RFID and Personal Security
I understand that RFID chips are being embedded in passports, debit cards and other identification cards. Is there any truth to the rumor that hackers with special equipment can swipe my personal info as I walk by? |
RFID Chips - Are They Secure?
Radio-frequency identification or RFID chips are commonly embedded in merchandise these days to prevent shoplifting. Two more recent trends involve RFID chips in personal identification cards and payment cards: driver's licenses, passports, social services benefits cards, and debit cards such as Mastercard Paypass. These applications have raised alarms among security researchers.
RFID works by broadcasting information stored on a chip via short-range radio signals. By "short range," we mean about a few inches. An RFID receiver plucks the chip's data out of the airwaves when you wave your card near it, or tap the card on the receiver. No more swiping a card, entering a PIN, or punching lots of buttons. Purchases and passport checks go much faster. But what about security?
The rumor that "walk-by" hackers armed with inexpensive receivers could pluck your passport's RFID data out of the air without even touching you is real. But any information they might get is useless.
"There is no personal information written to the RFID chip. This chip points to a stored record in secure government databases," the U. S. State Dept. emphasizes on its e-passport card Web page. The RFID chip bears only an index key that is used to look up your passport record in some government server. The Immigration agent has the password that grants access to that database; hackers cannot access your passport data with what's stored on the e-passport card!
But with your e-passport index key, argue the alarmists, someone could program a counterfeit e-passport card to impersonate you. Well, yeah, if he happens to look just like the photograph of you that's retrieved from that secure database and displayed to the Immigration agent. Over 2.7 million U. S. e-passport cards have been issued since 2007, and other countries use RFID e-passports too. There have been no reports of identities stolen this way.
Similarly, "enhanced driver's licenses" (also called EDLs or EIDs) with RFID chips don't contain any personal information. A unique reference number stored on the card can be used to identify you when you're at a border crossing station, in lieu of an American passport when traveling to Canada, Mexico, Bermuda, and the Caribbean.
Do You Need a Tinfoil Wallet?
Nonetheless, there's a brisk business in metal foil-lined wallets for e-passports, driver's licenses, and other personal identification cards equipped with RFID chips. The US State Department, as well as states that issue EDLs even provide a free foil-lined jacket just to satisfy privacy concerns.
Mastercard Paypass and other forthcoming payment cards with RFID chips embedded in them are simultaneously more secure and less secure than traditional payment cards. Yes, a hacker who gets within touching distance of your unshielded Paypass card can read its data without your knowledge. On the other hand, the card never leaves your hand. How many times per week do you hand a credit card to a waiter who disappears for a few minutes, long enough to copy all the data he needs for an online spending spree?
Another protection offered by Mastercard is the requirement of a handwritten signature for Paypass purchases of more than $50. So Paypass is convenient for a quick cup of coffee or fast food lunch, but works just like a regular credit card for more expensive purchases. The same charge-dispute policies that protect you against fraudulent charges on other cards apply to Paypass, too.
RFID chips pose no greater identity theft risk than other identification documents as long as they don't store any personal identification data. But you may feel better with a tinfoil-lined wallet, and you can make your own pretty easily. Of course, you'll also need a tinfoil hat to avoid the government's mind control rays, but that's another topic altogether. :-)
Do you have something to say about RFID security? Post your comment or question below…
This article was posted by Bob Rankin on 4 Jan 2011
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: Internet Voicemail Services |
The Top Twenty |
Next Article: Discounts on Software |
 |
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- RFID and Personal Security (Posted: 4 Jan 2011)
Source: https://askbobrankin.com/rfid_and_personal_security.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "RFID and Personal Security"
Posted by:
Tom Ferrell
04 Jan 2011
Sure you can scanRFID but look at the size of the handheld scanner and the laptop it is attached to. The guy must wave this scanner around your butt a couple times and not get caught and you need to be still. BAH!
Posted by:
Digital Artist
05 Jan 2011
Are you seriously ridiculing my tinfoil hat?
Posted by:
Pierre
05 Jan 2011
Of course, if you want, you can make your own foil lined card holder, rather than go buy an expensive one.
I made one with some copy paper, some scotch tape, some tinfoil, and some of that 2 inch clear packing tape. You'll need 3 layers of a 1/2 decent quality plain old kitchen aluminum foil.
It was easy! Took me less than 1/2 hour, and I had to invent the design at the same time, and it works quite well, as far as I can tell. I put the card in it, and tried to use it on a scanner at the store, and it would not be read.
So if you need that "extra peace of mind", like I do, meh, why not whip up your own? I have had it for over a year, so, the thing is quite durable, and protects your credit card against other dangers, too.
PML
Posted by:
Tom
05 Jan 2011
And of course with the information in a 'secure' government data base no unauthorized person will be able to access it? Think wikileaks where top secret information was accessed by unauthorized personnel! Be afraid! Be very afraid when your government says to you; 'Dont worry. Its all under control!'
Posted by:
Riker
07 Jan 2011
http://www.youtube.com/watch?v=k7Dr6poEl_0
EDITOR'S NOTE: Interesting, but NOT safe for work.
Posted by:
Gregg
14 Jan 2011
Given the right equipment, the RFID in an Enhanced Driver's License can be read from more than 30 feet away. Consider the risks. Even if they don't know your social security number, a terrorist could know that an American is nearby. In another scenario, consider the fact that it is a unique number. If I put some sensors around inside a mall, I can track every place you go within the mall and learn what product displays get your attention. I can match your security camera picture from the entrance with your unique number, and know how many times you visit the mall each year. With a little cooperation, I can track everything you buy - even if you pay with cash. Later, I can sell all my data to the highest bidder - who may match that same unique number and the security picture with data that they collected from other businesses.