Slashdot Mirror

← Back to Stories (view on slashdot.org)

Germany To Roll Out ID Cards With Embedded RFID

Posted by Soulskill on from the meine-Brieftasche-ist-radioaktiv dept.

An anonymous reader writes "The production of RFID chips, an integral element of the new generation of German identity cards, has started after the government gave a 10-year contract to the chipmaker NXP in the Netherlands. Citizens will receive the mandatory new ID cards starting from the first of November. The new card allows German authorities to identify people with speed and accuracy, the government said. These authorities include the police, customs and tax authorities and of course the local registration and passport granting authorities. There are some concerns that the use of RFID chips will pose a security or privacy risk, however. Early versions of the electronic passports, using RFID chips with a protocol called 'basic access control' (BAC), were successfully hacked by university researchers and security experts."

10 of 235 comments (clear)

  1. time to buy by zerothink · · Score: 4, Informative

    It's time to buy RFID-blocking cover/wallet/bag/whatever. Or feel free to have some fun with aluminum foil - http://www.rpi-polymath.com/ducttape/RFIDWallet.php

    1. Re:time to buy by MikeyVB · · Score: 4, Informative

      For the curious, it takes approximately 4 layers of aluminum foil to block a scanner from activating the RFID signal when your Al lined wallet is point blank from a standard scanner.

      (After receiving an RFID enabled ID card here in the Netherlands last year, I tested it on our office copy/scanner RFID reader, and then simply lined my wallet with double the number of layers it took to block the signal. Works like a charm!)

  2. Re:EU passports by Anonymous Coward · · Score: 3, Informative

    On the contrary. Since the new EU passports contain fingerprint data and a digital version of the picture, much of the contention about the new passports revolved around the creation of a central database of biometric information. If the passports were just an index into the database, then that database would be inevitable.

    It is important that technology-minded users learn not to apply the usual centralist approach to everything. We are not cattle.

  3. Re:Awesome... by think_nix · · Score: 4, Informative

    True to that check this out:

    http://www.personalausweisportal.de/cln_164/DE/Neue-Moeglichkeiten/Online-Ausweisfunktion/online-ausweisfunktion_node.html

    The new online functions! If you dont understand german try google translate, here a quick translation

    Identification on the Internet and on machines can in the future be done with the new identity card. This is simple and safe as the presentation of your previous card today.
    Even without being personally present you can use the online identity function (also: eID function) authenticate everywhere (where personalized services - are consequently offered and directly tailored to the individual user). With your new personal ID and your 6-digit PIN you can prove your identity in the electronic world simple, safe and reliable.

    That is just the first paragraph , better than the Sunday comics !

  4. Re:The US started it by rolfwind · · Score: 3, Informative

    Oh, I guess a source would be helpful ;)

    http://www.alternet.org/story/142239/will_biometric_passports_lead_to_a_state_of_constant_surveillance/

  5. Re:The US started it by Jane+Q.+Public · · Score: 3, Informative

    Yes, but the law also states that a passport's RFID malfunctions, the passport is still legal. 10 seconds in the microwave is just about right.

  6. Re:right, before Zee Germans get there by roman_mir · · Score: 3, Informative

    You are mistaken as to what is freedom of speech in USA, nobody is allowed to make direct threats of murder for example, but one can have an opinion that abortion doctors must be killed, it's an opinion.

    Of-course one person's opinion may lead to another person's action, but the correct thing to do is to hold the one who takes action as the responsible party, not the one who says he has an opinion.

    I am not American, in fact at this very moment I am in Germany, though I am Canadian, born in the former USSR.

    I hold every single thing that government says or does as suspicious, I don't trust government at all, in any single one thing ever, and I am not an American.

    --
    You can't handle the truth.
  7. Fry it by mwissel · · Score: 5, Informative

    What TFA forgets to mention is, that the ID card remains valid when you kill the RFID chip, as it still allows a person to be identified. Also, the fingerprint is a voluntary information to be stored. Most people won't know or bother and just let them store it anyway, though. For my fellow citizens: get yourself a new ID card w/o RFID just now (it is only a few Euros more expensive when you "loose" your current ID). If you have to get, for some reasons, an ID card with RFID on it, just put it in the microwave oven for a minute or so. Chaos Computer Club has proven this to kill the chip reliably.

  8. Re:perfect bomb triggers by ewanm89 · · Score: 5, Informative

    Is 96ft (~29m) far enough away, that's the Defcon record. Blackhat USA 2010 has beat it don't know the practical distance achieved but the paper gives a theoretical maximum of 565ft (~172m). Want to change some of those assumptions? It's a radio, distance is based on three things transmitter power, receiver sensitivity and atmospheric conditions the first 2 can be controlled very easily.

  9. Re:perfect bomb triggers by Anonymous Coward · · Score: 3, Informative

    They just spoofed, they haven't talked to the TAG at all!

    ISO14443-A and other NFC tags simply don't work like this:

    You need a two way communication. From the reader to the tag, and from the tag to the reader. The ISO14443-A tag is not capable to actively send out answers. Instead it loads down the magnetic field that powers it. This load is measured on the side of the reader and interpreted as answers from the tag.

    If I remember right the tag must be able to pull about 10% of energy out of the magnetic field to transmit data.

    And this puts a simply physical constraint on the range:

    You can't simply make the reader put out a stronger magnetic field. This would increase the range from the reader to the tag, but it would also make it almost impossible for the tag to answer because it can't remove that much energy anymore. If you lower the energy of the field the tag doesn't has enough power to operate.

    The 15 cm

    In the lab you can get a longer distance than 15 cm... Maybe up to half a meter or so. To do so you have to calibrate the resonant frequency of the tag and the reader so that they are almost perfectly coupled. And you have to do this in an RF shielded room because every disturbance in the RF field would interfere the transfer.

    What the Defcon guys did was to listen to a running communication between a reader and a tag from afar. That is indeed possible up to such a range.. That will not tell you anything interesting except the fact that a tag was read because the first thing the pass does is to do a Diffie-Hellmann key exchange (part of the PACE protocol). Oh - you get the ID from the tag, but as I wrote earlier the ID is random ...

    Not much gained..

        http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange