Godlike Productions - Discussion Forum
Users Online Now: 1,750 (Who's On?)Visitors Today: 621,514
Pageviews Today: 1,260,103Threads Today: 600Posts Today: 12,157
06:59 PM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

HACKING THE RFID CHIPS

 
Rod
User ID: 933334
Australia
04/03/2010 02:36 PM
Report Abusive Post
Report Copyright Violation
HACKING THE RFID CHIPS
Soon you will not be able to travel, purchase nor sell w/o it...

and it will be implanted to eliminate the chance of being lost or stolen...

"It's all for your security and convenience!"

[link to news.] yahoo.com/ s/ap/20090711/ ap_on_bi_ ge/us_chipping_ america_iv

By TODD LEWAN, AP National Writer Todd Lewan, Ap National Writer 1 hr 46 mins ago
Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he'd bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car.

It took him 20 minutes to strike hacker's gold.
Zipping past Fisherman's Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians' electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he'd "skimmed" the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet.

Embedding identity documents passports, drivers licenses, and the like with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country.

But Paget's February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent.

He filmed his drive-by heist, and soon his video went viral on the Web, intensifying a debate over a push by government, federal and state, to put tracking technologies in identity documents and over their potential to erode privacy.

Putting a traceable RFID in every pocket has the potential to make everybody a blip on someone's radar screen, critics say, and to redefine Orwellian government snooping for the digital age.
"Little Brother," some are already calling it even though elements of the global surveillance web they warn against exist only on drawing boards, neither available nor approved for use.

But with advances in tracking technologies coming at an ever-faster rate, critics say, it won't be long before governments could be able to identify and track anyone in real time, 24-7, from a cafe in Paris to the shores of California.
The key to getting such a system to work, these opponents say, is making sure everyone carries an RFID tag linked to a biometric data file.

On June 1, it became mandatory for Americans entering the United States by land or sea from Canada, Mexico, Bermuda and the Caribbean to present identity documents embedded with RFID tags, though conventional passports remain valid until they expire.
Among new options are the chipped "e-passport, " and the new, electronic PASS card credit-card sized, with the bearer's digital photograph and a chip that can be scanned through a pocket, backpack or purse from 30 feet.

Alternatively, travelers can use "enhanced" driver's licenses embedded with RFID tags now being issued in some border states: Washington, Vermont, Michigan and New York. Texas and Arizona have entered into agreements with the federal government to offer chipped licenses, and the U.S. Department of Homeland Security has recommended expansion to non-border states. Kansas and Florida officials have received DHS briefings on the licenses, agency records show.
The purpose of using RFID is not to identify people, says Mary Ellen Callahan, the chief privacy officer at Homeland Security, but rather "to verify that the identification document holds valid information about you."

Likewise, U.S. border agents are "pinging" databases only to confirm that licenses aren't counterfeited. "They're not pulling up your speeding tickets," she says, or looking at personal information beyond what is on a passport.
The change is largely about speed and convenience, she says. An RFID document that doubles as a U.S. travel credential "only makes it easier to pull the right record fast enough, to make sure that the border flows, and is operational" even though a 2005 Government Accountability Office report found that government RFID readers often failed to detect travelers' tags.

Such assurances don't persuade those who liken RFID-embedded documents to barcodes with antennas and contend they create risks to privacy that far outweigh the technology's heralded benefits. They warn it will actually enable identity thieves, stalkers and other criminals to commit "contactless" crimes against victims who won't immediately know they've been violated.

Neville Pattinson, vice president for government affairs at Gemalto, Inc., a major supplier of microchipped cards, is no RFID basher. He's a board member of the Smart Card Alliance, an RFID industry group, and is serving on the Department of Homeland Security's Data Privacy and Integrity Advisory Committee.

Still, Pattinson has sharply criticized the RFIDs in U.S. driver's licenses and passport cards. In a 2007 article for the Privacy Advisor, a newsletter for privacy professionals, he called them vulnerable "to attacks from hackers, identity thieves and possibly even terrorists."
RFID, he wrote, has a fundamental flaw: Each chip is built to faithfully transmit its unique identifier "in the clear, exposing the tag number to interception during the wireless communication. "

Once a tag number is intercepted, "it is relatively easy to directly associate it with an individual," he says. "If this is done, then it is possible to make an entire set of movements posing as somebody else without that person's knowledge."

Echoing these concerns were the AeA the lobbying association for technology firms the Smart Card Alliance, the Institute of Electrical and Electronics Engineers, the Business Travel Coalition, and the Association of Corporate Travel Executives.
Meanwhile, Homeland Security has been promoting broad use of RFID even though its own advisory committee on data integrity and privacy warned that radio-tagged IDs have the potential to allow "widespread surveillance of individuals" without their knowledge or consent.


In its 2006 draft report, the committee concluded that RFID "increases risks to personal privacy and security, with no commensurate benefit for performance or national security," and recommended that "RFID be disfavored for identifying and tracking human beings."

For now, chipped PASS cards and enhanced driver's licenses are optional and not yet widely deployed in the United States. To date, roughly 192,000 EDLs have been issued in Washington, Vermont, Michigan and New York.

But as more Americans carry them "you can bet that long-range tracking of people on a large scale will rise exponentially, " says Paget, a self-described "ethical hacker" who works as an Internet security consultant.

Could RFID numbers eventually become de facto identifiers of Americans, like the Social Security number?

Such a day is not far off, warns Katherine Albrecht, a privacy advocate and co-author of "Spychips," a book that is sharply critical of the use of RFID in consumer items and official ID documents.

"There's a reason you don't wear your Social Security number across your T-shirt," Albrecht says, "and beaming out your new, national RFID number in a 30-foot radius would be far worse."

There are no federal laws against the surreptitious skimming of Americans' RFID numbers, so it won't be long before people seek to profit from this, says Bruce Schneier, an author and chief security officer at BT, the British telecommunications operator.

Data brokers that compile computer dossiers on millions of individuals from public records, credit applications and other sources "will certainly maintain databases of RFID numbers and associated people," he says. "They'd do a disservice to their stockholders if they didn't."
But Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says Americans "aren't that concerned about the RFID, particularly in this day and age when there are a lot of other ways to access personal information on people."


Tracking an individual is much easier through a cell phone, or a satellite tag embedded in a car, she says. "An RFID that contains no private information, just a randomly assigned number, is probably one of the least things to be concerned about, frankly."

Still, even some ardent RFID supporters recognize that these next-generation RFID cards raise prickly questions.

Mark Roberti, editor of RFID Journal, an industry newsletter, recently acknowledged that as the use of RFID in official documents grows, the potential for abuse increases.

"A government could do this, for instance, to track opponents," he wrote in an opinion piece discussing Paget's cloning experiment. "To date, this type of abuse has not occurred, but it could if governments fail to take privacy issues seriously."

Imagine this: Sensors triggered by radio waves instructing cameras to zero in on people carrying RFID, unblinkingly tracking their movements. Unbelievable? Intrusive? Outrageous?

Actually, it happens every day and makes people smile at the Alton Towers amusement park in Britain, which videotapes visitors who agree to wear RFID bracelets as they move about the facility, then sells the footage as a keepsake.

This application shows how the technology can be used effortlessly and benignly. But critics, noting it can also be abused, say federal authorities in the United States didn't do enough from the start to address that risk.
The first U.S. identity document to be embedded with RFID was the "e-passport. "
In the wake of the Sept. 11 attacks and the finding that some of the terrorists entered the United States using phony passports the State Department proposed mandating that Americans and foreign visitors carry "enhanced" passport booklets, with microchips embedded in the covers.
The chips, it announced, would store the holder's information from the data page, a biometric version of the bearer's photo, and receive special coding to prevent data from being altered.
In February 2005, when the State Department asked for public comment, it got an outcry: Of the 2,335 comments received, 98.5 percent were negative, with 86 percent expressing security or privacy concerns, the department reported in an October 2005 notice in the Federal Register.


"Identity theft was of grave concern," it stated, adding that "others expressed fears that the U.S. Government or other governments would use the chip to track and censor, intimidate or otherwise control or harm them."

It also noted that many Americans expressed worries "that the information could be read at distances in excess of 10 feet."


read more

[link to news.] yahoo.com/ s/ap/20090711/ ap_on_bi_ ge/us_chipping_ america_iv



On the Net:

[link to www.dhs.] gov/xprevprot/ programs/ gc(underscore) 1200693579776. shtm

[link to travel.] state.gov/ passport/ eppt/eppt( underscore) 2498.html

[link to www.stopreal] idcoalition. com/

[link to www.smartcar] dalliance. org/pages/ publications- realid
[link to www.eff.] org/deeplinks/ 2009/02/rfid- passports- scanned-car

[link to epic.] org/privacy/ surveillance/ spotlight/ 0907/

Last Edited by Account Deleted by User on 08/25/2011 11:52 PM
Anonymous Coward
User ID: 927572
United States
04/03/2010 02:57 PM
Report Abusive Post
Report Copyright Violation
Re: HACKING THE RFID CHIPS
Well, the limiting factor when it comes to the security here would be the algorithm of the encryption method of said sensitive data.





GLP