RealID meets RFID and equals security risk


RFID tags can be easily cloned and read
Just going to remark on this one in passing. It seems that the RFID tags can be easily cloned and pose a security risk.

At the Black Hat conference, Lukas Grunwald, a researcher with DN-Systems in Hildesheim, Germany, demonstrated that he could copy data stored in an RFID tag from his passport and write the data to a smart card equipped with an RFID chip. The copied chip could be used in a forged passport, for example. "We programmed the chip to behave like a passport," Grunwald said in an interview with CNET News.com on Friday.

The threat of unauthorized duplication could affect millions of Americans who are scheduled to begin receiving RFID passports in October. It also calls into question assertions by government officials--who have defended implanting RFID tags in passports despite privacy worries--that the new passports will be more difficult to forge.

Grunwald did say that he has not unearthed any flaws in the crypto that protect the integrity of the information stored in the chips in passports. In other words, while the data can be cloned merely by scanning the RFID tag, the information cannot be changed. Grunwald was able to read the data on the chip by duplicating a customs inspection station.

It took Grunwald "two weeks and $5,000 in legal fees" to complete his project, which uses RFID reading hardware and some homegrown software, he said. At Defcon on Friday, Grunwald also tested his setup with some corporate access cards, which he was also able to copy. This means an attacker could copy access cards and use the copies to open doors to secured buildings.

Right. So if this isn't secure, why is it being required?

"I am Spartacus!"
Additional Technorati Tags
, , , ,

— NeoWayland

Posted: Mon - August 7, 2006 at 04:20 AM  Tag


 ◊  ◊   ◊  ◊ 

Random selections from NeoWayland's library


Pagan Vigil "Because LIBERTY demands more than just black or white"
© 2005 - 2009 All Rights Reserved