RFID and Personal Security
I understand that RFID chips are being embedded in passports, debit cards and other identification cards. Is there any truth to the rumor that hackers with special equipment can swipe my personal info as I walk by?
RFID Chips - Are They Secure?
Radio-frequency identification or RFID chips are commonly embedded in merchandise these days to prevent shoplifting. Two more recent trends involve RFID chips in personal identification cards and payment cards: driver's licenses, passports, social services benefits cards, and debit cards such as Mastercard Paypass. These applications have raised alarms among security researchers.
RFID works by broadcasting information stored on a chip via short-range radio signals. By "short range," we mean about a few inches. An RFID receiver plucks the chip's data out of the airwaves when you wave your card near it, or tap the card on the receiver. No more swiping a card, entering a PIN, or punching lots of buttons. Purchases and passport checks go much faster. But what about security?
The rumor that "walk-by" hackers armed with inexpensive receivers could pluck your passport's RFID data out of the air without even touching you is real. But any information they might get is useless.
"There is no personal information written to the RFID chip. This chip points to a stored record in secure government databases," the U. S. State Dept. emphasizes on its e-passport card Web page. The RFID chip bears only an index key that is used to look up your passport record in some government server. The Immigration agent has the password that grants access to that database; hackers cannot access your passport data with what's stored on the e-passport card!
But with your e-passport index key, argue the alarmists, someone could program a counterfeit e-passport card to impersonate you. Well, yeah, if he happens to look just like the photograph of you that's retrieved from that secure database and displayed to the Immigration agent. Over 2.7 million U. S. e-passport cards have been issued since 2007, and other countries use RFID e-passports too. There have been no reports of identities stolen this way.
Similarly, "enhanced driver's licenses" (also called EDLs or EIDs) with RFID chips don't contain any personal information. A unique reference number stored on the card can be used to identify you when you're at a border crossing station, in lieu of an American passport when traveling to Canada, Mexico, Bermuda, and the Caribbean.
Do You Need a Tinfoil Wallet?
Nonetheless, there's a brisk business in metal foil-lined wallets for e-passports, driver's licenses, and other personal identification cards equipped with RFID chips. The US State Department, as well as states that issue EDLs even provide a free foil-lined jacket just to satisfy privacy concerns.
Mastercard Paypass and other forthcoming payment cards with RFID chips embedded in them are simultaneously more secure and less secure than traditional payment cards. Yes, a hacker who gets within touching distance of your unshielded Paypass card can read its data without your knowledge. On the other hand, the card never leaves your hand. How many times per week do you hand a credit card to a waiter who disappears for a few minutes, long enough to copy all the data he needs for an online spending spree?
Another protection offered by Mastercard is the requirement of a handwritten signature for Paypass purchases of more than $50. So Paypass is convenient for a quick cup of coffee or fast food lunch, but works just like a regular credit card for more expensive purchases. The same charge-dispute policies that protect you against fraudulent charges on other cards apply to Paypass, too.
RFID chips pose no greater identity theft risk than other identification documents as long as they don't store any personal identification data. But you may feel better with a tinfoil-lined wallet, and you can make your own pretty easily. Of course, you'll also need a tinfoil hat to avoid the government's mind control rays, but that's another topic altogether. :-)
Do you have something to say about RFID security? Post your comment or question below…
This article was posted by Bob Rankin on 4 Jan 2011
|For Fun: Buy Bob a Snickers.|
Internet Voicemail Services
The Top Twenty
Discounts on Software
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- RFID and Personal Security (Posted: 4 Jan 2011)
Copyright © 2005 - Bob Rankin - All Rights Reserved