Mobile RFID scanning

[Chris Paget] is going to be presenting at ShmooCon 2009 in Washington D.C. this week. He gave a preview of his RFID talk to The Register. The video above demos reading and logging unique IDs of random tags and Passport Cards while cruising around San Francisco. He’s using a Symbol XR400 RFID reader and a Motorola AN400 patch antenna mounted inside of his car. This is industrial gear usually used to track the movement of packages or livestock. It’s a generation newer than what Flexilis used to set their distance reading records in 2005.

The unique ID number on Passport Cards doesn’t divulge the owners private details, but it’s still unique to them. It can be used to track the owner and when combined with other details, like their RFID credit card, a profile of that person can be built. This is why the ACLU opposes Passport Cards in their current form. The US does provide a shielding sleeve for the card… of course it’s mailed to you with the card placed outside of the sleeve.

Technology exists to generate a random ID every time an RFID card is being read. The RFIDIOt tools were recently updated for RANDOM_UID support.

[Thanks Zort]

Comments

  1. barry99705 says:

    My passport didn’t come with a shielding sleeve.. :(

  2. Sushi says:

    I haven’t renewed my passport in ages…I doubt it has RFID in it…

  3. Gabe says:

    The actual RFID of American passports is generated randomly, it would seem there is a unique and non-changing ID somewhere lower in the protocol, but the basic ‘ID’ he seems to be reading changes every time you read the badge (or from what I’ve read it acts this way, much info on google).

  4. dan says:

    Apparently these aren’t even passports, they are some kind of limited ‘passport cards’ issued to people who live on the borders with Mexico or Canada. They don’t contain any personal information. Each EPC tag has a baked-in unique serial number, yeah, but who cares. We all carry mobile phones!

    If you want to feel watched, come live in the UK, where things like this exist:

    http://www.allbusiness.com/government/government-bodies-offices-regional/6111139-1.html

  5. macgyver says:

    why not track car key rfids?

  6. commo says:

    My understanding is a static bag will provide enough shielding to stop most rfid signals from emanating. (i keep my toll road pass in a static bag in my glove box after reading something about them being cloneable) Is this true?

  7. sal says:

    i have lined my wallet with copper wire mesh. works great for my passport card and my visa paywave card

  8. Timothy says:

    This is a clear example of why I am opposed to anything RFID enabled that contains sensitive data. It’s a disaster waiting to happen.

  9. Daniel says:

    “I never post, but this made me lol
    of course it’s mailed to you with the card placed outside of the sleeve.”

    btw, something is wrong with this post window, using a foriegn keyboard makes me unable to type in “@” including the “‘s (had to copy paste from notepad)

  10. whoosh says:

    It’s Spagett!!

  11. blizzarddemon says:

    Got my passport in November of 08 and it never came with such a sleeve, it did come with an RFID, that much I do know….<.<

  12. strider_mt2k says:

    Sounds like stuff from “little brother”, a very good book.

  13. Æther says:

    I published an instructable on shielding RFID tags: http://www.instructables.com/id/Make-a-RFID-Shielding-Pouch-Out-of-Trash/

  14. w00tb0t says:

    Besides the fact that he has steam installed,……

    This is a sweet hack, I wish I had the cash to play with the reader.

    The closest I was able to come was to get a parrallax module and a free wired arduino into some poster board that I printed a generic security poster warning users that their tags could be “sniffed” and to keep their badges in their pockets at all times to avoid pictures being taken and a duplicate badge made.

    I placed it above the reader and was able to get a few tags. It was quite ironic, unfortunately the lithium cell I used was only able to power it for a few hours, it would be nice to have it passively powered off of the reader itself though.

    Did anyone go to ebay to go grab one for $250 like I did?, they are going for $999 and up now. Ill wait for them to come down in price.

  15. Wwhat says:

    Wait, in america they actually mail passports? WTF.
    Unlike america if I want a passport I have to goto town hall in person, seems a bit frivolous to go all insane with RFID and security as they do and at the same time mail passport cards to people.

  16. mababu says:

    It’s impossible… The passport used ISO14443.. HF frequency! The reader used by chris paget is an UHF reader.. Mah

  17. sixpackistan says:

    there are just so many major flaws in your reasoning that i just don’t have the time to go through them.

  18. 23r2efdw says:

    Where is cloning or hacking? Just saying bla-bla
    Rubbish

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 97,792 other followers