Special alloy sleeves urged to block hackers?
To protect against skimming and eavesdropping attacks, federal and state officials recommend that Americans keep their e-passports tightly shut and store their RFID-tagged passport cards and enhanced driver’s licenses in “radio-opaque” sleeves.
That’s because experiments have shown that the e-passport begins transmitting some data when opened even a half inch, and chipped passport cards and EDLs can be read from varying distances depending on reader techonology.
The cover of the e-passport booklet contains a metallic sheathing that can diminish the distances radio waves travel, presumably hindering unwanted interceptions. Alloy envelopes that come with the PASS cards and driver’s licenses do the same, the government says.
The State Department asserts that hackers won’t find any practical use for data skimmed from RFID chips embedded in the cards, but “if you don’t want the cards read, put them in an attenuation sleeve,” says John Brennan, a senior policy adviser at the Office of Consular Affairs.
Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says the envelope her state offers with the enhanced driver’s license “ensures that nothing can scan it at all.”
But that wasn’t what researchers from the University of Washington and RSA Laboratories, a data security company in Bedford, Mass., found last year while testing the data security of the cards.
The PASS card “is readable under certain circumstances in a crumpled sleeve,” though not in a well maintained sleeve, the researchers wrote in a report.
Another test on the enhanced driver’s license demonstrated that even when the sleeve was in pristine condition, a clandestine reader could skim data from the license at a distance of a half yard.
Will Americans consistently keep their enhanced driver’s licenses in the protective sleeves and maintain those sleeves in perfect shape — even as driver’s licenses are pulled out for countless tasks, from registering in hotels to buying alcohol?
The report’s answer: “It is uncertain … “
And when the sleeves come off, “you’re essentially saying to the world, ‘Come and read what’s in my wallet,’” says Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, D.C.
By obliging Americans to use these sleeves, he says, the government has, in effect, shifted the burden of privacy protection to the citizen.
Meanwhile, researchers have raised other red flags.
- In 2006, a mobile security company, Flexilis, conducted an experiment in which the transponder of a partially opened e-passport triggered an explosive planted in a trashcan when a dummy carrying the chipped passport approached the bin. A video of the experiment was shown that year at a security conference.
Flexilis has suggested that the government adopt a dual cover shield and specifically designed RFID tag that would make the e-passport remotely unreadable until it is fully opened.
No changes have been made to the U.S. e-passport in response, according to the State Department.
- Some RFID critics wonder: Could government officials read the microchips in an enhanced driver’s license or passport card by scanning people via satellite or through a cell phone tower network?
The short answer is no — because the chips in PASS cards and EDLs are “passive,” or batteryless, meaning they rely on the energy of readers to power up. Passive tags are designed to beam information out 30 feet.
However, research is moving forward to make batteries tinier and more powerful, says Ari Juels, director of RSA Laboratories. A “semi-passive” tag that could transmit into the atmosphere when triggered by a reader “may be feasible at some point,” he says.
Separately, a system called STAR, that adapts deep-space communications technologies to read passive tags from distances greater than 600 feet, was announced last year by a Los Angeles startup called Mojix, Inc. It uses “smart antennas” and “digital beam forming” to process signals in four dimensions — time, space, frequency and polarization. Mojix, founded by a former NASA scientist, promotes the technology for supply chain management and asset tracking.
Related News
Shingle thefts go through the roof across the US, costing lumberyards and suppliers millionsOctober 9th, 2009 Roof tiles prove to be gold mine for thievesDALLAS — Crooks nationwide are stealing millions of dollars worth of roofing shingles from lumberyards and building-supply companies. Previously, thieves would steal shingles from construction sites.
Researchers design smart, shape shifting 'memory' foamSeptember 25th, 2009 WASHINGTON - Researchers have figured out how to produce a low cost shape-shifting "memory" foam, which could lead to more widespread applications in surgical positioning tools and valve mechanisms. David Dunand, materials science professor at Northwestern University, has been collaborating with Peter Mllner, his counterpart at Boise State University, on a project focused on a nickel-manganese-gallium alloy that changes shape when exposed to a magnetic field.
Sixth former State Department employee pleads guilty to illegally accessing passport filesAugust 26th, 2009 Sixth person pleads guilty to passport snoopingWASHINGTON — A sixth person who worked at the State Department has pleaded guilty to sneaking a peek at celebrity passport files. Former State Department employee Karal Busch admitted Wednesday that, out of curiosity, she illegally looked at more than 64 passport applications submitted by famous Americans.
Man charged with stealing 130M credit card numbers in record identity theftAugust 18th, 2009 Prosecutors say man stole 130M credit card numbersWASHINGTON — A former government informant known online as "soupnazi" stole information from 130 million credit and debit card accounts in what federal prosecutors are calling the largest case of identity theft yet. Prosecutors said Monday that Albert Gonzalez, 28, of Miami broke his own record for identity theft, though his exploits ended when he went to jail on charges stemming from an earlier case involving 40 million accounts.
Fifth State Department worker pleads guilty to illegally accessing celebrity passport filesAugust 17th, 2009 Fifth person pleads guilty to passport snoopingWASHINGTON — A fifth State Department worker has been convicted of snooping into the passport files of famous Americans. Kevin Young, a 22-year veteran of the State Department from Temple Hills, Md., pleaded guilty Monday to illegally accessing more than 125 confidential passport applications for celebrities, professional athletes and a politician.
Fourth person pleads guilty to looking a passport applications for celebrities and politiciansJuly 10th, 2009 Fourth person pleads guilty to passport peekingWASHINGTON — The investigation into who snooped into confidential passport files of famous Americans has resulted in a fourth criminal conviction. Twenty-seven-year-old William Celey of Washington pleaded guilty Friday to unauthorized computer access.
Hackers post pro-Iranian message on Oregon University System home pageJune 24th, 2009 Hackers invade Oregon university system computersPORTLAND, Ore. — Hackers got into the computers of the Oregon University System and posted a message telling President Barack Obama to mind his own business and not to comment on the disputed Iranian election.
Hackers post message supporting Iranian regime on Oregon University System home pageJune 24th, 2009 Pro-Iranian regime hackers invade Oregon computersPORTLAND, Ore. — Hackers defaced the home page of the Oregon University System, posting a caustic message telling President Barack Obama to mind his own business and stop talking about the disputed Iranian election.
Scientists create nonexpanding metal using high pressureJune 16th, 2009 WASHINGTON - Scientists at the California Institute of Technology (Caltech), using high pressure, have created a material that does not expand when heated, and acts like a metal with an entirely different chemical composition. For creating this material, the scientists had to squeeze a typical metal alloy at pressures hundreds of thousands of times greater than normal atmospheric pressure.
Alabama thieves steal ATM with backhoe, but plan backfires after ATM falls off flatbed trailerJune 9th, 2009 Thieves leave stolen ATM after it falls off truckPHENIX CITY, Ala. — Ripping an ATM from its concrete base isn't easy.
Baby left on doorstep in Fla. after thieves steal his parents' car with him in the back seatJune 8th, 2009 Fla. thieves steal car, dump baby on doorstepST. PETERSBURG, Fla.
Hackers steal personal information from UC Berkeley health services database; 160,000 notifiedMay 9th, 2009 Hackers breach UC Berkeley computer databaseSAN FRANCISCO — University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others. The university said data include Social Security numbers, birth dates, health insurance information and some medical records dating back to 1999.
Police: Passport of UGA professor wanted in killings uncovered in wreckage of Jeep in ravineMay 4th, 2009 Police find passport of prof wanted in killingsATHENS, Ga. — Police say they've found the passport of a University of Georgia professor suspected of killing his wife and two others outside a community theater.
LexisNexis warns 32,000 people their personal data may have been viewed by former customersMay 2nd, 2009 LexisNexis warns 32,000 people about data breachNEW YORK — The LexisNexis online information service told 32,000 people on Friday that their personal information may have been improperly accessed by former customers in a credit card fraud scheme that postal officials said had bilked hundreds. "I am writing to inform you that sensitive, personally identifiable information about you may have been viewed by a few individuals who should not have access to such information," said the letter mailed Friday to people whose information is in LexisNexis databases.
Commissioner says international hackers target NYPD computers, but they're foiledApril 23rd, 2009 NYPD computers targeted by international hackersNEW YORK — New York Police Commissioner Raymond Kelly says international hackers try at least 70,000 times a day to gain unauthorized entry into the computer system of the nation's largest police force. But he said Wednesday all the attempts have failed because of a strong protection system that prevents security breaches.
Loading ...