The Canadian Flag On Your Backpack Will Fool No One
That’s right, the US State Department loves wireless storage so much they are putting it in your passport, according to CNN Money, in the form of a 64 KB RFID chip. That’s four times the memory of my first computer. The chip can be easily read with non-standard equipment from as far away as 160 feet.
Just How Stupid Is It?
I give it a Threat Level: Red. Passports have a 10 year life, so the bad guys who want your info – or your scalp – will have 10 years of technology advances to refine their technique. Expect RFID scanners built into briefcases to be on sale next year at spy shops. They’ll get smaller and cheaper. You’ll get older and slower.
But The Data Is Encrypted
Heh. Encryption works best on unstructured data. Back during WWII, the Bletchley Park wizards broke the German Naval Enigma code – which they’d suddenly changed when someone suspected it had been broken – when they realized that each submarine’s transmission contained an unchanged weather code. What’s in a passport: name, birthdate, birthplace, date of issue, height, weight, eye color, photo. Gosh, who could figure that out? It took security pros using a PC two hours to crack the Dutch version last year.
Then: Z-Hunting. Now: RFID Crack & Track
Criminals in Florida used the Z plates on rental cars to target tourists for mugging, theft, abduction and occasionally murder. Organized criminals, like the ones commit cyber-crimes like identity theft and website extortion DOS attacks clearly have the Mojo to crack and track RFID passports.
The easiest solution would be for State to drop the whole stupid idea. That won’t happen, since most of elected officials, when not flat-out auctioning themselves for campaign contributions, are painfully ignorant about science and technology.
Solution 2: Use A Hammer
Use a hammer to crush the chip. We’ve all heard that sticking an RFID chip in a microwave will kill it – but not without risk. According to the Spychips FAQ:
Q: Can I microwave products to kill any hidden RFID tags they might contain?
A: While microwaving an RFID tag will destroy it (a microwave emits high frequency electromagnetic energy that overloads the antenna, eventually blowing out the chip), there is a good chance the the tag will burst into flames first. The difficulty of destroying a hidden RFID chip is one reason we need legislation making it illegal to hide a chip in an item in the first place.
They recommend either disconnecting the antenna – which would likely be a problem since the cutting would look like tampering – or physically crunching the chip. With some care the crunch job shouldn’t have to leave any marks.
A Frito’s corn chip bag. Anti-static bags don’t work, but informal tests suggest the aluminized corn chip bags block RFID effectively.
I’m sure Passport RFID destruction techniques will be explored and documented on the web in the next few months. Sadly, some courageous individuals will likely be prosecuted for “tampering” with their passport.
State could have used either smart cards or laser cards. Instead some fast-talking salesman and (probably) semi-corrupt congressmen gave us a poor solution that we’ll all be living with for years to come.