RFID and Personal Security

Category: Privacy

I understand that RFID chips are being embedded in passports, debit cards and other identification cards. Is there any truth to the rumor that hackers with special equipment can swipe my personal info as I walk by?

RFID Chips - Are They Secure?

Radio-frequency identification or RFID chips are commonly embedded in merchandise these days to prevent shoplifting. Two more recent trends involve RFID chips in personal identification cards and payment cards: driver's licenses, passports, social services benefits cards, and debit cards such as Mastercard Paypass. These applications have raised alarms among security researchers.

RFID works by broadcasting information stored on a chip via short-range radio signals. By "short range," we mean about a few inches. An RFID receiver plucks the chip's data out of the airwaves when you wave your card near it, or tap the card on the receiver. No more swiping a card, entering a PIN, or punching lots of buttons. Purchases and passport checks go much faster. But what about security?

The rumor that "walk-by" hackers armed with inexpensive receivers could pluck your passport's RFID data out of the air without even touching you is real. But any information they might get is useless.

"There is no personal information written to the RFID chip. This chip points to a stored record in secure government databases," the U. S. State Dept. emphasizes on its e-passport card Web page. The RFID chip bears only an index key that is used to look up your passport record in some government server. The Immigration agent has the password that grants access to that database; hackers cannot access your passport data with what's stored on the e-passport card!

But with your e-passport index key, argue the alarmists, someone could program a counterfeit e-passport card to impersonate you. Well, yeah, if he happens to look just like the photograph of you that's retrieved from that secure database and displayed to the Immigration agent. Over 2.7 million U. S. e-passport cards have been issued since 2007, and other countries use RFID e-passports too. There have been no reports of identities stolen this way.

Similarly, "enhanced driver's licenses" (also called EDLs or EIDs) with RFID chips don't contain any personal information. A unique reference number stored on the card can be used to identify you when you're at a border crossing station, in lieu of an American passport when traveling to Canada, Mexico, Bermuda, and the Caribbean.

Do You Need a Tinfoil Wallet?

Nonetheless, there's a brisk business in metal foil-lined wallets for e-passports, driver's licenses, and other personal identification cards equipped with RFID chips. The US State Department, as well as states that issue EDLs even provide a free foil-lined jacket just to satisfy privacy concerns.

Mastercard Paypass and other forthcoming payment cards with RFID chips embedded in them are simultaneously more secure and less secure than traditional payment cards. Yes, a hacker who gets within touching distance of your unshielded Paypass card can read its data without your knowledge. On the other hand, the card never leaves your hand. How many times per week do you hand a credit card to a waiter who disappears for a few minutes, long enough to copy all the data he needs for an online spending spree?

Another protection offered by Mastercard is the requirement of a handwritten signature for Paypass purchases of more than $50. So Paypass is convenient for a quick cup of coffee or fast food lunch, but works just like a regular credit card for more expensive purchases. The same charge-dispute policies that protect you against fraudulent charges on other cards apply to Paypass, too.

RFID chips pose no greater identity theft risk than other identification documents as long as they don't store any personal identification data. But you may feel better with a tinfoil-lined wallet, and you can make your own pretty easily. Of course, you'll also need a tinfoil hat to avoid the government's mind control rays, but that's another topic altogether. :-)

Do you have something to say about RFID security? Post your comment or question below…

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 4 Jan 2011


For Fun: Buy Bob a Snickers.

Prev Article:
Internet Voicemail Services

The Top Twenty
Next Article:
Discounts on Software

Most recent comments on "RFID and Personal Security"

Posted by:

Tom Ferrell
04 Jan 2011

Sure you can scanRFID but look at the size of the handheld scanner and the laptop it is attached to. The guy must wave this scanner around your butt a couple times and not get caught and you need to be still. BAH!


Posted by:

Digital Artist
05 Jan 2011

Are you seriously ridiculing my tinfoil hat?


Posted by:

Pierre
05 Jan 2011

Of course, if you want, you can make your own foil lined card holder, rather than go buy an expensive one.

I made one with some copy paper, some scotch tape, some tinfoil, and some of that 2 inch clear packing tape. You'll need 3 layers of a 1/2 decent quality plain old kitchen aluminum foil.

It was easy! Took me less than 1/2 hour, and I had to invent the design at the same time, and it works quite well, as far as I can tell. I put the card in it, and tried to use it on a scanner at the store, and it would not be read.

So if you need that "extra peace of mind", like I do, meh, why not whip up your own? I have had it for over a year, so, the thing is quite durable, and protects your credit card against other dangers, too.

PML


Posted by:

Tom
05 Jan 2011

And of course with the information in a 'secure' government data base no unauthorized person will be able to access it? Think wikileaks where top secret information was accessed by unauthorized personnel! Be afraid! Be very afraid when your government says to you; 'Dont worry. Its all under control!'


Posted by:

Riker
07 Jan 2011

http://www.youtube.com/watch?v=k7Dr6poEl_0

EDITOR'S NOTE: Interesting, but NOT safe for work.


Posted by:

Gregg
14 Jan 2011

Given the right equipment, the RFID in an Enhanced Driver's License can be read from more than 30 feet away. Consider the risks. Even if they don't know your social security number, a terrorist could know that an American is nearby. In another scenario, consider the fact that it is a unique number. If I put some sensors around inside a mall, I can track every place you go within the mall and learn what product displays get your attention. I can match your security camera picture from the entrance with your unique number, and know how many times you visit the mall each year. With a little cooperation, I can track everything you buy - even if you pay with cash. Later, I can sell all my data to the highest bidder - who may match that same unique number and the security picture with data that they collected from other businesses.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- RFID and Personal Security (Posted: 4 Jan 2011)
Source: https://askbobrankin.com/rfid_and_personal_security.html
Copyright © 2005 - Bob Rankin - All Rights Reserved