Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds At DefCon Alarmed After RFIDs Scanned

Posted by CmdrTaco on from the oh-sure-now-you're-alarmed dept.

FourthAge writes "Federal agents at the Defcon 17 conference were shocked to discover that they had been caught in the sights of an RFID reader connected to a web camera. The reader sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks. The 'security enhancing' RFID chips are now found in passports, official documents and ID cards. 'For $30 to $50, the common, average person can put [a portable RFID-reading kit] together,' said security expert Brian Marcus, one of the people behind the RFID webcam project. 'This is why we're so adamant about making people aware this is very dangerous.'"

13 of 509 comments (clear)

  1. What do you bet... by thisnamestoolong · · Score: 5, Insightful

    ...the Feds try to ban the tech to read the RFIDs instead of urging credit card manufacturers/the state department to back off on putting RFID chips into everything?

    --
    To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine
    1. Re:What do you bet... by oenone.ablaze · · Score: 5, Interesting

      This is a legal gray area, but a couple years back Wired suggested that hitting the passport's chip with a hammer would disable the RFID without obvious signs--a disabled RFID chip does not invalidate the passport.

    2. Re:What do you bet... by multisync · · Score: 5, Insightful

      I found this part really interesting:

      It's not known if any Feds were caught by the reader. The group that set it up never looked closely at the captured data before it was destroyed. Priest told Threat Level that one person caught by the camera resembled a Fed he knew, but he couldn't positively identify him.

      "But it was enough for me to be concerned," he said. "There were people here who were not supposed to be identified for what they were doing ... I was [concerned] that people who didn't want to be photographed were photographed."

      Priest asked Adam Laurie, one of the researchers behind the project, to "please do the right thing," and Laurie removed the SD card that stored the data and smashed it. Laurie, who is known as "Major Malfunction" in the hacker community, then briefed some of the Feds on the capabilities of the RFID reader and what it collected.

      Nice to see that - after they made their point - the organizers and attendees at "one of the most hostile hacker environments in the country" did the right thing and destroyed the data. I'm sure we could count on law enforcement, our employers and credit card companies to show the same moral character.

      --
      I don't care why you're posting AC
    3. Re:What do you bet... by thisnamestoolong · · Score: 5, Interesting

      No. You are wrong. It is fairly easy to get a license to purchase a shotgun that you leave at home in most places in America, yes, but in many places it is almost impossible to get a license to actually have the weapon with you. My friend's dad works in and out of Boston in some pretty rough neighborhoods, and after witnessing a crime and calling the police he had several DOCUMENTED threats made against his life (ie coming out to see WE ARE GOING TO F*CKING KILL YOU HONKY spraypainted on the side of his truck). Even with this, he was not able to obtain a concealed carry permit. His criminal record is 100% clean, and he even knew some guys high up in the force that could pull some strings, but eventually the reason he got was that they didn't see that he needed to carry a gun. Thankfully, he never ended up getting murdered, but don't just stand there and proclaim that it's not true that only criminals have guns, you just make yourself look like a fool.

      --
      To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine
    4. Re:What do you bet... by stoolpigeon · · Score: 5, Informative

      It is still valid. After returning from a long trip I went to bed and my wife did all my laundry from my trip, which included my passport and ipod nano in a shirt pocket. I was traveling again shortly after and tried to find someone who could tell me if it was still valid, but had no luck. I was going from the U.S. to Mexico and just figured I'd see how it went.

      The agent tried to scan the chip and when it didn't work, just treated it like an older passport. I've gone out of the country with it again since then and had the same result.

      I wouldn't recommend that approach, as is mentioned above, a hammer will do the job. It took me a while to dry out my passport then I had to leave it under a huge stack of books to get the pages flat again. Knowing that people keep them for 10 years makes me think that they must go through all kinds of things like that.

      The nano took longer to dry out completely but still works.

      I hope events like this (the scanning of the chips) keep getting attention so that something can be done before disabling the chip becomes synonymous with invalidating the document.

      --
      It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
    5. Re:What do you bet... by xerxesVII · · Score: 5, Funny

      I find it peculiar that they were willing to participate in criminal activity but could not bring themselves to spell the word "FUCKING".

      --
      "We shall grapple with the ineffable, and see if we may not eff it after all." - Douglas Adams
    6. Re:What do you bet... by operagost · · Score: 5, Insightful

      When you join a militia and keep your guns for that, you'll have a point.

      The government has done its best for decades to convince the people that militias are full of homicidal maniacs. And no, the National Guard is not a militia. It is a standing army under the control of the FEDERAL government-- and it has to be, because states are forbidden from having standing armies in the Constitution.

      Guns are cowardly

      Compared with... what? "Putting up your dukes," as one ignoramus once snorted on slashdot? Would you ask your 80 year-old grandma to "put up her dukes"? I bet she could handle a small pistol, though.

      And I do completely support the right to have hunting rifles.

      Thanks to the 10th Amendment, we do have the right to use hunting rifles. However, the general right to KEEP AND BEAR ARMS is EXPLICITLY mentioned in the 2nd. The "militia" part is not a condition of that.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
  2. Misleading post text... by sifi · · Score: 5, Informative

    Federal agents at the Defcon 17 conference were shocked to discover that they had been caught in the sights of an RFID reader connected to a web camera...

    erm... not quite what the Wired Article says:

    But the device, which had a read range of 2 to 3 feet, caught only five people carrying RFID cards before Feds attending the conference got wind of the project and were concerned they might have been scanned

    Still I suppose the Feds have probably hacked into the Wired Article and fixed that one...

    --
    Sig (appended to the end of comments you post, 120 chars)
  3. If they have done nothing wrong... by Anonymous Coward · · Score: 5, Insightful

    ...they have nothing to fear. Let's see how they like that argument used against _them_!

  4. Missing the point. by BlueKitties · · Score: 5, Insightful

    I was charged with writing POS software where I work. After looking into using scanners, I came across RFID. As it turns out, instead of needing to scan your crap, you can just have a magic wand magically take inventory for you. In fact, after looking into it, I realized I could rig sensors in our storage room to automatically re-take inventory periodically.

    I'm sure some people are pushing for RFID for the wrong reasons, but I'm all for it as a replacement for barcodes as far as keeping stock goes. Imagine going to Walmart, and your shopping buggy automatically tells the clerk how much money you owe! Well, that might be a ways off, but it's possible.

    I think RFID is an awesome tech, it just has a risk for being abused. Just like barcodes are awesome, but we don't want them on our forehead (unless we're playing shadow run, then it's 'cool.)

    --
    "Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
    1. Re:Missing the point. by Evil+Shabazz · · Score: 5, Funny

      I love acronyms. :) My mind read your first sentence as, "I was charged with writing [Piece of Shit] software where I work." "Point of Sale" is only a secondary parsing of that acronym for my language framework. ;)

      --
      Down with the career politician! SUPPORT TERM LIMITS
  5. Re:bar-codes by socsoc · · Score: 5, Insightful

    A mag strip is as similar to a barcode as a christmas tree is to a sequoia...

  6. Re:The Federal Agents weren't Pwnd by Dunbal · · Score: 5, Insightful

    There's nothing particularly special on the RFID chip. A parking facility card and a passport generate the same amount of interesting information. A unique ID. Whew!

          The problem is when you have another government computer that is counting on the Unique ID to be a UNIQUE ID, and using ONLY THAT parameter (plus other info also on the card) to identify someone - congratulations, you have just stolen someone else's identity.

    --
    Seven puppies were harmed during the making of this post.