Global RFID Passport Encryption standard cracked in 2 hours
#1
Original Poster
Join Date: Nov 2005
Location: PDX, MSP and MCI
Programs: WN AList; Delta Nada; Hilton DIamond; Marriot Gold
Posts: 400
Global RFID Passport Encryption standard cracked in 2 hours
Just thought I'd pass on the latest in the e-Passports travesty. While there are a number of companies participating in the electronic passport program, all it takes is one vendor making dumb and predictible mistakes to disclose the encryption methodology.
Global RFID Passport Encryption standard cracked in 2 hours
On top of the cracking of the global passport standard, a researcher disclosed at a RSA conference how to use a cell phone to read RFID tags. While the tag technology is different than that in passports, it's only a matter of time before cell phones can be used to skim passport info.
disclaimer: I work in the RFID industry, so I do have a vested interest in RFIDs success. Sadly, the electronic passport technology is a joke. There are significantly more secure technologies available, but they add additional cost and complexity to implement.
Global RFID Passport Encryption standard cracked in 2 hours
On top of the cracking of the global passport standard, a researcher disclosed at a RSA conference how to use a cell phone to read RFID tags. While the tag technology is different than that in passports, it's only a matter of time before cell phones can be used to skim passport info.
disclaimer: I work in the RFID industry, so I do have a vested interest in RFIDs success. Sadly, the electronic passport technology is a joke. There are significantly more secure technologies available, but they add additional cost and complexity to implement.
#2
Join Date: Jan 2000
Location: Ashburn, VA (IAD/DCA/BWI)
Posts: 2,748
Originally Posted by nfc
Just thought I'd pass on the latest in the e-Passports travesty. While there are a number of companies participating in the electronic passport program, all it takes is one vendor making dumb and predictible mistakes to disclose the encryption methodology.
Global RFID Passport Encryption standard cracked in 2 hours
On top of the cracking of the global passport standard, a researcher disclosed at a RSA conference how to use a cell phone to read RFID tags. While the tag technology is different than that in passports, it's only a matter of time before cell phones can be used to skim passport info.
disclaimer: I work in the RFID industry, so I do have a vested interest in RFIDs success. Sadly, the electronic passport technology is a joke. There are significantly more secure technologies available, but they add additional cost and complexity to implement.
Global RFID Passport Encryption standard cracked in 2 hours
On top of the cracking of the global passport standard, a researcher disclosed at a RSA conference how to use a cell phone to read RFID tags. While the tag technology is different than that in passports, it's only a matter of time before cell phones can be used to skim passport info.
disclaimer: I work in the RFID industry, so I do have a vested interest in RFIDs success. Sadly, the electronic passport technology is a joke. There are significantly more secure technologies available, but they add additional cost and complexity to implement.
#5
Join Date: Jan 2005
Location: Pacific Northwest
Programs: 2011 Air: AA (Plat) UA (Prem); Hotel: HGP (Dia), HH (Dia), KIT (IC); Car: HZ (PC) AF
Posts: 688
I've had such concerns about the new RFID passports. I read somewhere that a carrier or holder lined with the right material (aluminum?) could prevent casual reading of the RFID chip. Perhaps nfc has some insight.
It wouldn't address times when you have to remove a passport from its holder, but it would prevent someone reading it from one's pocket, purse or backpack.
It wouldn't address times when you have to remove a passport from its holder, but it would prevent someone reading it from one's pocket, purse or backpack.
#6
Join Date: Oct 2005
Location: CGK
Programs: LH SEN (LH*G), HH Diamond, AB Gold (1W Saph)
Posts: 5,677
F***! I knew it, and I have no choice but to get one of the new chip-equipped passports when I have to apply for a new one in December (I'm German, and we were the first country to roll this stuff out and make it mandatory).
Hmm, it's either get one of these unsecure passports or stop travelling...
Tough choice, but I suppose I'll just have to take the risk! Wish me luck!
Hmm, it's either get one of these unsecure passports or stop travelling...
Tough choice, but I suppose I'll just have to take the risk! Wish me luck!
#7
Join Date: Oct 2005
Location: CGK
Programs: LH SEN (LH*G), HH Diamond, AB Gold (1W Saph)
Posts: 5,677
Originally Posted by wth
I read somewhere that a carrier or holder lined with the right material (aluminum?) could prevent casual reading of the RFID chip.
Maybe I could get that sewn into my passport cover. Might make it a little heavy though, but "baaaah, anything for security", right?
#8
formerly sirgolf82
Join Date: Sep 2004
Location: NYC
Posts: 136
We knew this one was coming!
I've had my current passport for a couple of years now, so I don't have the tags inside. However, my fiancee just got hers in the mail, and I'm not sure if I can tell if one is inside. In comparing hers to mine, hers has what looks like security foil (a la new $20 bills), inside the back spine, that comes to the surface at some points. Is this the chip?
I've had my current passport for a couple of years now, so I don't have the tags inside. However, my fiancee just got hers in the mail, and I'm not sure if I can tell if one is inside. In comparing hers to mine, hers has what looks like security foil (a la new $20 bills), inside the back spine, that comes to the surface at some points. Is this the chip?
#9
Join Date: Oct 2005
Location: CGK
Programs: LH SEN (LH*G), HH Diamond, AB Gold (1W Saph)
Posts: 5,677
Originally Posted by sirgolf82
We knew this one was coming!
I've had my current passport for a couple of years now, so I don't have the tags inside. However, my fiancee just got hers in the mail, and I'm not sure if I can tell if one is inside. In comparing hers to mine, hers has what looks like security foil (a la new $20 bills), inside the back spine, that comes to the surface at some points. Is this the chip?
I've had my current passport for a couple of years now, so I don't have the tags inside. However, my fiancee just got hers in the mail, and I'm not sure if I can tell if one is inside. In comparing hers to mine, hers has what looks like security foil (a la new $20 bills), inside the back spine, that comes to the surface at some points. Is this the chip?
#10
Original Poster
Join Date: Nov 2005
Location: PDX, MSP and MCI
Programs: WN AList; Delta Nada; Hilton DIamond; Marriot Gold
Posts: 400
Originally Posted by wth
I've had such concerns about the new RFID passports. I read somewhere that a carrier or holder lined with the right material (aluminum?) could prevent casual reading of the RFID chip. Perhaps nfc has some insight.
It wouldn't address times when you have to remove a passport from its holder, but it would prevent someone reading it from one's pocket, purse or backpack.
It wouldn't address times when you have to remove a passport from its holder, but it would prevent someone reading it from one's pocket, purse or backpack.
After numerous complaints, the specifications for the electronic passports were changed to include shielding in the passport itself. The chip is supposed to only be readable when the passport cover is open. In reality, if a passport is stuffed into a purse or travel bag, it might not be perfectly closed. Thereby, opening up the passport to skimming techniques.
As the number of RFID tags increases in our everyday world, I'm willing to bet that someone begins selling passport holders with embedded shielding materials. Extending the product line to include liners for purses, backpacks, briefcases and wallets isn't too big of a leap.
Hope this explanation helped. RF technologies are pretty complex due to their basis in physics. However, I'm always amazed by how sophisticated technologies can be defeated by something as low tech as aluminum foil.
#11
Original Poster
Join Date: Nov 2005
Location: PDX, MSP and MCI
Programs: WN AList; Delta Nada; Hilton DIamond; Marriot Gold
Posts: 400
Originally Posted by Doppy
Big surprise here. Passports should either use contact or two dimensional barcodes.
Two dimensional barcodes are nice, but they're fairly limited in the amount of information that can be stored. The newer RFID tags can store a significant amount of information. Printed barcodes are also more easily damaged and rendered unreadable than a RFID tag. They also have to be aligned just right to be read, where one of RFID's benefits (and potential security risk) is that it's non line of sight. The more rapidly a passport can be read, the faster immigration lines will move ^
#12
FlyerTalk Evangelist
Join Date: Jul 2005
Location: The Sunshine State
Programs: Deltaworst Peon Level, TSA "Layer 21 Club", NW WP RIP
Posts: 11,370
Uplifting Shop Experience?
Originally Posted by nfc
A thin layer of aluminum, such as aluminum foil, wrapped around an RFID tag will shield it from being read.
#13
Original Poster
Join Date: Nov 2005
Location: PDX, MSP and MCI
Programs: WN AList; Delta Nada; Hilton DIamond; Marriot Gold
Posts: 400
Originally Posted by Flaflyer
Not that I am planning a change of careers into the klepto field, but it hits me that if this works for the security tags inside small expensive products then having a foil lined pocket or purse. . . .
#14
FlyerTalk Evangelist
Join Date: Apr 1999
Location: Bryn Mawr PA & Wailea HI
Posts: 15,726
Shoplifters have been easily defeating store tags for years by using aluminium foil lined shopping bags. Your EasyPass thingee can be shielded using the metal coated envelope should one wish to pay tolls by cash.
MisterNice
MisterNice
#15
Join Date: Oct 2005
Programs: UA 2K GS, SQ PPS, AA Ruby, NW Gold, Hertz Gold, Hyatt Gold, Starwood Gold, Marriott Gold
Posts: 618
if the passport smart chip technology relied on secrecy as the method for securing the passports then they are doomed. As anyone skilled in the art of cryptography, the only algorithm or apparatus that is secure is the one whose implementation is publicly available and still is secure. This is why the government has no qualms about openly specifying how assymetric encryption should work for secure data encryption in order to meet federal standards.