Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Privacy United States Your Rights Online

Researchers Find Problems With RFID Passport Cards 172

Posted by timothy from the clearly-unpossible dept.
An anonymous reader writes "Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card." You can also read the summary of the researchers' report.
This discussion has been archived. No new comments can be posted.

Researchers Find Problems With RFID Passport Cards More

Researchers Find Problems With RFID Passport Cards

Comments Filter:

  • This just in (Score:2, Insightful)

    by Anonymous Coward on Friday October 24, 2008 @05:21AM (#25495339)
    Bear shits in woods, news at 11.

  • question to those who read the article (Score:3, Insightful)

    by mapkinase ( 958129 ) on Friday October 24, 2008 @05:30AM (#25495371) Homepage Journal

    Did they compare the efficiency of copying passports w/ and w/out RFID?

  • And this is news? (Score:1, Insightful)

    by Anonymous Coward on Friday October 24, 2008 @05:46AM (#25495463)

    Researchers discovered that the exact same thing that Slashdot users said would happen years ago, is happening. BREAKING NEWS.
    You know, it'd be nice if one of these things actually caught us by surprise for once instead of seeing the government wanting to implement a multi-billion dollar program that is hacked before it is even designed.

  • Re:And this is news? (Score:4, Insightful)

    by HungryHobo ( 1314109 ) on Friday October 24, 2008 @07:00AM (#25495763)

    It's hard to find a large group of people more cynical than slashdot users.
    If anything I'd say this proves that the cynical tend to be correct.

  • Re:nothing to worry (Score:5, Insightful)

    by TheRaven64 ( 641858 ) on Friday October 24, 2008 @07:13AM (#25495839) Journal

    One of the main stated reasons they started introducing these things was to facilitate entry to Great Britain.

    Actually, much of Europe. But talk to your government about that - they started the tit-for-tat escalating entry requirements. When someone enters the US now, they are photographed and fingerprinted, and the only reason I didn't require a biometric passport for entry last time I went was because there was a temporary visa waiver program in place for people without biometric passports.

    Most of the stupid entry requirements for Americans entering other countries are due to politicians responding to pressure from their constituents complaining about being treated like criminals when they enter the USA.

  • Re:Anonymous Coward (Score:3, Insightful)

    by stephanruby ( 542433 ) on Friday October 24, 2008 @07:13AM (#25495845)
    I could see why you'd want to do this to other people's passports, but why do it to your own? Do you enjoy being detained by airport security before/after a long flight? Do you think the American government will pay to replace your defective passport?

  • Re:question to those who read the article (Score:5, Insightful)

    by NoisySplatter ( 847631 ) on Friday October 24, 2008 @07:37AM (#25495957)

    They still can't.

    From the article:
    "Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance..."

    Considering the "passport" is the entire document and the tag itself contains no identifying information they still can't clone your passport at a distance. They could clone the tag inside it, but the process of faking your passport would still involve creating the paper hard copy. I'd say if they still have to do everything they used to and also something new then it's more secure, not less.

    Of course the ability to recognize and track a person's movements through the use of RFID is still worrying, but it's no easier to fake a passport than it used to be.

  • Re:nothing to worry (Score:5, Insightful)

    by niiler ( 716140 ) on Friday October 24, 2008 @07:46AM (#25496013) Journal

    Are you ready for the inevitable conspiracy theory? Here it is, cooked up between my wife and myself after discussing the implications of renewing our passports shortly.

    The problems are actually a feature. Let me explain. Remember how the old Soviet-bloc countries didn't like their nationals traveling because they would see how much better the rest of the world was? (Don't get me wrong, I like it here just fine.) Well, if everyone who hears about this says "I guess I won't be traveling any time soon", it effectively stops travel (usually by the intelligentia) all the while allowing the govt to say "We have no travel restrictions on our own citizens".

    Of course, all this is nonsense. Our current administration would never feign incompetence to obtain other goals. [npr.org] Yet there's plenty of other information that suggests there's no tom-foolery about this and that the incompetence is real [washingtonpost.com].

    So in short, I'm not sure which it is, but the bottom line for me is that I'm waiting until the last minute in the hopes that some of the recommended features are implemented by then.

  • Re:nothing to worry (Score:3, Insightful)

    by Spy der Mann ( 805235 ) <`moc.liamg' `ta' `todhsals.nnamredyps'> on Friday October 24, 2008 @09:33AM (#25496925) Homepage Journal

    Stop with the paranoia. You'll find people around the world are generally all decent people. Of course, YMMV in Iraq, Afghanistan, The White House, etc, etc

    There, fixed that for you.

  • Re:Anonymous Coward (Score:4, Insightful)

    by txoof ( 553270 ) on Friday October 24, 2008 @09:53AM (#25497111) Homepage

    It will be considered a mangled document. Never mind that it's also an old style passport, if the RFID tag is broken then it's considered the same as if the passport was dipped in ink or burned too badly to read.

    Having a toasted RFID chip would be much like having a gunked up, but not deliberately defaced passport number. The OCR machines are notoriously bad at reading the data at the bottom of the document. A fried, but not obviously physically damaged chip would appear to the border offical as if the chip or the reader had malfunctioned. They would most likely simply input the data by hand and send you on your way. If you use a hole punch to remove the chip, it's a completely different story. Then it looks like you're up to no good. They key hear is to look innocent ;)

  • Re:nothing to worry (Score:2, Insightful)

    by coffeepriest ( 1227990 ) on Friday October 24, 2008 @10:23AM (#25497439)
    Most of the places I can think of that have a problem with kidnappers would be places like the Philippines where I seriously doubt the kidnap-for-ransom groups would have RFID readers powerful enough to scan a large group of people and locate you. Besides, they won't be looking for AMERICANS, they would be looking for anyone from a devloped nation because they might have money. Most of these places you would stick out like a sore thumb looking like a tourist anyway, so the RFID card isn't going to give you away anymore than your appearance likely does anyhow. So, I think this fear of 'kidnappers' is overblown.

  • Re:Again (Score:4, Insightful)

    by DrgnDancer ( 137700 ) on Friday October 24, 2008 @10:37AM (#25497613) Homepage

    I don't see the conflict here:

    Step one: US and UK (and probably several other) governments get together and decide this is a good idea.
    Step two: Both governments go back to their people and say "This is to facilitate entry into $otherCountry."
    Step three: Both governments get the standards implemented and both get to make it look like they were just being nice and facilitating travel to $otherCountry; while at the same time getting what they actually wanted anyway.

    Both governments get what they want, neither side actually lied (since, after all, travel between the two or more countries IS facilitated) and everyone is happy except for the people who realized that this was a dumb, ineffective, and potentially abusable idea in the first place.

  • Re:question to those who read the article (Score:3, Insightful)

    by NoisySplatter ( 847631 ) on Friday October 24, 2008 @01:00PM (#25499807)

    Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent, but even the best lock only works if you use it properly.

  • Re:question to those who read the article (Score:3, Insightful)

    by Jah-Wren Ryel ( 80510 ) on Friday October 24, 2008 @02:07PM (#25500801)

    Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent,

    No, a system that does not take into account natural human behavior is flawed, not the humans. Your attitude is what leads to counterproductive 'security' like the UAC on Vista.

  • One Word Solution. Problem Solved. (Score:3, Insightful)

    by TrentTheThief ( 118302 ) on Friday October 24, 2008 @03:29PM (#25501883)

    "Microwave"

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close