Re: Government RFID busted

["M.D.Mufambisi" <mufambisi () gmail com>]

in my opinion this technology was prematurely released without proper
security considerations. Te beirut scenario is quite interesting :-)
and it is indeed a possibility,

Munyaradzi


On 2/4/09, Al Rivas <ARivas () hyphensolutions com> wrote:
> I would say Dan's war drive was useful.  And those that would clone those
> documents would probably find the technique quite useful.  Yes, RFID is
> doing what it's supposed to but I'd put over 90% of people don't realize
> that their information available to cloning this easily.  We (sec pros,
> technogeeks, etc) form only a small percentage of the population.  Knowing
> the bear **** in the woods is only useful because it is a common frame of
> reference.  Unless we inform the general public that their/our information
> is accessible this way, we will be the only ones that even know the bear
> exists.
>
> It would be useless to see another gov program spend billions on something
> which is supposed to increase security but instead has security holes in it
> then say after the fact, "but that's the way it works."
>
> -----Original Message-----
> From: Prodigi Child [mailto:prodigi.child () gmail com]
> Sent: Wednesday, February 04, 2009 1:35 AM
> To: Al Rivas; pen-test () securityfocus com
> Subject: RE: Government RFID busted
>
> I agree that having RFID chips in IDs is a bad idea (Imagine a terrorist in
> Beirut checking his scanner "Hmm 5 Americans in the area.. let's go
> hunting!") but is a 'war drive' to read the RFID tags from the passports
> really useful? It's one of those "duh" things like a study trying to
> determine if bears **** in the woods.
>
> I mean, they are doing what they are supposed to do in the first place,
> which is be read by RFID scanners, albeit from further away than what they
> claimed was possible.
>
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of Al Rivas
> Sent: Monday, February 02, 2009 10:58 AM
> To: pen-test () securityfocus com
> Subject: Government RFID busted
>
> So the U.S. government has had this idea to tag our passports, drivers
> licenses etc, with RFID.  Dan Goodin, has created this video showing why
> this is not a good idea.  The problem is that technology is growing in
> breadth and complexity faster than bureaucrats can wrap their minds around
> it.  The vast majority of the decision makers on these programs can't spell
> computer and have only slight exposure to . "the internets".
>
> Someone presents them with a technology, (I'd bet the farm that the
> presenter sells that particular technology), and the bureaucratic bean
> counter says "Whoopee !  And how much is my cut so I can vote for this ?"
>
> Everyone makes money, and America is safer, they have the PowerPoint Slides
> that say so.
>
> Here's an excerpt from the article "Using inexpensive off-the-shelf
> components, an information security expert has built a mobile platform that
> can clone large numbers of the unique electronic identifiers used in US
> passport cards and next generation drivers licenses."
>
> Here's Dan's excellent video showing how he did it :
>
> http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-clo
> ning-rfid-passports/
>
>
> Excerpt from Western Hemisphere Travel Initiative - the project injecting
> RFID into government docs.
> "Each day, an average of 1.1 million pedestrians and passengers enter the
> United States for business or pleasure. In order to facilitate cross-border
> travel for U.S. citizens while enhancing the security of our citizens and
> travelers, the Department of Homeland Security (DHS) proposes to expand the
> use of vicinity radio frequency identification (RFID) technology at land
> border ports of entry. The use of this technology will be a key component of
> the PASS System (People, Access Security Service), announced in January 2006
> by Secretaries Rice and Chertoff as part of their Joint Vision -"Secure
> Borders and Open Doors in the Information Age.""