[youtube=http://www.youtube.com/watch?v=9isKnDiJNPk]
[Chris Paget] is going to be presenting at ShmooCon 2009 in Washington D.C. this week. He gave a preview of his RFID talk to The Register. The video above demos reading and logging unique IDs of random tags and Passport Cards while cruising around San Francisco. He’s using a Symbol XR400 RFID reader and a Motorola AN400 patch antenna mounted inside of his car. This is industrial gear usually used to track the movement of packages or livestock. It’s a generation newer than what Flexilis used to set their distance reading records in 2005.
The unique ID number on Passport Cards doesn’t divulge the owners private details, but it’s still unique to them. It can be used to track the owner and when combined with other details, like their RFID credit card, a profile of that person can be built. This is why the ACLU opposes Passport Cards in their current form. The US does provide a shielding sleeve for the card… of course it’s mailed to you with the card placed outside of the sleeve.
Technology exists to generate a random ID every time an RFID card is being read. The RFIDIOt tools were recently updated for RANDOM_UID support.
[Thanks Zort]
My passport didn’t come with a shielding sleeve.. :(
I haven’t renewed my passport in ages…I doubt it has RFID in it…
The actual RFID of American passports is generated randomly, it would seem there is a unique and non-changing ID somewhere lower in the protocol, but the basic ‘ID’ he seems to be reading changes every time you read the badge (or from what I’ve read it acts this way, much info on google).
Apparently these aren’t even passports, they are some kind of limited ‘passport cards’ issued to people who live on the borders with Mexico or Canada. They don’t contain any personal information. Each EPC tag has a baked-in unique serial number, yeah, but who cares. We all carry mobile phones!
If you want to feel watched, come live in the UK, where things like this exist:
http://www.allbusiness.com/government/government-bodies-offices-regional/6111139-1.html
why not track car key rfids?
My understanding is a static bag will provide enough shielding to stop most rfid signals from emanating. (i keep my toll road pass in a static bag in my glove box after reading something about them being cloneable) Is this true?
i have lined my wallet with copper wire mesh. works great for my passport card and my visa paywave card
This is a clear example of why I am opposed to anything RFID enabled that contains sensitive data. It’s a disaster waiting to happen.
“I never post, but this made me lol
of course it’s mailed to you with the card placed outside of the sleeve.”
btw, something is wrong with this post window, using a foriegn keyboard makes me unable to type in “@” including the “‘s (had to copy paste from notepad)
It’s Spagett!!
Got my passport in November of 08 and it never came with such a sleeve, it did come with an RFID, that much I do know….<.<
Sounds like stuff from “little brother”, a very good book.
I published an instructable on shielding RFID tags: http://www.instructables.com/id/Make-a-RFID-Shielding-Pouch-Out-of-Trash/
Besides the fact that he has steam installed,……
This is a sweet hack, I wish I had the cash to play with the reader.
The closest I was able to come was to get a parrallax module and a free wired arduino into some poster board that I printed a generic security poster warning users that their tags could be “sniffed” and to keep their badges in their pockets at all times to avoid pictures being taken and a duplicate badge made.
I placed it above the reader and was able to get a few tags. It was quite ironic, unfortunately the lithium cell I used was only able to power it for a few hours, it would be nice to have it passively powered off of the reader itself though.
Did anyone go to ebay to go grab one for $250 like I did?, they are going for $999 and up now. Ill wait for them to come down in price.
Wait, in america they actually mail passports? WTF.
Unlike america if I want a passport I have to goto town hall in person, seems a bit frivolous to go all insane with RFID and security as they do and at the same time mail passport cards to people.
It’s impossible… The passport used ISO14443.. HF frequency! The reader used by chris paget is an UHF reader.. Mah
there are just so many major flaws in your reasoning that i just don’t have the time to go through them.
Where is cloning or hacking? Just saying bla-bla
Rubbish