Wednesday, February 11, 2009

Obligatory RFID security post: Cloning passports

Another person managed to read passport RFID data remotely.

While the topic of the course isn't security, the weakness of many RFID systems is a direct consequence of extremely-low-power operation: to avoid the need to have expensive and power-hungry computational capabilities on the RFID chips, many designs use a passive RFID that only sends a single value, instead of being able to participate in a cryptographic protocol. The results are predictable when they're used in scenarios where reading the chips is possible. Even some active RFID systems take shortcuts that leave them vulnerable to brute-force attacks (such as using 40-bit keys to reduce computation time and power).

1 comment:

  1. Totally off-topic but I had a crazy thought about sun-tracking that I thought I should mention.
    We did say that using motors would require too much effort for the little gain in trapping solar energy better.
    However, say at some distant time in the future when solar panels can be made very efficient and really tiny and light, how about placing them on sunflowers ??
    Well, they track the sun naturally, so maybe we can use them. What say ?