Ethical Hacker Proves RFID Tags Remain Vulnerable to 'Skimming'
According to recent reports, $250 worth of electronic equipment allowed Chris Paget, an "ethical hacker," to scan and copy the information stored on radio-frequency identification (RFID) chips embedded in new passport cards (but not the traditional passport books), as well as some enhanced drivers' licenses while he drove around San Francisco. The 20-minute experiment was captured on video by The Register.
According to Paget, it would be trivial to program blank tags with the skimmed identification numbers -- a key part of the process of creating counterfeit cards. Because the embedded RFID chips broadcast their information, Paget was able to scan passport cards from a moving vehicle.
According to the Examiner, The State Department advertises this feature as a convenience, saying "with RFID technology, Customs and Border Protection inspectors will be able to access photographs and other biological information stored in secure government databases before the traveler reaches the inspection station." (Source: examiner.com)
The State Department emphasizes that the passport card only contains a unique number that links the card to a secure database maintained by the Department of Homeland Security and State Department.
Issued with the passport cards by the State Department are sleeves that block their transmissions. Two of the passport cards Paget scanned within the 20-minute experiment reveals that not everyone is using those sleeves.
RFID Vulnerabilities Remain In Place
Several disturbing revelations resulted from Paget's experiment including:
- With the proper equipment you can track an identity around the city
- Similar RFIDs are beginning to appear in enhanced drivers' licenses, such as those issued by Washington State, raising privacy issues
- Putting a traceable RFID in a pocket has the potential to make everybody a blip on somebody's radar screen
- The video of Chris Paget's RFID-skimming experiment is available from The San Francisco Examiner.
More information on the vulnerabilities that appear to remain in place in passport cards and enhanced drivers' licenses that were exploited in Paget's experiment can be found from RSA Labs. (Source: rsa.com)
Visit Bill's Links and More for more great tips, just like this one!
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.