Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds At DefCon Alarmed After RFIDs Scanned

Posted by CmdrTaco on from the oh-sure-now-you're-alarmed dept.

FourthAge writes "Federal agents at the Defcon 17 conference were shocked to discover that they had been caught in the sights of an RFID reader connected to a web camera. The reader sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks. The 'security enhancing' RFID chips are now found in passports, official documents and ID cards. 'For $30 to $50, the common, average person can put [a portable RFID-reading kit] together,' said security expert Brian Marcus, one of the people behind the RFID webcam project. 'This is why we're so adamant about making people aware this is very dangerous.'"

19 of 509 comments (clear)

  1. What do you bet... by thisnamestoolong · · Score: 5, Insightful

    ...the Feds try to ban the tech to read the RFIDs instead of urging credit card manufacturers/the state department to back off on putting RFID chips into everything?

    --
    To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine
    1. Re:What do you bet... by commodore64_love · · Score: 4, Insightful

      It's easier to outlaw gadgets than to admit you're wrong.

      That's why, thanks to recent laws, only criminals carry guns. Pretty soon only criminals will have webcameras or RFID sniffers.

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    2. Re:What do you bet... by multisync · · Score: 5, Insightful

      I found this part really interesting:

      It's not known if any Feds were caught by the reader. The group that set it up never looked closely at the captured data before it was destroyed. Priest told Threat Level that one person caught by the camera resembled a Fed he knew, but he couldn't positively identify him.

      "But it was enough for me to be concerned," he said. "There were people here who were not supposed to be identified for what they were doing ... I was [concerned] that people who didn't want to be photographed were photographed."

      Priest asked Adam Laurie, one of the researchers behind the project, to "please do the right thing," and Laurie removed the SD card that stored the data and smashed it. Laurie, who is known as "Major Malfunction" in the hacker community, then briefed some of the Feds on the capabilities of the RFID reader and what it collected.

      Nice to see that - after they made their point - the organizers and attendees at "one of the most hostile hacker environments in the country" did the right thing and destroyed the data. I'm sure we could count on law enforcement, our employers and credit card companies to show the same moral character.

      --
      I don't care why you're posting AC
    3. Re:What do you bet... by FreeUser · · Score: 4, Insightful

      You can microwave it. The RFID antenna collects to much power and fries the circuit. Should take a second or two.

      While an inoperative RFID may not invalidate your passport, I suspect a big honking scorch mark in the middle of the thing just might.

      --
      The Future of Human Evolution: Autonomy
    4. Re:What do you bet... by Shakrai · · Score: 4, Insightful

      Blatantly true, at least in parts of the United States

      Fixed that for you. If you think you can get a carry permit in New York City/San Francisco/Chicago as a law abiding American citizen think again. The only way that happens is if you are rich and have political connections. The rest of us poor slobs don't have the right to defend ourselves if we are unlucky enough to live in a part of the country run by the anti-gun zealots.

      This will eventually change when the 2nd amendment is incorporated against the states but it doesn't change the fact that right now you effectively have no right to keep and bear arms if you live in the wrong part of the country.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    5. Re:What do you bet... by ColdWetDog · · Score: 4, Insightful

      A brief trip to the microwave works better. Fewer indentations on the cover ("No officer, it doesn't look like someone's been beating this passport with a hammer, why do you ask?").

      Not quite as satisfying however.

      --
      Faster! Faster! Faster would be better!
    6. Re:What do you bet... by Shakrai · · Score: 4, Insightful

      Sad but true. My favorite is the Hollywood types that rant about the evils of firearm ownership while being protected by armed bodyguards. Fucking hypocrites.

      All animals are equal but some are more equal than others.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    7. Re:What do you bet... by modecx · · Score: 4, Insightful

      If they weren't out there publicly trying to get our rights taken away, they wouldn't attract crazy people, therefore they wouldn't need the armed security.

      Until then keep your deadly weapons and wild west "justice" out of my community.

      So, move to LA, San Francisco, New York City, Chicago, etc. and the terrible worry about peacefully minded citizens taking legal means to protect themselves from assault, rape, robbery, etc. will never again burden you.

      --
      Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
    8. Re:What do you bet... by operagost · · Score: 5, Insightful

      When you join a militia and keep your guns for that, you'll have a point.

      The government has done its best for decades to convince the people that militias are full of homicidal maniacs. And no, the National Guard is not a militia. It is a standing army under the control of the FEDERAL government-- and it has to be, because states are forbidden from having standing armies in the Constitution.

      Guns are cowardly

      Compared with... what? "Putting up your dukes," as one ignoramus once snorted on slashdot? Would you ask your 80 year-old grandma to "put up her dukes"? I bet she could handle a small pistol, though.

      And I do completely support the right to have hunting rifles.

      Thanks to the 10th Amendment, we do have the right to use hunting rifles. However, the general right to KEEP AND BEAR ARMS is EXPLICITLY mentioned in the 2nd. The "militia" part is not a condition of that.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    9. Re:What do you bet... by JCSoRocks · · Score: 4, Insightful

      Even if you could prove to me that guns were used in even half of those cases I would still say your argument has no merit. Having a gun makes no difference in those situations. If you're so pissed off that you're going to kill someone, you're going to find a way to do it. People have been beating, stabbing, bludgeoning, drowning, choking and otherwise finding ways of killing people they dislike since the dawn of man. It's foolish and naive to believe that guns have anything to do with it.

      In fact, I'd say gun ownership does more to prevent crime than it does to encourage it. If I'm a big guy and I figure that I could throttle you pretty easily, but I know that you carry a gun, that may dissuade me from assaulting you. I'm not going to say with 100% certainty that it will - that would be hyperbole. I will, however, assert that it would change a lot of people's minds.

      --
      You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
  2. Re:bar-codes by ari_j · · Score: 4, Insightful

    People can't surreptitiously read personal identifying information from a bar code that's in your pocket.

  3. Re:bar-codes by multisync · · Score: 4, Insightful

    It doesn't really make sense to say RFID is "very dangerous" unless you have that same fear of bar-codes.

    There is no bar code on my passport, credit card or driver's license. Even if there was, it's unlikely that person sitting at the next table with a portable bar code reader could read the bar code off my Visa card while it's in my wallet.

    --
    I don't care why you're posting AC
  4. Re:bar-codes by Kartoffel · · Score: 4, Insightful

    Right, but they sure can read whatever your RFID has to say. The problem is twofold:

    1) Ignorant implementers put sensitive data on RFID's in plaintext.
    2) Users are unaware of what data is actually *in* their RFID items.

    RFID tags are dumb, low powered, even passive devices. If you can't afford active RFID's with public key encryption, don't put sensitive data on the damn things!

  5. If they have done nothing wrong... by Anonymous Coward · · Score: 5, Insightful

    ...they have nothing to fear. Let's see how they like that argument used against _them_!

  6. Missing the point. by BlueKitties · · Score: 5, Insightful

    I was charged with writing POS software where I work. After looking into using scanners, I came across RFID. As it turns out, instead of needing to scan your crap, you can just have a magic wand magically take inventory for you. In fact, after looking into it, I realized I could rig sensors in our storage room to automatically re-take inventory periodically.

    I'm sure some people are pushing for RFID for the wrong reasons, but I'm all for it as a replacement for barcodes as far as keeping stock goes. Imagine going to Walmart, and your shopping buggy automatically tells the clerk how much money you owe! Well, that might be a ways off, but it's possible.

    I think RFID is an awesome tech, it just has a risk for being abused. Just like barcodes are awesome, but we don't want them on our forehead (unless we're playing shadow run, then it's 'cool.)

    --
    "Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
    1. Re:Missing the point. by TooMuchToDo · · Score: 4, Insightful

      RFID tracking inventory/rail cars/etc. = OK
      RFID tracking people = NOT OK

  7. Re:Silly Feds by aynoknman · · Score: 4, Insightful

    I don't know about the new passports, but RFID-enabled New York State Enhanced Driver Licenses come with a foil sleeve and a recommendation to keep the license in the protective sleeve when not in use.

    That's right - the government is providing tinfoil hats for your RFIDs already.

    As asinine as possible. The advantage of RFID is convenience. Let's use it and then make it less convenient to use.

    General lesson: Convenient or secure. That's an XOR.

    --
    We need a "+1 -- nice sig" moderation.
  8. Re:bar-codes by socsoc · · Score: 5, Insightful

    A mag strip is as similar to a barcode as a christmas tree is to a sequoia...

  9. Re:The Federal Agents weren't Pwnd by Dunbal · · Score: 5, Insightful

    There's nothing particularly special on the RFID chip. A parking facility card and a passport generate the same amount of interesting information. A unique ID. Whew!

          The problem is when you have another government computer that is counting on the Unique ID to be a UNIQUE ID, and using ONLY THAT parameter (plus other info also on the card) to identify someone - congratulations, you have just stolen someone else's identity.

    --
    Seven puppies were harmed during the making of this post.