US Passports RFID chips a security problem
Aug 14th 2005, 8:38 am
#1
Guest
Posts: n/a
US Passports RFID chips a security problem
The US is intending to put RFID chips into its passports-a big
security problem. Skimmers are easy to buy, and although the press
seems mostly to be worried about terrorists identifying US citizens
abroad, another security hole not yet discussed is that all one has to
do is to stand in the vicinity of airline check-in counters to get the
name and address (and for that matter, digitially encoded picture) of
people going on vacation. Great for burglaries.
security problem. Skimmers are easy to buy, and although the press
seems mostly to be worried about terrorists identifying US citizens
abroad, another security hole not yet discussed is that all one has to
do is to stand in the vicinity of airline check-in counters to get the
name and address (and for that matter, digitially encoded picture) of
people going on vacation. Great for burglaries.
Aug 14th 2005, 11:10 am
#2
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
On Sun, 14 Aug 2005 16:38:48 -0400, Viking <[email protected]> wrote:
>... all one has to
>do is to stand in the vicinity of airline check-in counters to get the
>name and address (and for that matter, digitially encoded picture) of
>people going on vacation.
Sounds like you need to read a bit more about the distance at which RFIDs can be
read.
-- Larry
>... all one has to
>do is to stand in the vicinity of airline check-in counters to get the
>name and address (and for that matter, digitially encoded picture) of
>people going on vacation.
Sounds like you need to read a bit more about the distance at which RFIDs can be
read.
-- Larry
Aug 14th 2005, 12:01 pm
#3
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
pltrgyst writes:
> Sounds like you need to read a bit more about the distance at which RFIDs can be
> read.
About 60-90 feet. I've heard of demonstrations at far greater
distances.
--
Transpose mxsmanic and gmail to reach me by e-mail.
> Sounds like you need to read a bit more about the distance at which RFIDs can be
> read.
About 60-90 feet. I've heard of demonstrations at far greater
distances.
--
Transpose mxsmanic and gmail to reach me by e-mail.
Aug 14th 2005, 2:25 pm
#4
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
On Mon, 15 Aug 2005 02:01:50 +0200, Mxsmanic <[email protected]>
wrote:
>pltrgyst writes:
>> Sounds like you need to read a bit more about the distance at which RFIDs can be
>> read.
>About 60-90 feet. I've heard of demonstrations at far greater
>distances.
Exactly.
wrote:
>pltrgyst writes:
>> Sounds like you need to read a bit more about the distance at which RFIDs can be
>> read.
>About 60-90 feet. I've heard of demonstrations at far greater
>distances.
Exactly.
Aug 14th 2005, 7:39 pm
#5
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
Mxsmanic <[email protected]> wrote:
> pltrgyst writes:
>
> > Sounds like you need to read a bit more about the distance at which
> > RFIDs can be read.
>
> About 60-90 feet. I've heard of demonstrations at far greater distances.
However I can't think that they'd leave the information in the chip "in
clear": there *must* be encryption of any kind, non?
or a system similar to the French Carte Bleue PIN: it is written "in
clear" in the chip but only devices with the adequate authorisations can
read it?
--
remplacez "lesptt" par "laposte" pour me joindre
substitute "laposte" to "lesptt" to reach me
> pltrgyst writes:
>
> > Sounds like you need to read a bit more about the distance at which
> > RFIDs can be read.
>
> About 60-90 feet. I've heard of demonstrations at far greater distances.
However I can't think that they'd leave the information in the chip "in
clear": there *must* be encryption of any kind, non?
or a system similar to the French Carte Bleue PIN: it is written "in
clear" in the chip but only devices with the adequate authorisations can
read it?
--
remplacez "lesptt" par "laposte" pour me joindre
substitute "laposte" to "lesptt" to reach me
Aug 14th 2005, 9:54 pm
#6
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
Stanislas de Kertanguy writes:
> However I can't think that they'd leave the information in the chip "in
> clear": there *must* be encryption of any kind, non?
No.
--
Transpose mxsmanic and gmail to reach me by e-mail.
> However I can't think that they'd leave the information in the chip "in
> clear": there *must* be encryption of any kind, non?
No.
--
Transpose mxsmanic and gmail to reach me by e-mail.
Aug 15th 2005, 12:09 am
#7
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
"Viking" <[email protected]> wrote in message
news:[email protected]...
> The US is intending to put RFID chips into its passports-a big
> security problem. Skimmers are easy to buy, and although the press
> seems mostly to be worried about terrorists identifying US citizens
> abroad, another security hole not yet discussed is that all one has to
> do is to stand in the vicinity of airline check-in counters to get the
> name and address (and for that matter, digitially encoded picture) of
> people going on vacation. Great for burglaries.
Do you have some non-Usenet reference for this? This is the first I've heard
of this. I'm interested in the subject but frankly skeptical of anything I
see on Usenet.
--
Donald Newcomb
DRNewcomb (at) attglobal (dot) net
news:[email protected]...
> The US is intending to put RFID chips into its passports-a big
> security problem. Skimmers are easy to buy, and although the press
> seems mostly to be worried about terrorists identifying US citizens
> abroad, another security hole not yet discussed is that all one has to
> do is to stand in the vicinity of airline check-in counters to get the
> name and address (and for that matter, digitially encoded picture) of
> people going on vacation. Great for burglaries.
Do you have some non-Usenet reference for this? This is the first I've heard
of this. I'm interested in the subject but frankly skeptical of anything I
see on Usenet.
--
Donald Newcomb
DRNewcomb (at) attglobal (dot) net
Aug 15th 2005, 12:16 am
#8
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
Mxsmanic <[email protected]> wrote:
> Stanislas de Kertanguy writes:
>
> > However I can't think that they'd leave the information in the chip "in
> > clear": there *must* be encryption of any kind, non?
>
> No.
That's very weird. Neither encryption nor access control? That sems
unbelievable to me given the nature of date carried into the chip.
--
remplacez "lesptt" par "laposte" pour me joindre
substitute "laposte" to "lesptt" to reach me
> Stanislas de Kertanguy writes:
>
> > However I can't think that they'd leave the information in the chip "in
> > clear": there *must* be encryption of any kind, non?
>
> No.
That's very weird. Neither encryption nor access control? That sems
unbelievable to me given the nature of date carried into the chip.
--
remplacez "lesptt" par "laposte" pour me joindre
substitute "laposte" to "lesptt" to reach me
Aug 15th 2005, 12:20 am
#9
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
On Mon, 15 Aug 2005 07:09:53 -0500, "Donald Newcomb"
<[email protected]> wrote:
>"Viking" <[email protected]> wrote in message
>news:[email protected].. .
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>Do you have some non-Usenet reference for this? This is the first I've heard
>of this. I'm interested in the subject but frankly skeptical of anything I
>see on Usenet.
I understand and agree with your skepticism.
However, when ranking the various sources of information, I
find usenet a long way in front of newspapers, TV, radio and
most (but not all) internet sites. So tell me, which
non-usenet reference sources do you accept? :-))
Cheers, Alan, Australia
<[email protected]> wrote:
>"Viking" <[email protected]> wrote in message
>news:[email protected].. .
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>Do you have some non-Usenet reference for this? This is the first I've heard
>of this. I'm interested in the subject but frankly skeptical of anything I
>see on Usenet.
I understand and agree with your skepticism.
However, when ranking the various sources of information, I
find usenet a long way in front of newspapers, TV, radio and
most (but not all) internet sites. So tell me, which
non-usenet reference sources do you accept? :-))
Cheers, Alan, Australia
Aug 15th 2005, 12:42 am
#10
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
On Mon, 15 Aug 2005 07:09:53 -0500, Donald Newcomb wrote*:
>
> "Viking" <[email protected]> wrote in message
> news:[email protected]...
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>
> Do you have some non-Usenet reference for this? This is the first I've heard
> of this. I'm interested in the subject but frankly skeptical of anything I
> see on Usenet.
http://www.schneier.com/crypto-gram-0410.html#3
Extracts :
The administration claims that the chips can only be read from a few centimeters away, so there's no potential for abuse. This is a spectacularly naive claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.
--
Passent les jours et passent les semaines
Ni temps passé
Ni les amours reviennent
Guillaume Apollinaire - Alcools (1913)
>
> "Viking" <[email protected]> wrote in message
> news:[email protected]...
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>
> Do you have some non-Usenet reference for this? This is the first I've heard
> of this. I'm interested in the subject but frankly skeptical of anything I
> see on Usenet.
http://www.schneier.com/crypto-gram-0410.html#3
Extracts :
The administration claims that the chips can only be read from a few centimeters away, so there's no potential for abuse. This is a spectacularly naive claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.
--
Passent les jours et passent les semaines
Ni temps passé
Ni les amours reviennent
Guillaume Apollinaire - Alcools (1913)
Aug 15th 2005, 1:44 am
#11
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
It sounds like a business opportunity to sell metal passport cases.
Aug 15th 2005, 3:10 am
#12
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
On Mon, 15 Aug 2005 14:16:40 +0200, [email protected]
(Stanislas de Kertanguy) wrote:
>Mxsmanic <[email protected]> wrote:
>> Stanislas de Kertanguy writes:
>>
>> > However I can't think that they'd leave the information in the chip "in
>> > clear": there *must* be encryption of any kind, non?
>>
>> No.
>That's very weird. Neither encryption nor access control? That sems
>unbelievable to me given the nature of date carried into the chip.
Even if there was encryption, how long until it was broken? Think
Microsoft, for example, where hackers are always breaking their code.
(Stanislas de Kertanguy) wrote:
>Mxsmanic <[email protected]> wrote:
>> Stanislas de Kertanguy writes:
>>
>> > However I can't think that they'd leave the information in the chip "in
>> > clear": there *must* be encryption of any kind, non?
>>
>> No.
>That's very weird. Neither encryption nor access control? That sems
>unbelievable to me given the nature of date carried into the chip.
Even if there was encryption, how long until it was broken? Think
Microsoft, for example, where hackers are always breaking their code.
Aug 15th 2005, 3:11 am
#13
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
On Mon, 15 Aug 2005 07:09:53 -0500, "Donald Newcomb"
<[email protected]> wrote:
>"Viking" <[email protected]> wrote in message
>news:[email protected].. .
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>Do you have some non-Usenet reference for this? This is the first I've heard
>of this. I'm interested in the subject but frankly skeptical of anything I
>see on Usenet.
Was in the news; search Google. For example,
http://www.rfidinsights.com/160400378
<[email protected]> wrote:
>"Viking" <[email protected]> wrote in message
>news:[email protected].. .
>> The US is intending to put RFID chips into its passports-a big
>> security problem. Skimmers are easy to buy, and although the press
>> seems mostly to be worried about terrorists identifying US citizens
>> abroad, another security hole not yet discussed is that all one has to
>> do is to stand in the vicinity of airline check-in counters to get the
>> name and address (and for that matter, digitially encoded picture) of
>> people going on vacation. Great for burglaries.
>Do you have some non-Usenet reference for this? This is the first I've heard
>of this. I'm interested in the subject but frankly skeptical of anything I
>see on Usenet.
Was in the news; search Google. For example,
http://www.rfidinsights.com/160400378
Aug 15th 2005, 4:36 am
#14
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
Stanislas de Kertanguy wrote:
> Mxsmanic <[email protected]> wrote:
>
>
>>pltrgyst writes:
>>>Sounds like you need to read a bit more about the distance at which
>>>RFIDs can be read.
>>About 60-90 feet. I've heard of demonstrations at far greater distances.
>
>
> However I can't think that they'd leave the information in the chip "in
> clear": there *must* be encryption of any kind, non?
>
> or a system similar to the French Carte Bleue PIN: it is written "in
> clear" in the chip but only devices with the adequate authorisations can
> read it?
>
>
Probably not since it would be useless. Encryption will only work if
you can restrict the readers. With such a system the number of groups
authorized to read the chip would be large enough that the algorithm and
keys would be available fairly quickly.
> Mxsmanic <[email protected]> wrote:
>
>
>>pltrgyst writes:
>>>Sounds like you need to read a bit more about the distance at which
>>>RFIDs can be read.
>>About 60-90 feet. I've heard of demonstrations at far greater distances.
>
>
> However I can't think that they'd leave the information in the chip "in
> clear": there *must* be encryption of any kind, non?
>
> or a system similar to the French Carte Bleue PIN: it is written "in
> clear" in the chip but only devices with the adequate authorisations can
> read it?
>
>
Probably not since it would be useless. Encryption will only work if
you can restrict the readers. With such a system the number of groups
authorized to read the chip would be large enough that the algorithm and
keys would be available fairly quickly.
Aug 15th 2005, 4:50 am
#15
Guest
Posts: n/a
Re: US Passports RFID chips a security problem
Stanislas de Kertanguy writes:
> That's very weird. Neither encryption nor access control?
Nope, at least not according to the original plan.
Apparently the State Department is now considering some sort of
precautions, finally.
> That sems unbelievable to me given the nature of date carried into the chip.
I agree, and so do many others. That's why it caused such an uproar.
--
Transpose mxsmanic and gmail to reach me by e-mail.
> That's very weird. Neither encryption nor access control?
Nope, at least not according to the original plan.
Apparently the State Department is now considering some sort of
precautions, finally.
> That sems unbelievable to me given the nature of date carried into the chip.
I agree, and so do many others. That's why it caused such an uproar.
--
Transpose mxsmanic and gmail to reach me by e-mail.
