No, Really, i saw him at the airport... Well, his passport, at least...
In a stunning demonstration of the governments continuing failure to secure anything but the ability to invade the privacy of law abiding citizens, a member of the group The Hacker's Choice (THC) has provided proof of concept of a hack first introduced by Jeroen van Beek in las vegas two month ago. Below is a video showing a machine in Amsterdam's airport reading Elvis Presley's personal information off a hacked RFID passport chip.
You will notice the lack of alarms or errors.
The process, as described by someone going with the handle VonJeek, is pretty straightforward. Software that emulates passport RFID behavior, apparently written by van Beek, is uploaded onto a blank card. Using a free Python application, an existing passport's chip is read and the data transferred to the emulator. In the process, the bits that call for active verification of the encoded information can be shut off, limiting the verification process when the card is read in the future. Instructions for modifying the information prior to uploading it are also provided.
These are the same RFID chips now used around the world in passports, that were previously proven to be insecure to invasions of privacy at distances of up to 30 meters. This is also the same system that has been proposed for the now delayed REAL ID act, which would gradually replace the current drivers licence system with a national identification system and database.
Agian, this proves, quite obviously, that the systems they are designing are only intended to track (and possibly restrict) those who have no reason or will to evade them, and will in fact, as automated checkpoints become more and more in use, facilitate the free movement of criminals and international persons of interest. They will in no way protect you, as it is said, from the invasion of those who might do you harm, or to discourage identity theft, as now the highest form of identification in the land, the passport and proof of citizenship of the country of your birth, can be comprimised for a mere $120.
The old, manual, system was far more secure, but it did not facilitate or provide cause for a national database or tracking system for law abiding citizens.
For more information on the techniques used, or to find out how you can duplicate the experiments, see the following links.
http://freeworld.thc.org/thc-epassport/
http://blog.thc.org/index.php?/archives/4-The-Risk-of-ePassports-and-RFID.html
Refuse the mark.
Tempus Fugit
Friday, October 3, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment