US Passports RFID chips a security problem
#1
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
The US is intending to put RFID chips into its passports-a big
security problem. Skimmers are easy to buy, and although the press
seems mostly to be worried about terrorists identifying US citizens
abroad, another security hole not yet discussed is that all one has to
do is to stand in the vicinity of airline check-in counters to get the
name and address (and for that matter, digitially encoded picture) of
people going on vacation. Great for burglaries.
security problem. Skimmers are easy to buy, and although the press
seems mostly to be worried about terrorists identifying US citizens
abroad, another security hole not yet discussed is that all one has to
do is to stand in the vicinity of airline check-in counters to get the
name and address (and for that matter, digitially encoded picture) of
people going on vacation. Great for burglaries.
#2
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
On Sun, 14 Aug 2005 16:38:48 -0400, Viking <[email protected]> wrote:
>... all one has to
>do is to stand in the vicinity of airline check-in counters to get the
>name and address (and for that matter, digitially encoded picture) of
>people going on vacation.
Sounds like you need to read a bit more about the distance at which RFIDs can be
read.
-- Larry
>... all one has to
>do is to stand in the vicinity of airline check-in counters to get the
>name and address (and for that matter, digitially encoded picture) of
>people going on vacation.
Sounds like you need to read a bit more about the distance at which RFIDs can be
read.
-- Larry
#3
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
pltrgyst writes:
> Sounds like you need to read a bit more about the distance at which RFIDs can be
> read.
About 60-90 feet. I've heard of demonstrations at far greater
distances.
--
Transpose mxsmanic and gmail to reach me by e-mail.
> Sounds like you need to read a bit more about the distance at which RFIDs can be
> read.
About 60-90 feet. I've heard of demonstrations at far greater
distances.
--
Transpose mxsmanic and gmail to reach me by e-mail.
#4
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
On Mon, 15 Aug 2005 02:01:50 +0200, Mxsmanic <[email protected]>
wrote:
>pltrgyst writes:
>> Sounds like you need to read a bit more about the distance at which RFIDs can be
>> read.
>About 60-90 feet. I've heard of demonstrations at far greater
>distances.
Exactly.
wrote:
>pltrgyst writes:
>> Sounds like you need to read a bit more about the distance at which RFIDs can be
>> read.
>About 60-90 feet. I've heard of demonstrations at far greater
>distances.
Exactly.
#5
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
Mxsmanic <[email protected]> wrote:
> pltrgyst writes:
>
> > Sounds like you need to read a bit more about the distance at which
> > RFIDs can be read.
>
> About 60-90 feet. I've heard of demonstrations at far greater distances.
However I can't think that they'd leave the information in the chip "in
clear": there *must* be encryption of any kind, non?
or a system similar to the French Carte Bleue PIN: it is written "in
clear" in the chip but only devices with the adequate authorisations can
read it?
--
remplacez "lesptt" par "laposte" pour me joindre
substitute "laposte" to "lesptt" to reach me
> pltrgyst writes:
>
> > Sounds like you need to read a bit more about the distance at which
> > RFIDs can be read.
>
> About 60-90 feet. I've heard of demonstrations at far greater distances.
However I can't think that they'd leave the information in the chip "in
clear": there *must* be encryption of any kind, non?
or a system similar to the French Carte Bleue PIN: it is written "in
clear" in the chip but only devices with the adequate authorisations can
read it?
--
remplacez "lesptt" par "laposte" pour me joindre
substitute "laposte" to "lesptt" to reach me
#6
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
Stanislas de Kertanguy writes:
> However I can't think that they'd leave the information in the chip "in
> clear": there *must* be encryption of any kind, non?
No.
--
Transpose mxsmanic and gmail to reach me by e-mail.
> However I can't think that they'd leave the information in the chip "in
> clear": there *must* be encryption of any kind, non?
No.
--
Transpose mxsmanic and gmail to reach me by e-mail.
#7
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
"Viking" <[email protected]> wrote in message
news:[email protected]...
> The US is intending to put RFID chips into its passports-a big
> security problem. Skimmers are easy to buy, and although the press
> seems mostly to be worried about terrorists identifying US citizens
> abroad, another security hole not yet discussed is that all one has to
> do is to stand in the vicinity of airline check-in counters to get the
> name and address (and for that matter, digitially encoded picture) of
> people going on vacation. Great for burglaries.
Do you have some non-Usenet reference for this? This is the first I've heard
of this. I'm interested in the subject but frankly skeptical of anything I
see on Usenet.
--
Donald Newcomb
DRNewcomb (at) attglobal (dot) net
news:[email protected]...
> The US is intending to put RFID chips into its passports-a big
> security problem. Skimmers are easy to buy, and although the press
> seems mostly to be worried about terrorists identifying US citizens
> abroad, another security hole not yet discussed is that all one has to
> do is to stand in the vicinity of airline check-in counters to get the
> name and address (and for that matter, digitially encoded picture) of
> people going on vacation. Great for burglaries.
Do you have some non-Usenet reference for this? This is the first I've heard
of this. I'm interested in the subject but frankly skeptical of anything I
see on Usenet.
--
Donald Newcomb
DRNewcomb (at) attglobal (dot) net
#8
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
Mxsmanic <[email protected]> wrote:
> Stanislas de Kertanguy writes:
>
> > However I can't think that they'd leave the information in the chip "in
> > clear": there *must* be encryption of any kind, non?
>
> No.
That's very weird. Neither encryption nor access control? That sems
unbelievable to me given the nature of date carried into the chip.
--
remplacez "lesptt" par "laposte" pour me joindre
substitute "laposte" to "lesptt" to reach me
> Stanislas de Kertanguy writes:
>
> > However I can't think that they'd leave the information in the chip "in
> > clear": there *must* be encryption of any kind, non?
>
> No.
That's very weird. Neither encryption nor access control? That sems
unbelievable to me given the nature of date carried into the chip.
--
remplacez "lesptt" par "laposte" pour me joindre
substitute "laposte" to "lesptt" to reach me
#9
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
On Mon, 15 Aug 2005 07:09:53 -0500, "Donald Newcomb"
<[email protected]> wrote:
>"Viking" <[email protected]> wrote in message
>news:[email protected].. .
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>Do you have some non-Usenet reference for this? This is the first I've heard
>of this. I'm interested in the subject but frankly skeptical of anything I
>see on Usenet.
I understand and agree with your skepticism.
However, when ranking the various sources of information, I
find usenet a long way in front of newspapers, TV, radio and
most (but not all) internet sites. So tell me, which
non-usenet reference sources do you accept? :-))
Cheers, Alan, Australia
<[email protected]> wrote:
>"Viking" <[email protected]> wrote in message
>news:[email protected].. .
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>Do you have some non-Usenet reference for this? This is the first I've heard
>of this. I'm interested in the subject but frankly skeptical of anything I
>see on Usenet.
I understand and agree with your skepticism.
However, when ranking the various sources of information, I
find usenet a long way in front of newspapers, TV, radio and
most (but not all) internet sites. So tell me, which
non-usenet reference sources do you accept? :-))
Cheers, Alan, Australia
#10
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
On Mon, 15 Aug 2005 07:09:53 -0500, Donald Newcomb wrote*:
>
> "Viking" <[email protected]> wrote in message
> news:[email protected]...
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>
> Do you have some non-Usenet reference for this? This is the first I've heard
> of this. I'm interested in the subject but frankly skeptical of anything I
> see on Usenet.
http://www.schneier.com/crypto-gram-0410.html#3
Extracts :
The administration claims that the chips can only be read from a few centimeters away, so there's no potential for abuse. This is a spectacularly naive claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.
--
Passent les jours et passent les semaines
Ni temps passé
Ni les amours reviennent
Guillaume Apollinaire - Alcools (1913)
>
> "Viking" <[email protected]> wrote in message
> news:[email protected]...
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>
> Do you have some non-Usenet reference for this? This is the first I've heard
> of this. I'm interested in the subject but frankly skeptical of anything I
> see on Usenet.
http://www.schneier.com/crypto-gram-0410.html#3
Extracts :
The administration claims that the chips can only be read from a few centimeters away, so there's no potential for abuse. This is a spectacularly naive claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.
--
Passent les jours et passent les semaines
Ni temps passé
Ni les amours reviennent
Guillaume Apollinaire - Alcools (1913)
#11
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
It sounds like a business opportunity to sell metal passport cases.
#12
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
On Mon, 15 Aug 2005 14:16:40 +0200, [email protected]
(Stanislas de Kertanguy) wrote:
>Mxsmanic <[email protected]> wrote:
>> Stanislas de Kertanguy writes:
>>
>> > However I can't think that they'd leave the information in the chip "in
>> > clear": there *must* be encryption of any kind, non?
>>
>> No.
>That's very weird. Neither encryption nor access control? That sems
>unbelievable to me given the nature of date carried into the chip.
Even if there was encryption, how long until it was broken? Think
Microsoft, for example, where hackers are always breaking their code.
(Stanislas de Kertanguy) wrote:
>Mxsmanic <[email protected]> wrote:
>> Stanislas de Kertanguy writes:
>>
>> > However I can't think that they'd leave the information in the chip "in
>> > clear": there *must* be encryption of any kind, non?
>>
>> No.
>That's very weird. Neither encryption nor access control? That sems
>unbelievable to me given the nature of date carried into the chip.
Even if there was encryption, how long until it was broken? Think
Microsoft, for example, where hackers are always breaking their code.
#13
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
On Mon, 15 Aug 2005 07:09:53 -0500, "Donald Newcomb"
<[email protected]> wrote:
>"Viking" <[email protected]> wrote in message
>news:[email protected].. .
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>Do you have some non-Usenet reference for this? This is the first I've heard
>of this. I'm interested in the subject but frankly skeptical of anything I
>see on Usenet.
Was in the news; search Google. For example,
http://www.rfidinsights.com/160400378
<[email protected]> wrote:
>"Viking" <[email protected]> wrote in message
>news:[email protected].. .
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>Do you have some non-Usenet reference for this? This is the first I've heard
>of this. I'm interested in the subject but frankly skeptical of anything I
>see on Usenet.
Was in the news; search Google. For example,
http://www.rfidinsights.com/160400378
#14
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
Stanislas de Kertanguy wrote:
> Mxsmanic <[email protected]> wrote:
>
>
>>pltrgyst writes:
>>>Sounds like you need to read a bit more about the distance at which
>>>RFIDs can be read.
>>About 60-90 feet. I've heard of demonstrations at far greater distances.
>
>
> However I can't think that they'd leave the information in the chip "in
> clear": there *must* be encryption of any kind, non?
>
> or a system similar to the French Carte Bleue PIN: it is written "in
> clear" in the chip but only devices with the adequate authorisations can
> read it?
>
>
Probably not since it would be useless. Encryption will only work if
you can restrict the readers. With such a system the number of groups
authorized to read the chip would be large enough that the algorithm and
keys would be available fairly quickly.
> Mxsmanic <[email protected]> wrote:
>
>
>>pltrgyst writes:
>>>Sounds like you need to read a bit more about the distance at which
>>>RFIDs can be read.
>>About 60-90 feet. I've heard of demonstrations at far greater distances.
>
>
> However I can't think that they'd leave the information in the chip "in
> clear": there *must* be encryption of any kind, non?
>
> or a system similar to the French Carte Bleue PIN: it is written "in
> clear" in the chip but only devices with the adequate authorisations can
> read it?
>
>
Probably not since it would be useless. Encryption will only work if
you can restrict the readers. With such a system the number of groups
authorized to read the chip would be large enough that the algorithm and
keys would be available fairly quickly.
#15
Guest
Posts: n/a
![Default](https://britishexpats.com/forum/images/icons/icon1.gif)
Stanislas de Kertanguy writes:
> That's very weird. Neither encryption nor access control?
Nope, at least not according to the original plan.
Apparently the State Department is now considering some sort of
precautions, finally.
> That sems unbelievable to me given the nature of date carried into the chip.
I agree, and so do many others. That's why it caused such an uproar.
--
Transpose mxsmanic and gmail to reach me by e-mail.
> That's very weird. Neither encryption nor access control?
Nope, at least not according to the original plan.
Apparently the State Department is now considering some sort of
precautions, finally.
> That sems unbelievable to me given the nature of date carried into the chip.
I agree, and so do many others. That's why it caused such an uproar.
--
Transpose mxsmanic and gmail to reach me by e-mail.