RFID tags

It's no secret that various organizations have been implimenting new technology into products for some time now. RFID tags (radio frequency identification tags) have replaced the traditional barcode. Various companies use them to keep track of inventory. They are used remote door locks that require no key of any kind to unlock doors. For some time we have had the luxury of being able to unlock doors or even start our cars from hundreds of feet away. Recently, Mercedes Benz recently released a car that has an antitheft security system and it is completely keyless. It seems this clamor to implement new technology has made it's way all the way up to the government. RFID technology will be in future passports. It was suggested by Scott Silverman, Chairman of the Board of Verichip Corporation, that implanting RFID chips in immigrants would solve the nation's problem of wanting to know 'who is in our country and why they are here' . Considering the amount of proof that we have at present how completely insecure this technology is I can't believe we are considering implanting these in people for this purpose.

Lukas Grunwald cowrote a program called 'rfdump'. Essentially what it does is it takes a standard off the shelf RFID reader and it enables a person to not only see the contents of RFID tags but to modify and rewrite the tags. So now you are probably thinking, why would they put this in security doors, stores, cars and passports? There is a security feature that 'locks' the tag. One of the problems is that most companies leave the tags unlocked leaving them open to be changed by anyone. The other problem is that security for RFID is not where it should be. The security feature is an encryption algorithm, but like all encryption algorithms it is susceptible to a 'brute force' attack. The amount of time it would take to break the encryption depends on the cipher that was used.

The original cipher for the prototype RFID passport was cracked in 2 hours. If that were to be the case with passports, every airport would be a breeding ground for identity theft. The Mercedes car uses codes that are 40 bits in length. There have been reports of the car being stolen 20 minutes after leaving it parked. Unfortunately, the companies making these RFID tags see no reason to change them or try to make them more secure.

I can't believe we are putting this technology in passports, let alone even thinking about putting it in people. If a person was so inclined, they could modify an immigrants RFID that could get them into a lot of trouble or even killed. A person could go on a crime spree just making scapegoats out of the local immigrants. It is a very bad system, and a "quickfix" that our government just might take. After all it does make the problem go away with minimal effort from the government. Still I think the government needs to take a good long look at the technology they are implementing, especially for sensitive purposes before they jump on the bandwagon.

Sources: wired.com, rfdump.org, cnet.com

Kris