Researchers Find Problems With RFID Passport Cards 172
An anonymous reader writes "Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card." You can also read the summary of the researchers' report.
This just in (Score:2, Insightful)
question to those who read the article (Score:3, Insightful)
Did they compare the efficiency of copying passports w/ and w/out RFID?
And this is news? (Score:1, Insightful)
Researchers discovered that the exact same thing that Slashdot users said would happen years ago, is happening. BREAKING NEWS.
You know, it'd be nice if one of these things actually caught us by surprise for once instead of seeing the government wanting to implement a multi-billion dollar program that is hacked before it is even designed.
Re:And this is news? (Score:4, Insightful)
It's hard to find a large group of people more cynical than slashdot users.
If anything I'd say this proves that the cynical tend to be correct.
Re:nothing to worry (Score:5, Insightful)
One of the main stated reasons they started introducing these things was to facilitate entry to Great Britain.
Actually, much of Europe. But talk to your government about that - they started the tit-for-tat escalating entry requirements. When someone enters the US now, they are photographed and fingerprinted, and the only reason I didn't require a biometric passport for entry last time I went was because there was a temporary visa waiver program in place for people without biometric passports.
Most of the stupid entry requirements for Americans entering other countries are due to politicians responding to pressure from their constituents complaining about being treated like criminals when they enter the USA.
Re:Anonymous Coward (Score:3, Insightful)
Re:question to those who read the article (Score:5, Insightful)
They still can't.
From the article:
"Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance..."
Considering the "passport" is the entire document and the tag itself contains no identifying information they still can't clone your passport at a distance. They could clone the tag inside it, but the process of faking your passport would still involve creating the paper hard copy. I'd say if they still have to do everything they used to and also something new then it's more secure, not less.
Of course the ability to recognize and track a person's movements through the use of RFID is still worrying, but it's no easier to fake a passport than it used to be.
Re:nothing to worry (Score:5, Insightful)
Are you ready for the inevitable conspiracy theory? Here it is, cooked up between my wife and myself after discussing the implications of renewing our passports shortly.
The problems are actually a feature. Let me explain. Remember how the old Soviet-bloc countries didn't like their nationals traveling because they would see how much better the rest of the world was? (Don't get me wrong, I like it here just fine.) Well, if everyone who hears about this says "I guess I won't be traveling any time soon", it effectively stops travel (usually by the intelligentia) all the while allowing the govt to say "We have no travel restrictions on our own citizens".
Of course, all this is nonsense. Our current administration would never feign incompetence to obtain other goals. [npr.org] Yet there's plenty of other information that suggests there's no tom-foolery about this and that the incompetence is real [washingtonpost.com].
So in short, I'm not sure which it is, but the bottom line for me is that I'm waiting until the last minute in the hopes that some of the recommended features are implemented by then.
Re:nothing to worry (Score:3, Insightful)
Stop with the paranoia. You'll find people around the world are generally all decent people. Of course, YMMV in Iraq, Afghanistan, The White House, etc, etc
There, fixed that for you.
Re:Anonymous Coward (Score:4, Insightful)
It will be considered a mangled document. Never mind that it's also an old style passport, if the RFID tag is broken then it's considered the same as if the passport was dipped in ink or burned too badly to read.
Having a toasted RFID chip would be much like having a gunked up, but not deliberately defaced passport number. The OCR machines are notoriously bad at reading the data at the bottom of the document. A fried, but not obviously physically damaged chip would appear to the border offical as if the chip or the reader had malfunctioned. They would most likely simply input the data by hand and send you on your way. If you use a hole punch to remove the chip, it's a completely different story. Then it looks like you're up to no good. They key hear is to look innocent ;)
Re:nothing to worry (Score:2, Insightful)
Re:Again (Score:4, Insightful)
I don't see the conflict here:
Step one: US and UK (and probably several other) governments get together and decide this is a good idea.
Step two: Both governments go back to their people and say "This is to facilitate entry into $otherCountry."
Step three: Both governments get the standards implemented and both get to make it look like they were just being nice and facilitating travel to $otherCountry; while at the same time getting what they actually wanted anyway.
Both governments get what they want, neither side actually lied (since, after all, travel between the two or more countries IS facilitated) and everyone is happy except for the people who realized that this was a dumb, ineffective, and potentially abusable idea in the first place.
Re:question to those who read the article (Score:3, Insightful)
Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent, but even the best lock only works if you use it properly.
Re:question to those who read the article (Score:3, Insightful)
Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent,
No, a system that does not take into account natural human behavior is flawed, not the humans. Your attitude is what leads to counterproductive 'security' like the UAC on Vista.
One Word Solution. Problem Solved. (Score:3, Insightful)
"Microwave"