RFID Feared as Possible Terrorist TargetBy Lisa Vaas | Posted 2007-03-27 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
London's Royal Academy of Engineering suggests that someday a terrorist will be able to read personal details from a distance and set a bomb to go off when a particular person gets within range.As if RFID chips in driver's licenses and passports weren't scary enough already, London's Royal Academy of Engineering is suggesting that someday a terrorist will be able to read personal details from a distance and, given the right antennas and amplification, set a bomb to go off when a particular person gets within range.
It's already widely acknowledged that unencrypted data stored on an RFID chip in a passport can be read covertly by anybody with a pass-by reader.
As the ACLU pointed out at Black Hat earlier in March, you can buy parts on the Internet to make a reader for as little as $20.
With a reader, you can pick up whatever the RFID chip is sending out: passport number; name; where an individual was at, at what time; name; address; Social Security number, etc.
The ability of RFID to be subverted in far more dangerous ways was only one example of how advancing technology can be exploited in the future, according to the Royal Academy.
The Academy on March 26 released a report titled "Dilemmas of Privacy and Surveillance: Challenges of Technological Change," by Nigel Gilbert, chairman of the Academy's group on Privacy and Surveillance.
Here are some other technology shocks that have already occurred or that may come to pass, according to Gilbert:
The e-Passport, as it's called, uses facial recognition to link an individual with a paper passport, with iris and fingerprint data used as backup, and other countries have expressed interest in using biometrics as well.
Because the data will be read at places such as passport control to verify the identity of the holder, the data have to be quickly and reliably transmittedhence, use of RFID chips have been proposed.
A forged passport could include a passport carrier's biometric information but with forged personal details, including name, date of birth and citizenship.
Of course, passports could be checked against a central database to ensure that the data on a given passport matches the master set. But then, it's unnecessary to store the data on a passport, since it can be retrieved from the central database.