Slashdot Mirror
Feds At DefCon Alarmed After RFIDs Scanned
FourthAge writes "Federal agents at the Defcon 17 conference were shocked to discover that they had been caught in the sights of an RFID reader connected to a web camera. The reader sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks. The 'security enhancing' RFID chips are now found in passports, official documents and ID cards. 'For $30 to $50, the common, average person can put [a portable RFID-reading kit] together,' said security expert Brian Marcus, one of the people behind the RFID webcam project. 'This is why we're so adamant about making people aware this is very dangerous.'"
This is a legal gray area, but a couple years back Wired suggested that hitting the passport's chip with a hammer would disable the RFID without obvious signs--a disabled RFID chip does not invalidate the passport.
They should've used the foil protective sleeve provided with the document in question and reccommended by the organization who provided the document.
I don't know about the new passports, but RFID-enabled New York State Enhanced Driver Licenses come with a foil sleeve and a reccommendation to keep the license in the protective sleeve when not in use.
That's right - the government is providing tinfoil hats for your RFIDs already.
retrorocket.o not found, launch anyway?
... my passport certainly does. I got mine at ThinkGeek.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
What worries me is the black hat demo where their RFID detector detected US passports within range of a garbage can and detonated an explosive in said garbage can. No barcode/magstrip can be read remotely to determine your country of origin and action taken based on that.
Paget announced during his DefCon talk that his security consulting company, H4rdw4re, will be releasing a $50 kit at the end of August that will make reading 125-kHz RFID chips â" the kind embedded in employee access cards â" trivial. It will include open source software for reading, storing and re-transmitting card data and will also include a software tool to decode the RFID encryption used in car keys for Toyota, BMW and Lexus models. This would allow an attacker to scan an unsuspecting car-ownerâ(TM)s key, decrypt the data and open the car. He told Threat Level theyâ(TM)re aiming to achieve a reading range of 12 to 18 inches with the kit.
Just wait until someone creates a small RFID reader and hooks it up to an iPhone in their pocket (a combo that would be virtually undetectable) and starts walking through the subway collecting info. We can already pick up the credit card owner's name, credit card number, expiration date, etc. right off of the RFID tags present in AMEX cards.
No. You are wrong. It is fairly easy to get a license to purchase a shotgun that you leave at home in most places in America, yes, but in many places it is almost impossible to get a license to actually have the weapon with you. My friend's dad works in and out of Boston in some pretty rough neighborhoods, and after witnessing a crime and calling the police he had several DOCUMENTED threats made against his life (ie coming out to see WE ARE GOING TO F*CKING KILL YOU HONKY spraypainted on the side of his truck). Even with this, he was not able to obtain a concealed carry permit. His criminal record is 100% clean, and he even knew some guys high up in the force that could pull some strings, but eventually the reason he got was that they didn't see that he needed to carry a gun. Thankfully, he never ended up getting murdered, but don't just stand there and proclaim that it's not true that only criminals have guns, you just make yourself look like a fool.
To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine