Fatal Flaw Weakens RFID Passports 281
fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.
Put away your tinfoil hats... (Score:5, Funny)
Re:Put away your tinfoil hats... (Score:2)
But the Dungeon Masters Guides says (Score:2, Funny)
Re:Put away your tinfoil hats... (Score:3, Funny)
Time to don the full body tinfoil armor!
You must have missed the announcement that all tin foil manufacturers have started putting rfid chips in their products.
Re:Put away your tinfoil hats... (Score:3, Insightful)
Dont let that ego cover you up in tinfoil, try to get in touch with reality for a second
Microwave your Passport? (Score:5, Interesting)
--We don't NEED no stinkin' sig!
Re:Microwave your Passport? (Score:5, Insightful)
Re:Microwave your Passport? (Score:5, Interesting)
I'm not too worried about the data that's on there. The level of sophistication required to acquire and decrypt my details is pretty high. I'd be more worried about a lightning strike.
This is the scenario that give me the willies: The "ping" scenario. Most of us know about the internet tool called ping. A terrorist (or anyone else with strong motivations against the US) is walking down the streets of Paris or Frankfort or Cairo or wherever looking for Americans. He doesn't care who the American is, he just cares that someone is an American. He walks down the street getting within a foot or two of people until he gets an RFID ping.
RFID Ping == American.
American == Target.
I've yet to hear anyone adequately appease this concern.
Re:Microwave your Passport? (Score:5, Funny)
Of course, the supposed terrorist could always check:
a) Does the individual wear white tennis shoes (black socks and shorts optional)?
b) Speak in a loud and/or abrasive manner?
c) Stands to the left on an escalator (or any other cultural misqueue)
Being an US citizen and traveling abroad quite often to Europe, it's not too hard picking out my compatriots.
The same can be said for European's in the US. European males -- LOSE THE MAN-CAPRI'S PLEASE!
Re:Microwave your Passport? (Score:2)
Some countries (like Japan) require all foreign visitors to carry their passport on their person at all times.
Re:Microwave your Passport? (Score:2)
lol
Re:Microwave your Passport? (Score:2)
I've yet to hear anyone adequately appease this concern.
Don't walk around with your passport open?
Re:Microwave your Passport? (Score:3, Funny)
American == Target.
I will do you one better, RFID seaking missile.
Have a nice damn day.
Re:Microwave your Passport? (Score:3, Funny)
American == Target.
Wouldn't it be easier just to identify the grotesquly overweight pasty white individual in a hawaiian shirt, jean shorts, cowboy hat, and aviation glasses, who is taking an average of 6.3 photographs per second?
Re:Microwave your Passport? (Score:3, Informative)
They'll assume the RFID chip broke. It happens occasionally. My college has had RFID-based ID cards, and there have been instances when the cards just suddenly stop working. The office in charge of them seemed to know that this occured and was ready to make new cards if needed.
Re:Microwave your Passport? (Score:4, Insightful)
Re:Microwave your Passport? (Score:5, Insightful)
and as also stated, having a non-functional passport may be flagged as possible forgery and lead to bigger issues.
i am just as against the chips as anyone else, but think it through before you react. personally my passport needs to be renewed now so i will do that and not be an early adopter of the RFID model. hopefully any issues will show up and a fix will be worked out before i get a chipped one. by fix i even mean some 3rd party idea of a shielded passport wallet or something if that is what it comes down to.
Re:Microwave your Passport? (Score:3, Interesting)
That's been debunked. See here [snopes.com] and here [rfid-weblog.com].
There are no RFID tags in Andrew Jackson's eye [prisonplanet.com].
Re:Microwave your Passport? (Score:2)
So microwave other people's passports instead . . .
Re:Microwave your Passport? (Score:2)
TFA is inconsistent (Score:5, Informative)
Re:TFA is inconsistent (Score:2, Insightful)
Re:TFA is inconsistent (Score:5, Informative)
Re:TFA is inconsistent (Score:2)
We have radio telescopes that can see objects billions of light years away. Folks can build antennas that let them boost the range of their wi-fi reception to a mile on the cheap. I'm sure a motivated wrongdoer can put together a device that can talk to passport RFID chips from a greater distance than intended.
Re:TFA is inconsistent (Score:2)
Motivation can't change the laws of physics. Inverse square law pretty much ensures that if someone is trying to read your passport from across the street, they'll need to point a 6 foot dish at you
Re:TFA is inconsistent (Score:3, Informative)
Do you really believe that? [mit.edu]
Re:TFA is inconsistent (Score:2)
TFA is consistent and TFS is wrong (Score:2)
Re:TFA is inconsistent (Score:5, Informative)
This article (from the WaPost blog) is confused. Active RFID has a battery attached to the chip. It has MUCH higher power and MUCH higher range. It can be used for tracking animals in the field and similar purposes. You can receive a signal from hundreds of yards away or even more. It's really unlimited depending on how much power you use.
Passive RFID has no internal power supply. It gets power from the radio signal that is used to query it. These chips have a much lower range. Generally, the power required to query a passive RFID goes as the fourth power of the distance. I can't imagine successfully querying one of these things from 70 feet. That is some pretty impressive antenna technology, either that or they were using a microwave beam so intense that it would be dangerous to get in front of it.
AFAIK all passports would be passive RFID. Nobody has proposed to put batteries in them, because of battery lifetime issues among other problems.
Re:TFA is inconsistent (Score:2)
Maybe they are refering to induction as opposed to EM radiation.
What a surprise. (Score:4, Insightful)
Tiny details like monumental security problems and the things plain not working don't exist in the simplified pitch they get from their lobbyists, so they continue to push it through anyway, on the grounds that it's "Anti-Terror".
You don't support Terror, do you?
Re:What a surprise. (Score:2, Interesting)
I'm glad you put that at the end of your post to highlight the stupid bumper sticker half-assed arguments that are used to shut critics up and to push through agendas.
FTFA:It made a mistake designing this behind closed doors. There needs to be some pretty serious quality assurance and testing before deploying this system, and this includes careful security evaluations by independent security experts. Right now the State Department has no intention of doing that; it's alrea
So... (Score:5, Insightful)
This is going to take 3x longer and be prone to more failures surely?
This is a benefit how?
Surely a 2d barcode would be better, or just use old tech mag swipe?
Stupid mofo imbeciles.
Re:So... (Score:3, Interesting)
The point of the new passports are twofold: raise the bar on forgers (it's always a cat and mouse game) and carry verifiable biometric information. Just to make you really are who you say you are. Of course, how is that going to prevent terrorism is beyond me. But I guess Osama Bin Ladden will have a harder time comi
Re:So... (Score:3, Interesting)
RFIDs typically hold 2k (or less) data. And there is nothing special about RFID that will stop counterfeiting.
But hey, if it's good enough for Walmart.... Only terrorists need privacy. A
Re:So... (Score:2)
Usama (let's put the USA back in Osama) (Score:2)
Re:So... (Score:2)
You're right of course, it isn't a benefit at all. In fact I would say that RFID is a poor technology for use in an ID document. You've gotta wonder how the brainstorming session went:
Boss: We need machine-readable data on this passport. But we only want it to be read by someone actually holding it. Like RFID that only works when you touch it . . .
Underling: I've got it! RFID with a shield around it.
Every advantage of RFID is a liability in this application. Almost any kind o
Re:So... (Score:2)
Nonsense. "Optically read" formats can be forged with a printer. Contact-based things like smart cards or mag stripes are subject to mechanical wear and operator error. The RFID option has the advantage of 1) being fairly tamper-proof and difficult to duplicate, and 2) mostly idiot proof in that the customs goon need only wave the open passport under a magic wand.
Re:So... (Score:3, Interesting)
The format can be, but the data contained can be encrypted/signed, making it difficult to do any more than duplicate an existing barcode. Creating "new" records would be difficult, and given biometric data, duplicating existing ones would be of limited use. Besides, the new plan includes an optical barcode, which carries the key to the encrypted data on the RFID chip.
my understanding... (Score:5, Interesting)
From one of the responses to the previous articles of this sort, I understand that the system here is a bit different than regular RFID. One is that this system actually does have information in it, not just an ID. That doesn't relate to your question, but I found it very enlightening.
Another thing this system does is it is a challenge-response system. That is, it has information in it that is not emitted until you give the right information to it. Perhaps this is the information in that barcode on the password, I dunno. Anyway, a barcode is there for everyone to read, it cannot hide itself until the right key is given to it. The content could be encrypted, but once you take a picture of the barcode, you have its data, you could work on cracking it later, and the "owner" of the barcode wouldn't even know you were doing it. With this system, you can only work on extracting its secrets when you are in proximity to the chip. In addition, it is possible for the chip to monitor and know that you successfully passed its test and got its info. So you will at least know if you've been had when the "successful reads" counter (if it has one) is higher than you expected.
All in all, it seemed like a reasonable system to me. The actual presence of data (as opposed to just a key), the tinfoil cover and the requirement to read the barcode optically before you can get the data (other than ID) out all just adds up to a pretty good system to me. Definitely far better than the representations of it I had seen earlier.
Re:So... (Score:3, Interesting)
According to the State Department [state.gov] the chip will contain a complete electronic picture of the passport holder. Neither barcodes (even the 2D variety) nor mag stripes store information at high enough density to make this practical.
Fortunately, there is some middle ground here: smart cards that require direct electrical contact to read the data. This isn't an instant panacea by any means, but it certainly eliminates a lot of the most o
AJAX on passorts = great idea (Score:3, Funny)
Re:So... (Score:2)
So wrong (Score:3, Informative)
1. Contact chips only last 4-5 years. US passports are valid for 10. The contactless chip is more durable. 2. There is no need to attempt to mandate the exact size and shape of 28 countries different passport. Very difficult, especially in the current political climate. Remember that this initiative started when the US said you have to do this to be a visa waiver country. The International Civil Aviation Organization then set the standards. So don't blame just
Re:So... (Score:3, Funny)
Oh, Wait...damn! My microwave doesn't work with the door open...
Don't use passports (Score:5, Funny)
Re:Don't use passports (Score:3, Funny)
Tracking (Score:3, Interesting)
Ok, so it has a unique ID on it but it doesn't appear that the ID is tied to you or the data. FUD?
Re:Tracking (Score:2)
Re:Tracking (Score:2)
Moreover, even without tying it to your name, it's still a unique number that identifies your passport as being distinct from somebody else's passpo
Re:Tracking (Score:2, Interesting)
Re:Tracking (Score:2)
I am not saying I believe in the co
RFID bandwagon? (Score:4, Insightful)
I've got to wonder why, in this case, they don't use Magcards instead of RFID. Older technology, yes, but not any more limited for the use given, and a bit more secure as they require contact with the card to read. If they're supposedly going to limit the RFID to magcard limits, why not just use a magcard?
Re:RFID bandwagon? (Score:2)
Re:RFID bandwagon? (Score:2)
Re:RFID bandwagon? (Score:2)
Why be tagged like a pack of twizzlers at WalMart?
Re:RFID bandwagon? (Score:2)
Smart card contacts need to be aligned with the reader contacts somehow. This is easy with a stiff, thin card, but it's a lot to ask of what amounts to a cardstock booklet. RFID has the advantage of being idiot proof in that the customs goon need only wave the book near a reader. No destined to be ignored warnings of "Do not crease or rumple passport", "insert this way only, this si
Re:Mag-stripe Limitations (Score:2)
A mag-stripe doesn't have enough storage to do this.
IMHO a contact smart card is a much better idea, but it seems they want to keep the same passport format. Mifare is already deployed embedded in paper tickets so that's a big bonus to them.
Re:RFID bandwagon? (Score:2)
Anyone that believes mag stripes provide viable security are simply living in the past. Besides, mag stri
Specialized Hardware... (Score:3, Informative)
Is this anything like the BlueSniper [esato.com]?
Open the passport, the whole thing falls apart (Score:4, Insightful)
Well there has to be better protection for identity theft than having the passport closed all the time. You may not know whether it is open or closed, but it should have some way of notifying you if it is unsecured. How about having the passport just become a single card with some kind of flash memory built in?
There are many other scenarios where the RFID tags could be exploited, but you will first have to put on your tinfoil hat in order to even conceive of any of these conspiracies.
Add another layer... (Score:3, Interesting)
Beat the RFID - renew now (Score:3, Informative)
Re:Beat the RFID - renew now (Score:2)
That's what I did. But you really can't expect your average slashdotter to get out of their chairs and actually go down to the passport office to do this? They'd much rather sit on their butts and whine.
Thad
article summary is misleading (Score:2, Interesting)
The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches, but a demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet.
The poster apparently did not carefully RTFA (skipped page 2, is my guess). The 69-foot detection range does not apply to the RFID chips in this case, because of that 'Tin Hat' (the passport is radio-shielded when closed); Schneier was referring to RFID chips in general when he broug
Please Explain The Fear and Uncertainty (Score:5, Insightful)
For the average bad guy, a contactless module will make much harder to fabricate an identity.
Ideally, gov'ts have a better idea who is coming and going from a country and in a much more efficient manner.
For the average person, this doesn't affect them at all.
For the average dissident, the gov't still going to give them a hard time, so this might be one more way to make life difficult.
The Bad:
Bad guys can "collect" information. It's unclear to me what they would do with a unique identifier. They need much more than just the unique identifier. They would need to associate the identifier with (one assumes) the right identity. You don't need to be a bad guy to do that. You can buy most of it from totally legal companies right now. Please explain if I'm missing something here.
Epensive! Understand that it's not just about a passport that will be at least 10x more expensive to make, but the infrastructure to make it work at least half-way decent is a huge project. I submitted my passport information at my local post office. Now, every agency that can accept passport applications has to be somehow connected to the place where the passport is made. Then how do the airports "know" the passport is authentic? More new infrastructure.
The gov't collects information.
Well, they do that already except they buy it from private enterprises. They watch the bad guys. They watch people that they view as threatening. I don't see what changes here. Furthermore, anyone that's been on
Am I missing something?
Passports (Score:2, Interesting)
I'm sure they could devise an XYZ technology for the
Re:Passports (Score:2)
Not necessarily. You wouldn't tatoo your ATM PIN on your forehead if you kept forgetting it, would you?
This is a case of someone coming up with an idea that sounded cool. Silver bullet for citizen identification problems. But when people started pointing out the flaws, rather than looking for a better solution they dug in their heals. Bad guys can read it? oh, we'll make a special cover to block the signal. What about when it's open? oh, we'll encrypt the data. How will var
Re:Passports (Score:2)
Edited for accuracy. (Score:3, Funny)
Don't lie to us like that.....not all of us are N00bs
Time for see-through faraday cage (Score:3, Interesting)
It's time someone make a passport "book cover" that covered the inside-covers with a transparent faraday cage. Think clear plastic with thin closely-spaced wires.
Or, if that doesn't work, a "book cover" that includes a probably-battery-powered jammer that jams any attempt to read it.
Of course you'd remove your passport from this at points of entry and for other official purposes, but when a private merchant asks to see your passport as ID, he won't be able to scan it, leaving him with a business decision: rely on the visible passport, or ask you to shop elsewhere. More importantly, the hopefully-rare-but-I-don't-want-to-meet-him id-theiving-store-clerk won't be able to scan it.
Re:Time for see-through faraday cage (Score:3, Insightful)
German passport (Score:4, Interesting)
Re:German passport (Score:4, Informative)
Case in point: I have a friend who lives in Sweden who once needed a visa. Outside of having her photo taken by a photographer certified by the US embassy (a regular photo used for passports etc. wouldn't work), she also had to come to the embassy in Stockholm in person to be interviewed - a six-hour train drive, FWIW, and the fact that they gave her an appointment at 8:30 Monday morning meant that she had to arrive on Sunday already, too (so in addition to the train ride, she also had to pay for a hotel room for one night). The interview itself was pretty much straightforward, from what she told me, but relatively long - more than half an hour. And the security measures were rather tight, too; for example, she had brought a bottle of water, and she actually had to drink that before being allowed to enter. And not just some of it, in order to prove it wasn't poison or whatever they suspected it might be - all of it.
The whole thing, IMO, was/is extremely idiotic, but considering that she needed the visa, she had to put up with it.
I'm not sure, but if that's the price you have to pay in order to get a visa, even in a highly developed country like Sweden (or Germany, for that matter), then having an RFID passport almost sounds like the lesser evil - at least you can put that into a leaded box and leave it at home whenever you're not travelling. (When you are, to the USA at least, all bets are off, anyway; you'll be fingerprinted and photographed upon trying to enter, and I wouldn't be surprised if in a few years, they'd conduct random body cavity searches as well. The problem is that pretty much noone here actually cares - after all, it all just happens to foreigners, anyway.)
Re:German passport (Score:2)
Re:German passport (Score:2)
All these systems are failures. Solution here: (Score:2)
Re:All these systems are failures. Solution here: (Score:2)
It is quite easy to solve that setup condition with a sharp knife.
Passport still needs to be scanned??? (Score:5, Insightful)
If an optical scanner needs to be used to read the encryption key, doesn't that defeat the no-contact advantage of RFID as the passport then needs to be close to the scanner. Why not just use some smart card technology and avoid the radio part altogether?
Smartcard? (Score:3, Interesting)
What should be in the article... (Score:3, Funny)
No more Radio Waves!!! (Score:3, Insightful)
The reasoning behind using RFID Passports seems *VERY* flawed. I am suspect of any agency that is a proponent of such reasoning. I'm sure terrorists and boogyman will be mentioned several times in the explanation as to why we should have this technology.
Someone is hiding something!!
I made the Foil'ID Again (TM) (Score:2)
A picture of the Foil'ID Again is at the bottom of this page http://www.angelfire.com/mt/woodmtn/insight.html [angelfire.com]
Now the US government is trying to improve upon my design by integrating the foil right into the cover of the passport. And I thought government wasn't supposed to interfere in start-up businesses.
Optical Scan + RFID? Why? (Score:3, Insightful)
To review:
Am I the only one who is beginning to think that RFID is a problem in search of a different problem. This news today proves conclusively that nothing is gained by using the chips. They open up pointless security holes and provide not one bit of protection.
What a damned waste.
Re:WARNING: Do not destroy your passport (Score:2, Interesting)
Re:WARNING: Do not destroy your passport (Score:3, Funny)
Homemade Magnetron gun concealed in suitcase : 250$
Watching everyone you point your suitcase at miss their flight and get arrested (before you get arrested yourself) : Priceless!
Re:WARNING: Do not destroy your passport (Score:2)
The simplest thing would be a spark gap housed in a wave-guide... but this would be really loud when driven with the sort of energy levels necessary to generate disruptive
Re:WARNING: Do not destroy your passport (Score:3, Funny)
Re:WARNING: Do not destroy your passport (Score:2)
Yea me.
Re:WARNING: Do not destroy your passport (Score:2)
You are assuming that there will actually be readers installed at all aircraft terminals. Is there a reason to believe that this is actually going to happen any time in the next 10-20 years?
Re:kidnapping travelling americans made easy (Score:4, Funny)
Re:kidnapping travelling americans made easy (Score:2)
Re:kidnapping travelling americans made easy (Score:5, Interesting)
Technology gives bad people with power ever more ways of fucking you over. If they DON'T need the tool, don't give it to them. We didn't need RFID passports before, and we don't need them now. Misdirection is afoot. What ELSE are they adding to the passports besides RFID? Get that question answered, and you'll know how they are fucking us in brand new ways.
When a corporation or a government (in the U.S., indistiguishable now) wants a new way to track people, it's never for the citizens' good, but for their own. Acquiesence to tyranny happens a tiny bit at a time. In twenty years, a whole generation of the world's people will have grown up in a virtual prison, and won't even notice.
Re:Who cares? (Score:2)
I mean why would you say that? If it's a joke then it's not funny.
If you're not joking then what is your hold up? Visiting another country doesn't mean they're superior it means you want to experience culture and see things. Of course if you're the typical xenophobic "let's blow up them arabs" yankee-doodle american then I guess what you said makes sense
Tom -- From a dude who likes visiting pretty much anywhere including the USA
Re:Actually, your comment is INSIGHTFUL (Score:2)
Europe may be increasingly violent, yes, but it's still a far cry from the USA, so that's not exactly something you'd have to worry about. The riots in Paris are a bad thing, of course, but they're a pretty unique phenomenon - if I said I couldn't visit the USA because you had riots in L.A. after Rodney King was beaten up (by the police, no less!) a couple o
Re:Actually, your comment is INSIGHTFUL (Score:2)
Re:Why Change? (Score:2, Insightful)
Re:Most interesting... (Score:2)
Re:Why contactless? (Score:5, Informative)
US Passports have a validity of 10 years. Modern contact chips in smart cards have an estimated life of 4-5 years. So you would theoretically have to get at least twice as many passports. Also, you can't really just replace passports with smart cards because not every country in the world will be able to read those smartcards at the get go. (Think Chad or other 3rd world countries) so you have to continue to use a typical human readable passport. This program is designed for the 27 or so VISA-waiver countries. There was no way that anyone was going to successfully mandate a single physical form factor for the passports of 28 different sovereign nations, but they were able to (finally) reach an agreement on an embedded chip, interface and some minimal and optional contents. These were the driving reason for contactless, and it is unfortunate that the US State Dept. did not consider privacy from the get go. But thanks to a public outcry, now they have.
Someone else asked what was wrong with the current passports. In a word, the answer is forgery. The new passports include a digital signature across the entire contents of the passport including the photo. So if I as a bad guy, take your passport and try to replace your photo with mine, either the photo on the chip won't match, or if you somehow figure out how to replace the photo on a chip that has had its write mode disabled permanantly, the digital signature will not verify. So with the new passports, the only way to get an undetectable forgery is to get the real thing through the passport office, probably not impossible (think bribes and extortion of issuance officers), but now we have an honest shot at detecting it, and if one does turn up, you might be able to go back and figure out who issued it. This has an additional side benefit in that it makes stealing chip equipped passports worthless. This should help increase the security of travellers who are sometimes attacked or robbed solely for their passport.
Im my opinion, now that steps have been taken to reduce the possibilities of skimming, the benefits of the new passports outweigh the negatives. Schnier's alarmism about the serial numbers is just that. If someone really wants to track people so badly that they will start building databases of those serial numbers and correlating them with information that they have obtained through some justified mechanism, just so that they can track you when you happen to have your passport open anyway, then they are going to track you, and there is not much you can do about it anywyay. This is roughly the same risk as having a hidden camera near a point where you open your passport (or someone opens it for you). It's just to far to go for the limited benefit. The new protections have tipped the balance in favor of the new ePassport, and while Schnier does point out a flaw that is unfortunate, it is certainly repairable in the future, and not "fatal". If the US starts issuing passports without the flaw in the next few years (before all the passports with no chip at all expire) no one will bother trying to attack passport security in this fashion. It just isn't worth it.