Faking Passport RFID
Tenho postado ultimamente sobre o perigo das etiquetas RFID. Elas estão sendo colocadas em diversos produtos, na maioria das vezes sem que o consumidor saiba. Ele pode monitorar padrões de consumo e mesmo a movimentação dos consumidores (vc compra um sapato com RFID, paga com cartão de credito e cada vez que esse sapato passar por um leitor, vc, ou quem tiver usando o sapato, estará sendo monitorado).
RFID em Passaport (via RFID Today)
Mas vejam que o problema pode ser ainda maior. Post do Ars Technica, Faking passport RFID chips for $120, mostra que as informações eletrônicas em um passaporte podem ser alteradas. Vejam trechos do post:
“Forged passports may seem like the stuff of spy novels, but they have appeared in the real world, having been used by individuals who went on to take part in terrorist attacks. To add a layer of security that goes beyond what’s printed on the page, many nations are adopting passports with an RFID chip that contains a duplicate of the printed information, secured by encryption. A security researcher hired by a British newspaper has now shown that it’s possible to replace the data in the RFID chip, and the lack of international cooperation in the sharing of encryption information may mean the hack goes undetected in many places.
The basics behind the RFID scheme are pretty simple. Passports contain printed copies of a personal photo and key biometric information, such as height, date of birth, etc. With the right equipment and blank passports, it’s possible to forge these printed materials. RFID chips embedded in the passports are intended to help detect these forgeries, as they carry a duplicate of this information—if the two don’t match, then the forgery should be obvious. (The US State Department maintains an FAQ addressing this technology.)
Of course, it’s entirely possible to forge an RFID chip, which is precisely what a security researcher in Amsterdam did at the request of The Times. Jeroen van Beek of the University of Amsterdam was given two valid passports that contained RFID chips. Using an $80 RFID reader, van Beek was able to obtain a copy of all the biometric data, substitute arbitrary values for each of the fields, then write the modified data back out to a separate $40 RFID chip. The Times reports that the process took about an hour. In an amusing twist—and to avoid charges that they were actually engaged in illegal forgery—van Beek uploaded Osama bin Laden’s vitals onto the blank RFID chip.(…)”.