Posts Tagged ‘leather passport holder’

US Department of Defense orders RFID shields

US Department of Defense orders RFID shields

It can now be reasonably argued that November 2010 will mark a significant turning point in the debate surrounding RFID or ‘contactless’ credit, debit, passport and door-access security.  For on Wednesday 29 November, 2010  Secure ID News reported the following news,

“…2.5 million radio frequency shielding sleeves (were delivered) to the Department of Defense to protect the contactless Common Access Card (CAC) from data interception. The FIPS 201-approved, shielding sleeves are distributed via RAPIDS ID offices worldwide with the issuance of new CACs.”

Furthermore, the online journal then went on to state,

“…an option to purchase an additional 1,675,000 sleeves was exercised by the Defense Department for final delivery in January 2011. This order will bring the total number of our sleeves 4.2 million. In September, an order for 200,000 rigid, RF shielding, non-metallic badge holders (was also placed).”

Of course, whilst unauthorised data interception from RFID enabled device is not commonplace – this development would strongly suggest that the potential threat of ‘skimming’ is real and growing by the day.

Original source: http://www.secureidnews.com/2010/11/29/defense-department-order-rf-shields-from-national-laminating

Advertisements

UK Government HQAbstract: A UK government-backed report that explores certain security flaws in RFID / contactless technology.  Well worth a read is this…

Source: http://www.ico.gov.uk

“It will be the responsibility of RFID users to prevent any unauthorised access to personal information. One concern is a practice that has become known as “skimming”. Since a transponder’s signal can be picked up by any compatible reader, it is possible for RFID tags to be read by unauthorised readers, which could access personal information stored on them. Users can guard against skimming by using passwords. The EPCglobal Class 1 Generation 2 RFID specification enables the use of a password for accessing a tag’s memory. However, these are not immune to “hacking”.

Most RFID systems require a short distance between tag and reader, making it difficult for “rogue” readers to scan tags but this could nevertheless be done in a situation where people are naturally at close range, for example, on a crowded train. The nominal read range of some tags can also be extended by the use of more powerful readers. It is also possible to read part of a tag’s number by eavesdropping merely on a reader’s communication with a tag. Readers, with a much higher power output than tags, can be read at much greater distances.

While some RFID applications might not need communication between tag and reader to be encrypted, others that process personal and especially sensitive personal data will need an adequate level of encryption to safeguard the data being processed. In most cases “skimmers” would also need a way of accessing the external database containing the personal data, but in some cases inferences might be made about someone from information which in itself does not relate directly to him. If a person leaves a store having purchased items carrying RFID tags that have not been disabled, he carries with him a potential inventory of his possessions. This would enable someone with a suitable reader and knowledge of EPC references to discover what items he was carrying at a given time. Sensitive personal data about a person’s illness, for example, might be unknowingly revealed by him via the EPC referring to the medication in his pocket. An insufficiently secure RFID chip could also be “cloned”. By copying personal data stored on the RFID chip of an identification card, a person could for practical purposes steal the identity of the cardholder. If the information on the database (e.g., a fingerprint) is checked only against the information on the card, rather than directly against the person himself, a criminal would not need to access the information stored on the database.”

http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/radio_frequency_indentification_tech_guidance.pdf

For more information visit:  RFID Protect

Finally, if you’re in any doubt as to whether or not RFID skimming is a real threat, then perhaps watch the following video evidence.

Video evidence from the United States of America, claiming that RFID enabled devices are vulnerable to skimming, cloning and hacking.

Electronic Pickpocket – YouTube Video
(Approx. 4minutes – n.b: opens in a new window.)

Here in the UK, the bio-metric passport project is now in its fourth year.  By all accounts the roll-out has proved successful, although there is a growing body of evidence that suggests the system is not entirely fool-proof; leaving a small window of opportunity for unscrupulous individuals to ‘skim’ the data contained therein.  It’s been argued that this can be done from distances up to a metre away, and what’s more – you wouldn’t feel a thing!

As someone who’s not keen to have their privacy compromised – even if this is just a ‘long shot’ – I’ve decided to put together a DIY guide to keeping your RFID enabled passport secure from skimmers. So, we’re going to use the ‘Faraday Cage’ approach of using aluminium foil to create a secure environment for our passport – rendering it inactive, whilst inside the foil.  Yes, I realise that this smacks of ‘tin hat paranoia’ – but there’s compelling evidence to suggest it works – as the signal from our passive RFID chip is effectively blocked from the reader; or ‘hacker’ as the case may be.

You will need:

2 x A3 paper
A4 size strips of aluminium foil
C5 sized envelope/s
3M spray mount
1 x scalpel
1 x newspaper
1 x ruler
1 x strong adhesive (PVA / wood glue)
1 x kettle (for streaming the C5 envelope open)

Instructions:

  • Take your kettle, fill it with about one cup of water, and heat until boiling
  • Taking great care with this next step – steam the folded seams of your C5 envelop, until the original glue relaxes and you can peal the flaps apart
  • Once all flaps are released – unfold your envelop and allow to dry
  • Once dry, place your unfolded envelop between two sheets of A3 paper (creating a sandwich) and iron the top sheet of A3, thus in doing so the C5 envelop will be flattened.
  • Remove the 2 sheets of A3 paper, take the (now flattened) envelop and place it over a sheet of aluminium foil and ensure that there’s sufficient foil to cover your envelop.  Cut to size – allowing for at least 1 cm overlap on all edges.
  • Place the aluminium foil onto a sheet of old newspaper – spray well with 3M spray mount
  • Place inside face of envelop onto the sticky side of the foil – you’re attempting to glue the foil to the inside of your envelop.
  • Place a sheet of A3 paper over the top, then rest a heavy book on top – allowing up to 24 hrs for the glue to adhere
  • Once fully dried – and using a ruler – trim all edges with a scalpel, to the original dimensions of your C5 envelop.  TAKE CARE OF FINGERS!!!
  • Finally, crease any folds again to original C5 envelop configurations.
  • Use the strong adhesive to join the folded seams together.

You should now have a C5 envelope with a foil lining inside. All you need do now is insert your RFID enabled passport and close the flap.  You can use a paper clip to keep the flap closed.

All done!

Although with hindsight, you could well be better off simply buying an RFID protected passport sleeve (for around £2.99) from one of the suppliers listed elsewhere on this site. (Click here to buy from UK-supplier RFID Protect.)

And unless you already have most of the items detailed above then it’s probably also a cheaper option – but of course less fun!

In the UK we stand at the dawn of a new era, the emergence of a new way of conducting business and our lives – welcome to the RFID enabled World! But as is the case with the roll-out of any new technology, we may not be fully aware of the associated challenges. Will our identity remain safe from the unscrupulous career criminals? How can we protect ourselves from card skimming and cloning. These are just some of the many questions that this site hopes to address into the future. We hope you’ll contribute, and that this resource will prove useful in some way.