[LINK] Code highlights e-passport eavesdropping risk

[Adam Todd]

At 09:38 PM 1/11/2006, Kim Holburn wrote:

>As I understand it the data is available via radio, that is the point
>of RFID.  The ID in this case is the encrypted data.  You only have
>to read it.  I don't believe you have to unlock the chip to read it,
>just unlock the data.
>
>Once you have the data you can decrypt at your leisure.

Bingo.

>The only
>problem is powering the chip so it transmits the data.  To do that
>you need a low frequency electromagnetic signal

That's not hard.

>or equivalent or you
>wait until someone else powers it and read it from a distance.

That might not be so easy.  If the "someone else" powers it with a very low 
powered signal, the emissions from the passport would be lower in dB than 
that of the active component.  (Well that "physics" thing and the rules of 
basic electronics say that, haven't yet broken that rule.)

If you were close enough, then you might read it, but most "active" readers 
are very very low power.

I'm hedging my bet on someone standing with 10 meters using a very very 
high powered transmission to cover a larger area.  Now we can move into the 
fun part of science fiction :)  That will eventually, like all too often, 
and faster these days, become science fact.

>We can pick up radio signals from stars millions of light years away.

Is that what those things are!

>You think we can't do that with a passport?

Or any kind of passive device that requires external "powering"

>I am assuming the chip is basically a passive RFID.  Have I got that
>wrong?

Nope, to the latter.  You are correct.

>Do you have to interact with the chip?

Physically?  No.

>You can send it commands?  That is a frightening thought.

In short and limited, yes.  If you want to call them "commands."