RFID Passports Cloned Without Opening the Package 168
Jeremy writes to tell us that using some simple deduction, a security consultant discovered how to clone a passport as it's being mailed to its recipient, without ever opening the package. "But the key in this first generation of biometric passport is relatively easy to identify/crack. It is not random, but consists of passport number, the passport holder's date of birth and the passport expiry date. The Mail found it relatively easy to identify the holder's date of birth, while the expiry date is 10 years from the issue date, which for a newly-delivered passport would clearly fall within a few days. The passport number consists of a number of predictable elements, including an identifier for the issuing office, so effectively a significant part of the key can be reconstructed from the envelope and its address label."
Does anyone remember Press Your Luck? (Score:5, Interesting)
This article reminds me of that story.
Same old Daily Mail (Score:3, Interesting)
So basically, exactly what goes on now, except for the new false sense of security. Great!
* I knew they'd bring this up
What about US passports? (Score:5, Interesting)
There's no "chip:" the electronic storage is embedded in the photo page of the passport, among a series of wires covered with laminate. The Department of State says the cover of the new passports prevents RFID scanning when closed, which probably explains why the cover is a different thickness and flexibility than the previous passports.
Funny thing, though: the passport itself was opened flat in the shipping envelope from the passport center. So, presumably, it could be read. I wonder what sort of security the USDoS is using on these things?
The article has nothing to do with U.S. passports, since the Brits are using a different RFID mechanism. So, no help there. I wonder how many people read the article summary (which fails to mention this detail - it probably should, since this is a rather U.S.-centric website) without RTFA and are busy microwaving their new U.S. passports?
Re:Packaging (Score:4, Interesting)
Re:One of the problems with RFID (Score:4, Interesting)
I'm a "Law 'n Order Anarchist" (Score:3, Interesting)
I, on the other hand, characterize myself as a "Law 'n Order Anarchist" (or "Law 'n Order Minarchist" on even-numbered days). That means I think we should get rid of all (or all but the minimum necessary) of the laws - but believe it must be done in the right ORDER or it makes things worse rather than better.
(Actually, I'm more of a "Constitutional Law 'n Order Anarchist/Minarchist" Let's get there by legal means, such as repeals and amendments.)
A prime example of this order-dependence is the immigration barriers. Open borders would be nice. But you have to remove the cancerous overgrowth of the social services first. Otherwise you get an inrush of people who put a far larger load on the services than any taxes on them cover, while depressing wages and breaking unions. A double pick of the workers' pocket - for the dubious "benefit" of giving employers a break on wages. The mass of workers gets hit twice - once in the paycheck, again in taxes. A perfect, though indirect, example of "corporate welfare".
Then the citizens retaliate in elections. Libertarians, with their track record of going after any piece of their agenda without regard for the consequences of the order, become further marginalized. Naturalizing the incoming won't help Libertarians either: The bulk of their votes will go for more benefits for themselves.
Your situation is another example: To do what you want you need to get rid of the laws that make owning a machine gun or using it for home defense nearly impossible before you retreat to your fortress neighborhood and open the borders. B-)
Re:The terrorists have won. (Score:3, Interesting)
If there are no borders, then there is effectively no government. This is one of my big problems with the Libertarians. Taking away borders would, in theory, lead to anarchy. In practice, any anarchy gives rise to power centers since nature abhors a power vacuum just as much as it abhors a physical vacuum. In the past, this vacuum was filled by feudal systems that coalesced into nation states. In the present, the porosity of borders combined with the mobility and rapid communications of technological society, allows multinational corporations to fill the void. If you support this particular bit of Libertarian ideology, you indirectly support rule by multinational corporations. I know I'll get heated rebuttals on this from Libertarians. The counter-arguments will probably end up sounding a lot like the GPL zealots who argue that their ideal of freedom is more important than having a video driver that works. If we lose control of the borders, we may all end up so poor that we find ourselves dreaming of the day we can afford to buy a PC from WorldMart that runs GNU/Linux at 640 by 480.
Re:RFID is not going to save the world (Score:3, Interesting)
RFID in and of itself causes security problems outside the realm of whether RFID is secure or not.
It is a simple fact that RFID tags are going in everything. Sooner or later they will be as ubiquitous as UPC codes.
It is also a fact that RFID tags can be read at a distance with off the shelf hardware.
It is ALSO a fast that even more RFID tags can be read at a distance with custom hardware.
It is also a fact that RFID tags are going into the soles of shoes and into tires, both cases in which the tag will be very easily readable because it will be both parallel and close to a flat surface that can easily have an antenna embedded within it.
It's easy enough to stop people from reading your passport. Put it in a metal case, or even a mylar bag (although the latter may not be proof against it, while the former is pretty damned good.) But what we NEED to be able to stop is to stop the government from tracking where each and every person is during their every waking hour. RFID tags are smaller than grains of rice now. They can trivially be secreted in your clothing. In fact you could disguise them as little bits of grit! No one is going to be surprised at some grit in their pants cuff.
I think it's quite reasonable to be paranoid about RFID in a world of continual surveillance and when no government has respect for your rights.
Re:RFID is not going to save the world (Score:3, Interesting)
No card in my wallet is remotely readable, at least to the best of my knowledge. You missed the point entirely.
All that is required is more gain on the receiving side, which in turn requires intelligent filtering and design to have a useful SnR to begin with. Anyway here [idtechex.com] is an article about a company with a solution currently in the field for reading HF tags at ranges up to ten meters.
Also, 6-12 inches is enough if you can get people walking through doorways, or walking up and pressing a button on a traffic light, et cetera. You can always also just bump into them and then you can get absolute proximity.
Making the antenna durable is a triviality. You can place it into the road surface at the same place as the metal detector used to see if your car has pulled up to a light. Want to know what RFIDs are in the tires of an upcoming car? Just switch the light at the right time to stop them. And if they run the light, now you can drag them into court and look up their ass with a flashlight.
I suspect in fact that sooner or later they will devise the technology to use the same loop antenna used to detect your car to read RFID.
It's not about stealing information via RFID. Get that idea out of your head right now. It's about uniquely identifying people by their RFID tag constellation, and being able to track them. It's one more piece in the "ubiquitous surveillance" puzzle. Just as RFID can't save the world, it can't doom it, either. It's part of the problem.
Re:Same old Daily Mail (Score:3, Interesting)
My dad makes the assertion that at least in cars, the germans believe that good components make a good car, whereas the japanese believe that it's good system design that makes the difference. These days, though, both BMWs and Mercedes are big pieces of shit, and VW actually makes a more reliable car. So obviously things are a-movin' and a-shakin' over there.
The Germans DO seem to make the best tools around, though, still. And they make great kitchen appliances :)
Well, they would have made crap here in America, too. It would just have been more expensive crap.
Well, this is where I have to part company with you, more about the former than the latter. The big-box retailers don't just think that, they know it, because people buy the cheap crap over the well-made product in almost every situation. A lot of that is that your warranty doesn't mean shit, so you might as well buy some shit. Most consumer electronics these days have what, a 90 day warranty? Wal-Mart will give me that! So why spend $500 for the good shit when I can spend $100 and get the same warranty?
Since the retailers know it, the manufacturers know it too, and they focus on making cheap crap.
As for the consumers shopping at wal-mart, I think the real problem is one of overconsumption. The government wants us all to consume, because it's good for the economy. Problem is, it's not good for us, and when we're all fucked, so will the economy be. Or vice versa - did you know the US dollar and Canadian dollar have reached parity? That is some scary shit if you live in the USA.
But anyway, without overconsumption we would have more money to spend carefully on our purchases, but you can go out any day of the week and see people below the US poverty line pushing their baby in a $300 stroller. The baby is wearing $100 sneakers. They get into a new car which they'll be making payments on long after the car is a pile of shit...