Hackers at Defcon Demonstrate Device To Hijack RFIDs

Termagant

Senior member
Mar 10, 2006
765
0
0
High-tech passports touted as advances in national security can be spied on remotely and their identifying radio signals cloned, computers hackers were shown at a conference.
Radio frequency identification technology, referred to as RFID, used in cash cards and passports, can be copied, blocked or imitated, said Melanie Rieback, a privacy researcher at Vrije University in the Netherlands.
Rieback demonstrated a device she and colleagues at Vrije built to hijack the RFID signals that manufacturers have touted as unreadable by anything other than proprietary scanners.
"We are being foisted into this world where these tags are all around but we don't know when and how they are there," Rieback said.

What are the implications of this? The schematics and software of the device will be made public according to the creators. Should the State Department remake the new passports now that your code can be hijacked.

Or you future cell phone with RFID for debit purposes can be cloned?

AFAIK, the US Army moved to RFIDs recently for inventory purposes. Suppose hackers acquired codes, and hacked into central inventory systems to put in inaccurate data, during a time of war?
 

charrison

Lifer
Oct 13, 1999
17,033
1
81
Originally posted by: Termagant

What are the implications of this? The schematics and software of the device will be made public according to the creators. Should the State Department remake the new passports now that your code can be hijacked.

Or you future cell phone with RFID for debit purposes can be cloned?

AFAIK, the US Army moved to RFIDs recently for inventory purposes. Suppose hackers acquired codes, and hacked into central inventory systems to put in inaccurate data, during a time of war?


No technology is going to be foolproof. The benefits of RFID greatly outweigh any its drawbacks.
 

catnap1972

Platinum Member
Aug 10, 2000
2,607
0
76
Originally posted by: Termagant

AFAIK, the US Army moved to RFIDs recently for inventory purposes. Suppose hackers acquired codes, and hacked into central inventory systems to put in inaccurate data, during a time of war?

"Oops, oh well...sh!+ happens. Need another tax cut to buy some new stuff!"

 

chcarnage

Golden Member
May 11, 2005
1,751
0
0
The Register has an informative article about the next generation of e-Passports. Their conclusion: The security advantage over conventional passports is fictional but the new passports cost us more.
 

lowfatbaconboy

Golden Member
Oct 21, 2000
1,796
0
0
Honestly, I think its a very bad idea unless implemented securely. The benefits of having something that is convinient doesn't out wieght any of the downsides to having your car, money, or identity stolen.
 
Jun 27, 2005
19,216
1
61
I posted this in OT a few days ago. Link

The security implications are enormous. Imagine being able to just walk through a crowd and gather up dozens of ID's, credit cards, medical information... Complete sets of data from many individuals. No more pick pocketing... no more need for any kind of physical contact with anyone... just walk through the crowd and suck up the data.

Step 2: Clone the data. With one sweep an ID thief could instantly become another person, complete with credit and medical history.

At the very least, the RFID chips need to be equipped with some sort of on/off switch whereby they are not constantly broadcasting their information but are only activated when they come in CLOSE contact with an authorized reader. Or equip the item they are embedded in with a physical on/off switch.

That won't solve everything but it will at least eliminate the potential for ID theves "grazing" through a crowd.

EDIT: Of course the Feds would never go with anything but a totally passive system that broadcasts all the time. Can't have the possibility of someone withholding data from the government....