Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via Dark Reading.

[snip]

With a $250 used RFID scanner he purchased on eBay and a low-profile
antenna tucked away in his car, a security researcher recently cruised the
streets along Fisherman's Wharf in San Francisco, where he captured -- and
cloned -- a half-dozen electronic passports within an hour.

Chris Paget, who will demonstrate the privacy risks with these IDs at the
Shmoocon hacker confab later this week in Washington, D.C., coined this
newest RFID attack "war cloning" given its similarity to war-driving, or
wireless sniffing. "War cloning -- it's the new hacker sport," he says.

The security weaknesses of the EPC Gen 2 RFID tags, which lack encryption
and true authentication, have been well-known and of concern to privacy
advocates for some time. These tags are being used in the new wallet-sized
passport cards that the U.S. Department of Homeland Security offers under
the new Western Hemisphere Travel Initiative for travel to and from Western
Hemisphere countries. The e-cards are aimed at simplifying and speeding up
the border-crossing process, providing U.S. Customs and border agents with
information on the individual as he or she queues up to inspection booths
at the border.

[snip]

More:
http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=213
000321

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFJh9Mgq1pz9mNUZTMRAgYRAJ4gxfdiNvrfaDZQCoy1xTR9cqRAPACeJus4
v6lzIG3b2sCQZi9iOaPqT+Q=
=EnjF
-----END PGP SIGNATURE-----

-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.