[LINK] Re: RFID in Govt, and in People
link at todd.inoz.com
Wed Oct 4 23:01:36 AEST 2006
At 07:03 PM 4/10/2006, you wrote:
>Adam Todd wrote:
>> ... From 478 cm's away I could read the RFID with no problem at all. ...
>>I'm not even going to begin with what happens after you can read it. ...
>At 18:29 +1000 4/10/06, Geoff Ramadan wrote:
>>1) what device did you use to read the passport?
>>2) how was the passport presented. Was it opened or closed?
>>3) could you read it while it was closed.
>In addition, Adam:
>4) do you mean that you:
> a) extracted a bit-string; or
> b) extracted human-readable data
Prefer not to disclose.
(Does that disclose something??)
>5) if b), could you provide some sample data.
> (Naturally you'd want to avoid providing data with security
> implications; so partial data or data that is, shall we say,
> 'lightly falsified but indicative' might be best)
I don't think it's possible to put sample data into a public place without
the issue of security implications. I'll discuss it with my playmate and
see what we can come up with.
The "data" would in fact be, as explained on the passport, the same as the
content of the passport in readable format. Again, I'd resist saying any
more, other than to hint that privacy issues go beyond the obvious.
To be honest it really wasn't that hard, but then when is anything
I should say that I've been working with One Wire touch memory systems and
RFID devices for a LONG time now, since the late 1980's so this isn't a new
concept to me.
I use the term "reading" in a very loose manner. I won't say more.
Look can I say something fundamental. I'm not adverse to RFID technology
being used and I know damn well no matter how "encrypted" and "coverted"
the data is, it can always be read, intercepted, duplicated and
recreated. It's electronic. There are no means I know of to prevent
replication of electronic stored data.
DeCSS is great for DVD's in principal 99% of people don't care and haven't
the ability, but 1% will always be able to find a way even with persistence.
If there is a LEGAL WAY, there is ALWAYS an illegal way.
Once the RFID is excited to transmit, that's it. It's in the open. There
are ways to make low powered devices or even limited range devices gain
range and become amplified.
Lets face it, it's not that hard to build a listening device that is
powered not by a battery but by the directing of day a 2Mhz RF signal in
the direction of the device. The Higher the 2Mhz power the more excited
the transmitter on the device.
It's easy to detect low emissions of power (Star Trek has been doing it for
decades!) it's even easier to detect emissions of RF.
It's not difficult to detect disabled devices simply by resonating the
circuits. I do it all the time. Depending on the location, type of
equipment and the requirements, it's no different to finding room resonance
by raising and lowering the frequency of your voice. (Didn't you do that
as a kid to create a resonance?)
My concern is more along the lines of the ease in which the device is
excited, the ease in which it can be excited by high power excitement, and
the fact that it potentially contains digital data that might be used for
But then you just need a copy of the Human Visual page with a signature and
photo, date of birth and you're away.
How many times do you get TOLD and ASKED by people for your date of birth
supposedly as a means of Security and Identification?
Honestly a Date of Birth is meaningless as security. It's pretty much
deemed public information to be honest.
If you have a name and a DOB, you can pretty much find anything you want
about a person. If you just have a Name, you are pretty helpless.
Why can't there be a mismatch of data between the RFID and the Visible page
- then you have a "checksum" or a "parity" checking mechanism that is
If anyone wishes more information or discussion, please contact me in private.
More information about the Link