Penetration Testing mailing list archives
RE: Government RFID busted
From: "Hleihel, Mohammed [SOS]" <mohammed.hleihel () sos state ia us>
Date: Wed, 11 Feb 2009 11:05:40 -0600
Good point. Which makes it impossible for a terrorist in Beirut to detonate a bomb once an American is in sight because passport CARDS can only be used to travel to (Mexico, Canada and the Caribbean countries?) Again, I am not defending the government on EDLs. But based on what I read and saw, international passports have been better equipped. The State Department has worked with security experts, and many changes have been implemented. -Mohammed Hleihel -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Prodigi Child Sent: Friday, February 06, 2009 12:50 AM To: Hleihel, Mohammed [SOS]; 'Al Rivas'; pen-test () securityfocus com Subject: RE: Government RFID busted Mohammed, Actually, in the first sentence of the video he states he is working sniffing for a passport CARD, not a passport BOOK. Passport CARDS do not necessarily have covers, and neither does the EDL (although it purportedly comes with an optional case/cover). I know that the passport books include metallic elements in the cover which is supposed to block RFID traffic and that its effectiveness is dubious. Have a good day. -----Original Message----- From: Hleihel, Mohammed [SOS] [mailto:mohammed.hleihel () sos state ia us] Sent: Thursday, February 05, 2009 12:38 PM To: Prodigi Child; Al Rivas; pen-test () securityfocus com Subject: RE: Government RFID busted Read more and investigate before making such baseless assumptions. 1- The passport covers are supposed to provide a sheet that hides the RFID signals. Only when a passport is opened would a scanner be able to read the stored data. 2- The Secretary of State is working with many agencies regarding securing this project. All risks and potential security threats are being studied. The government corporation has been satisfactory to a lot of privacy experts. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Prodigi Child Sent: Wednesday, February 04, 2009 1:35 AM To: 'Al Rivas'; pen-test () securityfocus com Subject: RE: Government RFID busted I agree that having RFID chips in IDs is a bad idea (Imagine a terrorist in Beirut checking his scanner "Hmm 5 Americans in the area.. let's go hunting!") but is a 'war drive' to read the RFID tags from the passports really useful? It's one of those "duh" things like a study trying to determine if bears **** in the woods. I mean, they are doing what they are supposed to do in the first place, which is be read by RFID scanners, albeit from further away than what they claimed was possible. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Al Rivas Sent: Monday, February 02, 2009 10:58 AM To: pen-test () securityfocus com Subject: Government RFID busted So the U.S. government has had this idea to tag our passports, drivers licenses etc, with RFID. Dan Goodin, has created this video showing why this is not a good idea. The problem is that technology is growing in breadth and complexity faster than bureaucrats can wrap their minds around it. The vast majority of the decision makers on these programs can't spell computer and have only slight exposure to . "the internets". Someone presents them with a technology, (I'd bet the farm that the presenter sells that particular technology), and the bureaucratic bean counter says "Whoopee ! And how much is my cut so I can vote for this ?" Everyone makes money, and America is safer, they have the PowerPoint Slides that say so. Here's an excerpt from the article "Using inexpensive off-the-shelf components, an information security expert has built a mobile platform that can clone large numbers of the unique electronic identifiers used in US passport cards and next generation drivers licenses." Here's Dan's excellent video showing how he did it : http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-clo ning-rfid-passports/ Excerpt from Western Hemisphere Travel Initiative - the project injecting RFID into government docs. "Each day, an average of 1.1 million pedestrians and passengers enter the United States for business or pleasure. In order to facilitate cross-border travel for U.S. citizens while enhancing the security of our citizens and travelers, the Department of Homeland Security (DHS) proposes to expand the use of vicinity radio frequency identification (RFID) technology at land border ports of entry. The use of this technology will be a key component of the PASS System (People, Access Security Service), announced in January 2006 by Secretaries Rice and Chertoff as part of their Joint Vision -"Secure Borders and Open Doors in the Information Age.""
Current thread:
- Government RFID busted Al Rivas (Feb 03)
- RE: Government RFID busted Prodigi Child (Feb 05)
- RE: Government RFID busted Al Rivas (Feb 05)
- Re: Government RFID busted M.D.Mufambisi (Feb 10)
- RE: Government RFID busted Hleihel, Mohammed [SOS] (Feb 09)
- Message not available
- RE: Government RFID busted Hleihel, Mohammed [SOS] (Feb 10)
- RE: Government RFID busted Al Rivas (Feb 10)
- RE: Government RFID busted Hleihel, Mohammed [SOS] (Feb 10)
- RE: Government RFID busted Al Rivas (Feb 05)
- RE: Government RFID busted Prodigi Child (Feb 05)
- RE: Government RFID busted Prodigi Child (Feb 10)
- RE: Government RFID busted Rui Pereira (WCG) (Feb 11)
- RE: Government RFID busted Hleihel, Mohammed [SOS] (Feb 11)
- RE: Government RFID busted securityfocus (Feb 12)
- RE: Government RFID busted Prodigi Child (Feb 11)
- Re: Government RFID busted Shreyas Zare (Feb 11)
- Message not available
- Re: Government RFID busted Shreyas Zare (Feb 12)
- Re: Government RFID busted VM (Feb 18)