Slashdot Mirror
Fatal Flaw Weakens RFID Passports
fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.
Time to don the full body tinfoil armor!
domain combinatorics
So its time to Microwave your new Passport for a few seconds to cook the RFID device, right?
--We don't NEED no stinkin' sig!
As with the UK's attempts to push through ID cards, the politicians in charge have at best a vague fuzzy idea of what the technology can do, but it sounds funky so let's do it anyway.
Tiny details like monumental security problems and the things plain not working don't exist in the simplified pitch they get from their lobbyists, so they continue to push it through anyway, on the grounds that it's "Anti-Terror".
You don't support Terror, do you?
"I Know You Are But What Am I?"
this magical RFID device needs to be opened manually, looked at, checked, optically scanned and then finally used as RFID to get the digital picture and print from the device?
This is going to take 3x longer and be prone to more failures surely?
This is a benefit how?
Surely a 2d barcode would be better, or just use old tech mag swipe?
Stupid mofo imbeciles.
liqbase
I only travel by climbing fences and digging tunnels.
man, I feel like mold.
RFID chips, including the ones specified for U.S. passports, can still be uniquely identified by their radio behavior. Specifically, these chips have a unique identification number used for collision avoidance. It's how the chips avoid communications problems if you put a bagful of them next to a reader. This is something buried deep within the chip, and has nothing to do with the data or application on the chip.
Ok, so it has a unique ID on it but it doesn't appear that the ID is tied to you or the data. FUD?
The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches
I've got to wonder why, in this case, they don't use Magcards instead of RFID. Older technology, yes, but not any more limited for the use given, and a bit more secure as they require contact with the card to read. If they're supposedly going to limit the RFID to magcard limits, why not just use a magcard?
"A demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet."
Is this anything like the BlueSniper?
"To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed."
Well there has to be better protection for identity theft than having the passport closed all the time. You may not know whether it is open or closed, but it should have some way of notifying you if it is unsecured. How about having the passport just become a single card with some kind of flash memory built in?
There are many other scenarios where the RFID tags could be exploited, but you will first have to put on your tinfoil hat in order to even conceive of any of these conspiracies.
He who knows best knows how little he knows. - Thomas Jefferson
The interesting question is : Will my passport still work if I put it on top of my microwave oven and under my cell phone ? Are these residual radiations enough to get it fried ? I hope this has been carefully studied, but from what I have read/heard in the past, RFID main target was the low-cost and short lifespan labelling market. Can it last the ten years of validity of my passport ?
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Why not just make a container for the passport - like a cigarette holder - but lighter, which does not allow reading the RFID chip at all from any distance?
Why bother? American tourists are very easy to spot without having to resort to fancy technology. Just follow the bright white sneakers and the loud complaints about the food, the hotel, the prices, etc. etc...
People say I'm crazy, I got diamonds on the soles of my shoes...
Get or renew your passport now and it should be RFID-free for the next 10 years.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
A days parking at the airport : 12$
Homemade Magnetron gun concealed in suitcase : 250$
Watching everyone you point your suitcase at miss their flight and get arrested (before you get arrested yourself) : Priceless!
My left arm is all scars and I consider that a valid excuse...
From the summary:
The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches, but a demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet.
The poster apparently did not carefully RTFA (skipped page 2, is my guess). The 69-foot detection range does not apply to the RFID chips in this case, because of that 'Tin Hat' (the passport is radio-shielded when closed); Schneier was referring to RFID chips in general when he brought that statistic up, not this particular instance. Arguably (if you're going to put RFID chips in passports) this is one of the few things that they've actually fixed.
(I personally think that the whole thing is a bad idea...but let's attack the system on its demerits, not on no-longer-relevant bugs.)
I am VERY interested in YOUR comments. PLEASE specify more where YOU heard this INFORMATION. Was it PERCHANCE at a heavy METAL rock concert?
Buzzword compliance.
The Benefits:
/. for a little knows how easy collecting personal data can be.
For the average bad guy, a contactless module will make much harder to fabricate an identity.
Ideally, gov'ts have a better idea who is coming and going from a country and in a much more efficient manner.
For the average person, this doesn't affect them at all.
For the average dissident, the gov't still going to give them a hard time, so this might be one more way to make life difficult.
The Bad:
Bad guys can "collect" information. It's unclear to me what they would do with a unique identifier. They need much more than just the unique identifier. They would need to associate the identifier with (one assumes) the right identity. You don't need to be a bad guy to do that. You can buy most of it from totally legal companies right now. Please explain if I'm missing something here.
Epensive! Understand that it's not just about a passport that will be at least 10x more expensive to make, but the infrastructure to make it work at least half-way decent is a huge project. I submitted my passport information at my local post office. Now, every agency that can accept passport applications has to be somehow connected to the place where the passport is made. Then how do the airports "know" the passport is authentic? More new infrastructure.
The gov't collects information.
Well, they do that already except they buy it from private enterprises. They watch the bad guys. They watch people that they view as threatening. I don't see what changes here. Furthermore, anyone that's been on
Am I missing something?
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
As a Canadian fed agent, I emphasise with our US neighbours in their attempts to improve the security on the passports. It's a challenge to make passports secure, even with the best of technology. Canadian passports are one of the most forged in the world, and the safest to use from a suspicion point of view. With over 10% of our population landed immigrants, and a huge multicultural population, we represent one of the most diverse cultures in the world.
I'm sure they could devise an XYZ technology for their password and someone would either crack, track, or spoof it.
Something is better than nothing.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
Edited for accuracy.
Don't lie to us like that.....not all of us are N00bs
As someone else pointed out, many countries make you show your passport as identification.
It's time someone make a passport "book cover" that covered the inside-covers with a transparent faraday cage. Think clear plastic with thin closely-spaced wires.
Or, if that doesn't work, a "book cover" that includes a probably-battery-powered jammer that jams any attempt to read it.
Of course you'd remove your passport from this at points of entry and for other official purposes, but when a private merchant asks to see your passport as ID, he won't be able to scan it, leaving him with a business decision: rely on the visible passport, or ask you to shop elsewhere. More importantly, the hopefully-rare-but-I-don't-want-to-meet-him id-theiving-store-clerk won't be able to scan it.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
My mom used to work at the welfare office for the Cabrini Green projects in Chicago. She used to listen to some of her fellow workers sitting at screens, data mining the client's records for people who weren't at home during working hours. They were using the information to rob the empty homes during lunch hours. True story.
Technology gives bad people with power ever more ways of fucking you over. If they DON'T need the tool, don't give it to them. We didn't need RFID passports before, and we don't need them now. Misdirection is afoot. What ELSE are they adding to the passports besides RFID? Get that question answered, and you'll know how they are fucking us in brand new ways.
When a corporation or a government (in the U.S., indistiguishable now) wants a new way to track people, it's never for the citizens' good, but for their own. Acquiesence to tyranny happens a tiny bit at a time. In twenty years, a whole generation of the world's people will have grown up in a virtual prison, and won't even notice.
Under US pressure and the general terrorism FUD the German government decided to introduce new passport documents with RFID starting from Nov 1st 2005. I got me an old one without RFID that will be valid until 2015 and every day I am more sure I did the right thing.
On se Internetz nobody noes your German.
Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner.
If an optical scanner needs to be used to read the encryption key, doesn't that defeat the no-contact advantage of RFID as the passport then needs to be close to the scanner. Why not just use some smart card technology and avoid the radio part altogether?
Is there ever a reason the wireless feature of RFID would be needed for passports? Wouldn't smartcards provide all the necessary forgery prevention and data storage without any need for tinfoil hats?
If you don't keep quiet, we're going to end up with lots of other buzzword techs in our passports.
I expressed similar questions when reading the previous articles. Why not a barcode? An RFID system only has an identifier, a key ot a database. A barcode could have actual data on it.
From one of the responses to the previous articles of this sort, I understand that the system here is a bit different than regular RFID. One is that this system actually does have information in it, not just an ID. That doesn't relate to your question, but I found it very enlightening.
Another thing this system does is it is a challenge-response system. That is, it has information in it that is not emitted until you give the right information to it. Perhaps this is the information in that barcode on the password, I dunno. Anyway, a barcode is there for everyone to read, it cannot hide itself until the right key is given to it. The content could be encrypted, but once you take a picture of the barcode, you have its data, you could work on cracking it later, and the "owner" of the barcode wouldn't even know you were doing it. With this system, you can only work on extracting its secrets when you are in proximity to the chip. In addition, it is possible for the chip to monitor and know that you successfully passed its test and got its info. So you will at least know if you've been had when the "successful reads" counter (if it has one) is higher than you expected.
All in all, it seemed like a reasonable system to me. The actual presence of data (as opposed to just a key), the tinfoil cover and the requirement to read the barcode optically before you can get the data (other than ID) out all just adds up to a pretty good system to me. Definitely far better than the representations of it I had seen earlier.
http://lkml.org/lkml/2005/8/20/95
Excellent Question!
US Passports have a validity of 10 years. Modern contact chips in smart cards have an estimated life of 4-5 years. So you would theoretically have to get at least twice as many passports. Also, you can't really just replace passports with smart cards because not every country in the world will be able to read those smartcards at the get go. (Think Chad or other 3rd world countries) so you have to continue to use a typical human readable passport. This program is designed for the 27 or so VISA-waiver countries. There was no way that anyone was going to successfully mandate a single physical form factor for the passports of 28 different sovereign nations, but they were able to (finally) reach an agreement on an embedded chip, interface and some minimal and optional contents. These were the driving reason for contactless, and it is unfortunate that the US State Dept. did not consider privacy from the get go. But thanks to a public outcry, now they have.
Someone else asked what was wrong with the current passports. In a word, the answer is forgery. The new passports include a digital signature across the entire contents of the passport including the photo. So if I as a bad guy, take your passport and try to replace your photo with mine, either the photo on the chip won't match, or if you somehow figure out how to replace the photo on a chip that has had its write mode disabled permanantly, the digital signature will not verify. So with the new passports, the only way to get an undetectable forgery is to get the real thing through the passport office, probably not impossible (think bribes and extortion of issuance officers), but now we have an honest shot at detecting it, and if one does turn up, you might be able to go back and figure out who issued it. This has an additional side benefit in that it makes stealing chip equipped passports worthless. This should help increase the security of travellers who are sometimes attacked or robbed solely for their passport.
Im my opinion, now that steps have been taken to reduce the possibilities of skimming, the benefits of the new passports outweigh the negatives. Schnier's alarmism about the serial numbers is just that. If someone really wants to track people so badly that they will start building databases of those serial numbers and correlating them with information that they have obtained through some justified mechanism, just so that they can track you when you happen to have your passport open anyway, then they are going to track you, and there is not much you can do about it anywyay. This is roughly the same risk as having a hidden camera near a point where you open your passport (or someone opens it for you). It's just to far to go for the limited benefit. The new protections have tipped the balance in favor of the new ePassport, and while Schnier does point out a flaw that is unfortunate, it is certainly repairable in the future, and not "fatal". If the US starts issuing passports without the flaw in the next few years (before all the passports with no chip at all expire) no one will bother trying to attack passport security in this fashion. It just isn't worth it.
Stop Continental Drift! Reunite Gondwanaland!
That I should be using Plate +3 (+5 versus State Department goons, diplomats and internet cafe baristas)
We play the game with the bravery of being out of range
Although some have derided this as a tinfoil hat for passports, the fact is that it is indeed a fucking tinfoil hat!
If the KEY is printed and thus has to be scanned, why don't they just print the information on there too? I mean, they are already planning to require you to put it across an optical scanner, so there must be another, unspoken, reason for using RFID.
The reasoning behind using RFID Passports seems *VERY* flawed. I am suspect of any agency that is a proponent of such reasoning. I'm sure terrorists and boogyman will be mentioned several times in the explanation as to why we should have this technology.
Someone is hiding something!!
wrong. There are still 2 important benefits:
1. Contact chips only last 4-5 years. US passports are valid for 10. The contactless chip is more durable. 2. There is no need to attempt to mandate the exact size and shape of 28 countries different passport. Very difficult, especially in the current political climate. Remember that this initiative started when the US said you have to do this to be a visa waiver country. The International Civil Aviation Organization then set the standards. So don't blame just the US for the fact that it's an RFID chip. 28 countries agreed to this because it was the path of least resistance.
Also, I don't think optical codes can store as much data as this RFID chip, but I may be wrong about that
I see your B.S. and raise you!
Stop Continental Drift! Reunite Gondwanaland!
Isn't the whole point of the tin-hat to give the public confidence, while still allowing tracking by suitably equipped (funded) parties?
How hard is it to track a person with tin-hat in public places?
In theory there is no difference between theory and practice. In practice there is. - Yogi Berra
The only way to solve this is to randomly-generate the UID on the RFID during the anti-collision process, which dramatically increases the cost of the card. Encrypting the UID is out of the question because the anti-collision process is very low-level.
To the people who are scared of identity theft: this flaw does NOT expose the information on the card, so an atacker using this will NOT get your photo,name,age,fingerprent minutia, etc. The only malicious way this could be used is to recognize a person identified before.
But the area where the anti-collision process can be eavesdropped on is at least 10m (some 30 feet), because a part of the process requires that the RFID reader broadcast the UID of the card it selects for comunication. Wrapping the passport in tin-foil will protect you from hidden readers, so your passport will not be detectable in your pocket.
To review:
Am I the only one who is beginning to think that RFID is a problem in search of a different problem. This news today proves conclusively that nothing is gained by using the chips. They open up pointless security holes and provide not one bit of protection.
What a damned waste.
You might have noticed in the article that some countries have already starting issuing these new passports. I can confirm that because I have one right here.
Visually it looks very similar to a regular pasport, although it now has a little symbol on the bottom of the front cover denoting it as an electronic passport. The chips are stored in the centre of the passport, in what looks like about 7 pages stuck together. It has a warning printed on this page about it containing sensitive electronic components, and that you shouldn't bend, perforate or expose it to extreme temperatures or excess moisture. Further down it also says to please treat it with the same care you would any sensitive electronic device.
I can't see any evidence of a metal shield in the front and back covers, and I can't see where the number is that must be scanned optically to get the access code for the rfid chip is.
Physically it is noticeably thicker, heavier, and stiffer. The other point worth making is that it was ~10% more expensive then a regular passport.