Thursday, March 15, 2007

SSShhhh..... I Never Told You This...

I wouldn't tell anyone to do anything illegal.
I do like to share though.
I came across this nifty "How To" for all you "do-it-yourselfers".
It's a blog post that I jut have to pass along.
It has to do with a hammer and an RFID chip.

There's good reason to be annoyed with RFID technology used for identification applications - for one thing it seems that your identity can be easily stolen. The whole procedure was very interestingly outlined in another blog post.

In the UK, the Daily Mail revealed how easily a person’s identity can be stolen from new biometric passports. Security gaps allowed the personal details and photograph in any electronic passport to be copied from the outside of the envelope in which it is delivered to homes, or even from 6 feet away while people are at the airport waiting for their next flight!

Using a simple gadget built from parts bought on the Internet, it took the Daily Mail less than four hours to copy the details from one passport after removing it from a person's mailbox. With her permission, they took away the envelope containing her passport and never opened it. By the end of the afternoon, they had stolen enough information from the passport’s electronic chip - including the woman’s photograph - to be able to clone an identical document. More significantly, they had the details which would allow a fraudster, people trafficker, or illegal immigrant to set up a new life in Britain. The criminal could open a bank account, claim state benefits and undertake a myriad financial and legal transactions in someone else’s name.

In the UK, each of these newly issued passports is now an ID transmitter that silently puts personal information out there to whoever wants it. On the back of the page is a tiny computer chip, surrounded by a coil of copper-colored wire. This is a Radio Frequency Identification microchip, which can be read using radio waves. Encoded on the passport’s RFID chip are three important files. One contains an electronic copy of the printed information on the passport’s photo page; the second holds the electronic image of the holder’s photo. The third is a security device which checks that the previous two files are not accessed and altered. In order to get into the files, the computer needs an “electronic key”. This is the 24-digit code printed on the bottom line of the passport’s Machine Readable Zone. It is called the “MRZ key number”. The UK Government said the biometric chips are protected by “an advanced digital encryption technique” and without the MRZ key code it is impossible to steal the passport holder’s details if you do not have their travel document in your hand. hackers of course know how to crack these codes, and unlike ATM machines that only give you a few tries to input a code, they can try all kinds of iterations of coding until they find the "key".

Anyone carrying one of these ID transmitting passports around can also have their information pirated as they walk down the street. The "pirate" will put antennae near the entrances of banks (or anywhere else that people regularly show their passports) and then sit back and watch the data roll in. They will not even have to be there. All they need to do is set up a system that phones home when it collects a batch of passports. Cheap laptops in a small box could do it with ease. It took the Daily Mail no time at all to unravel the crucial code, using a relatively simple computer software program and a scanning device.

Now there are those out there who will say - simple to solve this problem - just keep your RFID chipped documents in a special holder that blocks the signals. I suppose that's a solution. But in general, a passport is supposed to be used only to tell governments of other countries that you are an American (or in this case, British) Citizen entitled to protections afforded to such people. Far too much weight is given to passports and identity documents like driving licenses. Identity documents will NOT stop terrorism. They will create other problems.

It is interesting to note that the US Department of Homeland security has found the US Visit program which used RFID's in visitor cards to be a bust.

While I might not mind RFID's being used to inventory CD's or socks in a store, I am not really enthusiastic about them being used to tag or identify human beings like cattle.