTUALLY LEAVE?!
If you want to leave, really - go ahead. I wish you well, and hope you find happiness in the land where the grass is greener. But this bluster is irritating and silly. - socokoolaid, on 10/12/2007, -1/+8Do you sometimes feel everyone is stupid but you? I do!
jmonty's link outdated or not http://www.schneier.com/blog/archives/2005/08/rfid_passport_s_1.html
mentioned:
"The 64-KB chips store a copy of the information from a passport's data page, including name, date of birth and a digitized version of the passport photo."
Also it mentioned that it would be encrypted and the key would be on the card itself and optically scanned.
Does this info really relate to the article? Either way RFID tags with ANY personal info is just stupid. Encryption means nothing. The encrypted data could be stored to later crack via brute force. That's assuming that there is not flaw in the code allowing a RFID virus to be injected into your passport! We all know the US can't make a decently secure electronic voting machine yet. This idea is stupid and dangerous. - yensed, on 10/12/2007, -3/+10Now along with my foil hat, I can get a foil wallet! Yay! XD
- socokoolaid, on 10/12/2007, -0/+5can I car-pool with ya?
- JohnboiWaltune, on 10/12/2007, -1/+6I recently stole some tourist's passport in the Czech Republic. Used it to steal his identity. I applied for a credit card and had a couple weeks of partying with beautiful Czech girls.
Good times. - procdaddy, on 10/12/2007, -2/+7reading the title made me think we're getting emo passports :/
- kc7gr, on 10/12/2007, -1/+6While I agree that this is not that great of an idea, for the security reasons already stated, it looks like it's going to happen no matter what. With that in mind, I think it's more productive to toss around ideas about how to shield one's passport from unauthorized reading than it is to grouse about it.
With that in mind: Remember that the covers of the new passports will have a metallic weave that will create a Faraday Cage effect (http://en.wikipedia.org/wiki/Faraday_Cage) when it's closed. You can improve on that effect by carrying any RFID-equipped passport in an ESD shielding bag with metal-in coating (http://www.digikey.com/scripts/DkSearch/dksus.dll?Detail?Ref=136834&Row=26422&Site=US)
If you don't feel like buying the bags in bulk, a quick visit to any large electronic supply place (NOT Radio Shack -- I doubt they even know what ESD is, let alone about the shielding bags) should net you one at no cost.
In any case, any reader system with enough power to break through such an enclosure would most definitely not be portable enough to easily conceal.
There is, of course, the option of sticking your passport, folded open, into a microwave oven for about a second or two of exposure. That would most certainly fry the RFID chip. However, it might also leave a visible burn mark on your passport where the chip is located, and there is also the question of whether the passport would still be accepted as valid.
The bottom line is that inexpensive precautions are readily available to those who care (yes, I do -- I plan to use the ESD bag method myself).
Happy travels. - lnxaddct, on 10/12/2007, -1/+5Stomp,
You're a little too optimistic. In 2005, a RFID reader was created that could read a standard RFID chip from 160 feet. Using new technology, they are finding ways to amplify the signal and be able to read it from a great distance. For a lot of identity thieves, it'd be worth the cost. Reducing the size of the antenna might help, but even if it is maxed out at say 10 feet, it can still be bad. Also, the readers used in most systems are cheap and if you decrease the RFID's capabilities, these cheaper readers probably won't be able to read them anymore. - jmonty, on 10/12/2007, -0/+4Bruce never said he liked it (he definately still has privacy concerns), I was simply challenging the post on DIGG as it seemed to indicate that the passports has ZERO security and NO protections in place.
- picaman, on 10/12/2007, -1/+5Schneier is the leading objective authority on these matters. I've read his writings extensively, and he consistently and impartially calls it how he sees it. If he's changed his opinion and is now in favor of these new passports, that's good enough for me.
- picaman, on 10/12/2007, -1/+4@ IceSt0rm
Excellent points. Here's a more recent Schneier article on the subject (though still older than the CNN piece):
http://www.wired.com/news/privacy/0,1848,69453,00.html
In it he has objections to the system. Given that he's quoted in the CNN article taking issue with the State Department's scheme, I'm thinking his stance has indeed changed. - xuanyan, on 10/12/2007, -1/+4I just got a new passport this month. It is valid until 2016...hopefully long enough to outlast this program.
- davidlow, on 10/12/2007, -1/+4Info, Good point. Nice glider by the way.
- jmccorm, on 10/12/2007, -1/+4Sample technology:
A bomb that goes off when an American tourist comes close enough. - lnxaddct, on 10/12/2007, -1/+4mabroor,
That isn't the whole story, but as usual the European politicians try to blame any negative thing on the Americans. America simply backed their decision to go this route claiming that it would assist in many areas including the visa stuff. Just because America backed a proposition already being backed by most of Europe doesn't mean it was shoved down your throat. The European politicians used America as a scapegoat(as usual). - tychop, on 10/12/2007, -0/+2They can be read 30ft away. Even a signal from a rover on mars can be read, Why should an rfid tag only be readable from 2 cm's? That's just silly. It's got nothing to do with the tag, it's got to do with the reader. And they will get better. Currently in logistics, tags can be read @ 30 ft away.
Also, the encyption is easaliy hacked:
RFID's are powered by radio signals. When challenging the encyption code, you can detect a power surge if you've send a correct character of the key. So, hacking a complete key is just a matter of seconds. - hansamurai, on 10/12/2007, -1/+3Time to renew my passport I think. Not that I have money to go anywhere anymore.
- inactive, on 10/12/2007, -1/+3@ Bhima
If you were a TRUE red-blooded southerner you'd know the apostrophe goes in the middle - ya'll. But then again, if you were a true red-blooded southerner you wouldn't know how to spell either. :P
I kid I kid! Setlle down Diggers, I'm from Georgia :) - wilf_brim, on 10/12/2007, -2/+4This is very serious FUD. Read the folks who don't like it:
IF I can walk around with this gizmo to up the signal and IF I can get close enough and IF I can break the encryption THEN I can get you passport number.
There are easier ways to get that information, mainly just steal my passport. Or, if you like, steal a document that it is on. And, don't forget, in plenty of countries hotels are required to copy your passport when you check in. Why go to all that trouble when I can just bribe a clerk to view your hotel registration. - Fratz, on 10/12/2007, -1/+3"There are easier ways to get that information, mainly just steal my passport."
How do I know you have a passport on you? Maybe you left it in your hotel room. Let's fire up the scanner and see...
It's true that passive tags have short range, but with increased gain, even if you can't read the contents of the tag, you can at least know that the tag is there to begin with. And if the US passports are the only tags with that particular frequency range, guess what you have? A US-passport-finding device.
This all hinges heavily on the shielding used to block the passive tag from receiving the radio frequency that activates its pulse. I suspect there will be lots of aftermarket passport-shielding foil being sold if the standard-issue stuff leaks... - zediker, on 10/12/2007, -1/+3Justice101:
All you need to do is get a conductive metal, like iron, copper, or aluminum, and encase the electronic device inside of it. This creates a makeshift Faraday cage that will block all electromagnetic waves from penetrating the inside, thus blocking any and all RFID signals. - tychop, on 10/12/2007, -0/+2Dude, what was the problem with passports without rfid chips?
Why do we need these rfid chips.
Why do people mindlessly accept things like this.
This needs to be stopped. Did you thinnk chips in passports are the end?
Think about what ELSE they can do with your passport.
Other countries can maintain database about you and the places you go, They will be able to profile you.
Now everything will be in place for some dictator fool to use all this information.
The former eastern german Stasi party would have killed for this technology.
Even Hitler would have embraced it.
Think people, think. Do not become a mindless sheep . . . . - riflemann, on 10/12/2007, -0/+2These skimming attacks are a load of FUD. The correct way to implement this while avoiding the skimming problem is to encrypt the data, and have the key printed inside the passport, machine readable like the current passport data.
So then mr immigration office just swipes your passport through a reader that reads the OPTICAL key printed inside the passport (same as the existing passport readers), then uses that key to decode the RFID data. Then you've just defeated skimmers - they'd have to actually look inside your passport to be able to skim, and that's kind of obvious to avoid. - riflemann, on 10/12/2007, -0/+2Um one thing I forgot.
The article talks about skimmers just pulling the encrypted data off the passport then cracking it later on. Also easy to avoid.
Most RFID tags are programmed with a "read" code - this code needs to be sent to the tag first, before it will send its data. If the reader/skimmer doesn't send this code first, the tag WONT send any data. So this code is also included in the printed data that the legitimate reader extracts optically before reading the passport. Putting suitable shielding around the legitimate readers should then prevent skimmers hanging around immigration terminals picking the stray signals. - tychop, on 10/12/2007, -1/+3How about securing it even more, and remove the chip!!
- j3one, on 10/12/2007, -0/+1The State Department argues the concerns are overstated. "We wouldn't be issuing the passports to ourselves if we didn't think they're secure," said Deputy Assistant Secretary of State for Passport Services Frank Moss, who noted that RFID passports have already been issued to core State Department personnel, including himself. "We're our own test population."
"We're our own test population." - Anybody else thinking what I am? NO, this has nothing to do with rubber chaps. sheesh. What would pickle this in a hurry is if "Frank moss" and his test population had a little trouble with getting hacked... Now that would wake them up... - boneill428, on 10/12/2007, -1/+2Some RFID tags have a "kill command" which is a signal sent to it that totally disables the tag. I'm sure once these are mass produced it won't be hard to figure out the kill signal and we can be "safe" once again.
- jmonty, on 10/12/2007, -1/+2I see your point (About ZERO and NONE), My issue with the CNN article is that doesn't mention ONE safeguard. From info I've read, that's not accurate.
They call it insecure because info is stored on the RFID chip and can be read remotely, but then fail to mention ANY safeguards that are in place to prevent that from happening.
I'd like confirmation of Schneier's comment about the thin radio shield:
"The new design also includes a thin radio shield in the cover, protecting the chip when the passport is closed. More good security."
If that shield is there and they didn't report it, then this article is misleading people to think they are completely insecure. - jmonty, on 10/12/2007, -1/+2More info:
http://www.wired.com/news/privacy/0,1848,67333,00.html
I'm not saying I LIKE the RFID on the passport, but at least let's get all the facts correct. - socokoolaid, on 10/12/2007, -0/+1green grass... sounds like my kinda place
- JimXugle, on 10/12/2007, -0/+1RFID Zapper anyone?
https://events.ccc.de/congress/2005/wiki/RFID-Zapper(EN) - peter303, on 10/12/2007, -1/+2US passports will have a "secure" foil cover making
them only readable when opened.
However, for the paranoid among us, there are ample times when
we have to show identity papers and expose the passport.
Most hotels and banks look at them. A crook could dress
up as a fake cop and ask to see them and so on. - whoreman, on 10/12/2007, -1/+2I would just find a way to fry the RFID chip - put it in your microwave over perhaps
- info, on 10/12/2007, -1/+2Very interesting...
Are you selling a lot of these? - info, on 10/12/2007, -1/+2I don't think a big magnet will not do it, but I wouldn't mind being proved wrong on that.
Arcing is a potential problem, and obviously, you don't want your passport to go up in flames. In addition to the RFID passport, a small glass of water in the oven to absorb some of the energy is a good way to avoid this.
Also, seeing kc7gr's comment below, the new passports will have "a metallic weave that will create a Faraday Cage effect (http://en.wikipedia.org/wiki/Faraday_Cage) when closed." Hopefully, the oven will fry the RFID before this other metal gets too hot. - jmonty, on 10/12/2007, -1/+2I'm not sure what the latest info is (as it's hard to find current independent data on what the RFID tags have in them). The CNN article made it sound like there are 0 safeguards to protect the RFID passports. I'm just trying to bring in more info so the article is balanced.
- boneill428, on 10/12/2007, -1/+2Just to follow up with all of these comments. There are RFID tags in production right now that REQUIRE them to be touched by the reader before communication occurs.
- glytchbinary, on 10/12/2007, -2/+3One of my companies. http://www.emvelope.com currently offers inserts for you wallet that will block RFID signals, as well as leather wallets with sheilding built in. We'll be offering passport cases soon!
-
Show 51 - 100 of 110 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is