Posts Tagged ‘rfid clones’

DHS proposes funky ‘fix’ for RFID security

Saturday, November 15th, 2008

A proposal by the Department of Homeland Security attempts to address one potential security problem with RFID-chipped passports, but leaves more obvious problems hanging fire.

In an effort to detect attempts to clone the data stored on RFID chips used on US Passport Cards, DHS on Wednesday announced that it is recommending that manufacturers supplying these RFID chips include a “unique identifier number,” or Tag Identifier (TID).

The TID would be used to ascertain when a chip’s data has been cloned, as one would do to create a fake passport. If two passports with the same identifier number turned up at the border, one of them could be deduced as fake. That number would actually be the second unique number in the chip, since all a passport’s RFID chip stores is a unique number that is indexed in a database. (Currently the chips hold one unique number and one generic manufacturer code; that generic code is the one that would be replaced with a TID.)

It’s an identification model that works reasonably well with mobile phones and automobiles, but an identity document is a different creature. Conceivably, the ID number might help to determine whether, for instance, a hacker intercepting the snail mail has waved a reader near a State Department envelope and picked off the data without having to open the envelope — with “contactless” technology, the envelope would not have to be opened. But the model may not help with other security issues RFID researchers, privacy activists, and anti-terrorism experts have flagged. (more…)