Posts Tagged ‘UK’

Foil linings for all new e-passports in the USARFID Journal recently reported that all new generation US e-passports will have a protective foil lining inside their covers. Why you may well ask? The logic is simple – the foil provides an effective barrier, or shield, that protects against unauthorised access to sensitive passport information contained within the RFID chip.  (In many European countries, including Britain, passports issued since 2006 have embedded RFID or ‘contactless’ chips containing information about the passport holder.)

With this new improvement, US passport holders would have to have their passport open all of the time for it to be traced or intercepted.

This development is clearly terrific news for American citizens!

But it’s not such a bright outlook for other countries that have been slow to adopt foil linings.  Of course for UK citizens there’s a simple – and 100% effective – solution until Britain catches up with the States and issues new generation ‘foil lined’ e-passports.  RFID Protect supplies a range of  shielding products for British e-passports and is law enforcement partnered so you can be sure of an effective solution and decent customer support.  By placing your e-passport within one of RFID Protects’ shielding sleeves, wallets or holders there is no way on Earth anyone is going to scan your passport data remotely.

In fact – it’s like giving your passport its own portable firewall!

There’s an old saying – ‘when America sneezes, Britain catches a cold’.  On this occasion the UK would certainly benefit from ‘a day of fever’ in order to come out the other side feeling well again; as some will argue that the current unsatisfactory situation leaves British citizens exposed to potential RFID crime. The following link will take you to the RFID Protect webpage where you can get protected now!

http://www.rfidprotect.co.uk/products.html

Advertisements

Eavesdropping attacks on RFID enabled devices, such as e-passports and contactless credit cards or secure door entry systemsThis extraordinary academic paper, with its practical experiments, presents actual ‘proof-of-concept’ eavesdropping attacks across a range of RFID enabled devices.

The author, G.P. Hancke (of the British-based Smart Card Centre / Information Security Group at University of London), demonstrates how he implemented successful attacks on the three most popular High Frequency (HF) standards: ISO 14443A, ISO 14443B and ISO 15693.

What some may find particularly disturbing is that in each case Hancke not only describes the equipment needed to execute an attack, but also how an effective RFID receiver kit can be constructed for less than £50.

“Even though the self-build RF receiver did not achieve the same results as commercial equipment – it does illustrate that eavesdropping is not beyond the means of the average attacker.” says Hancke.

Read the full PDF report here

And then protect yourself against unauthorised ‘contactless’ eavesdropping here

Nevada Attorney General warns of 'contactless' crimewave

A leading smart card shielding company in the States recently announced news that the Nevada Attorney General’s Office had issued a series of daily consumer briefings on the growing concern surrounding ‘contactless’ crime.   If this is true then things are heating up!

Warnings appear to have been linked with America’s 13th Annual National Consumer Protection Week (NCPW). During NCPW, groups across the States share consumer advice, in the hope that individuals will find better ways to protect their privacy and avoid fraud.

A spokesperson from ID Stronghold said, “Thieves can steal this information by using a frequency reader. These readers are inexpensive and easy to obtain. The thief can simply walk next to you and acquire your credit card number and expiration date without any physical contact. While these cards are in your wallet or purse they can transmit your card or passport number and in some states, your digital drivers’ license information when placed near a reader. The information almost immediately appears on a computer screen without you ever knowing about it. Apparently U.S. passports are more difficult to read than cards with RFID chips because they require a password. However, hackers with enough knowledge can see everything on the passport’s front page.”

From the above evidence there seems to be growing concern across America, (not least in Nevada), about a potential RFID crimewave. Against such a backdrop the case for consumers to protect themselves from this type of identity theft is growing stronger by the day.  And whilst it is important to also mention that the makers of RFID enabled devices still maintain that their products are 100% safe from unauthorised access, should you feel the need to buy some RFID sheilding just in case then you can learn more here…

Google has finally accepted that it harvested personal data from wireless networks as its fleet of vehicles drove down residential roads taking photographs for the Street View project. And yet only a few months ago it would have screamed ‘blue murder’ if anyone intimated that this had happened. Now it transpires that millions of internet users have potentially been affected. Google’s acknowledgment of guilt is an interesting U-turn from its earlier assertion that no sensitive personal information had been taken.

Google has now confessed that its, “…vehicles had also gather(ed) information about the location of wireless networks, the devices which connect computers to the telecommunications network via radio waves.”

The Daily Telegraph newspaper reported that, “…Privacy International lodged a complaint with Scotland Yard earlier this year about Google’s Street View activities and officers are still considering whether a crime has been committed. Google is facing prosecution in France and a class action in the US, with similar lawsuits pending in other countries.”

The full story can be read at: http://www.telegraph.co.uk/

Whilst this development does not relate specifically to RFID or contactless technology as such, nonetheless it’s an excellent example of a large multi-national operation initially stating – “guys, what’s the problem – there’s nothing to worry about your wireless internet connection because we’ve ensured that it’s 100% secure” – and then a few months later we arrive at a different place – “…er, you know that technology that we told you was secure, well there’s been a slight issue with it and as a result your email, passwords and other sensitive information are now in the public domain – whoops, sorry about that…”

Therefore it could be reasonably argued that whilst today contactless credit, debit, Oyster, and Olympics 2012 RFID passes are all being sold as 100% safe – tomorrow may bring with it a somewhat different outlook…

Watch this space, and in the meantime can you afford not to protect your biometric details now?

Dutch security researchers rode the London Underground free for a day after easily using an ordinary laptop to clone the “smartcards” commuters use to pay fares, a hack that highlights a serious security flaw because similar cards provide access to thousands of government offices, hospitals and schools.

There are more than 17 million of the transit cards, called Oyster Cards, in circulation. Transport for London says the breach poses no threat to passengers and “the most anyone could gain from a rogue card is one day’s travel.” But this is about more than stealing a free fare or even cribbing any personal information that might be on the cards.

Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.

“The cryptography is simply not fit for purpose,” security consultant Adam Laurie told the Telegraph. “It’s very vulnerable and we can expect the bad guys to hack into it soon if they haven’t already.”

By Alexander Lew  Email Author| June 24, 2008

Source: http://www.wired.com/autopia/2008/06/hackers-crack-l/

http://www.rfidprotect.co.uk/For UK residents interested in anti-skimming products, we’d suggest making contact with RFID Protect. RFID Protect is a British-based company, and one that offers a full range of RFID shielding kit, much of which can be custom manufactured to carry a client’s branding.

There’s also an added benefit; this being RFID Protects’ work with law enforcement specialists both in the UK and overseas – their shared goal being to raise awareness about RFID skimming, and help people keep their personal data secure.

For more information visit:  RFID Protect

Finally, if you’re in any doubt as to whether or not RFID skimming is a real threat, then perhaps watch the following video evidence.  In this video by UK broadcaster Channel 4 News, Thomas Cannon, of ViaForensics, demonstrates how an ‘electronic pickpocket’ can skim personal information remotely from RFID enabled bank cards using a smartphone application.

Electronic Pickpocket – YouTube Video
(Approx. 4minutes – n.b: opens in a new window.)