WarCloning, the New WarDriving?

ChrisPaget writes "After my legal skirmishes with HID a while back, The Register has coverage of my latest RFID work — cloning Passport Cards and Electronic Drivers Licenses from a moving vehicle. Full details will be released at Shmoocon this weekend, but in the meantime there's video of the equipment and articles all over the place."

Re:Good for crime fighting, scary for potential ab

[internerdj]

Ooops...
http://www.thinkgeek.com/gadgets/security/8cdd/ [thinkgeek.com]

Re:Where are the FUNCTIONAL RF-blocking covers?

[Anonymous Coward]

For your driver's license, just use what I have for many years: an "Altoids" tin (or similar item). Perfectly sized for drivers licenses, credit cards, and other such things, and completely impervious to RF scanning technologies. I use one for my "wallet".

For a passport, well, they *did* have those jumbo tins a while back... ;)

Re:WarCloning?

[spacerog]

No. I know your being funny, or at least modded that way, but the correct prefix is 'war' as in WarDialing, as in War Games (the movie), which is were the term comes from. "WarCloning" is a perfectly acceptable term.

- SR

RFID Gathering

[CaptCovert]

What worries me about all of this is not that the RFIDs can be picked up while driving around. A little consumer education (you are supposed to worry about who you give your SSN to, and you don't just leave your other PII laying around in plain sight usually) in the form of RF-blocking wallet linings will fix that. What I'm worried about is what happens in 5 years, when advances in RF technology (it is the new form of governmental ID, after all. Technology WILL follow suit) allow for hardware that I can hide on my person (antenna down the back of a coat lining, wired to a recorder in my pocket, or hell, dropped in the lining somewhere). At that point, all it takes is one man sitting in a train station or airport. You pull your ID out for scanning, and I harvest it. You may as well walk around with your SSN printed on your shirt.

I saw the video and it is inaccurate at best

[anand78]

The XR400 used in the drive through was a UHF reader. Reading a UHF tag is not as easy as the author described. All you have to do is put it against your body, and the salt water attenuates the signal, thus making the tag unreadable. Making such broad statements as scrap the whole real ID or national id, will be valid, if the author showed some substance.

Re:Why?

[commodore64_love]

>>>Right now the police can pull you over and ask for your license. Don't show it and you see the inside of a cell.

Perhaps in other countries, but not the U.S. The Supreme Court decided (v. Prouse) that a discretionary, suspicionless stop for a spot check of a motorist's driver's license and vehicle registration was invalid. The officer's conduct in that case was unconstitutional primarily on account of his exercise of "standardless and unconstrained discretion." A generalized roadblock that stopped all drivers would be allowed, but only in cases of border security or sobriety checks, not other tasks such as narcotics search.

Re:Why?

[_Sprocket_]

Right now the police can pull you over and ask for your license. Don't show it and you see the inside of a cell.

And while you're driving around your car has license plates on it which can be scanned from far further than RFID.

Asking to see the license still requires asking. It also requires driving for one to be (legally) provided. RFID allows for scanning a crowd and (potentially) getting a crowd of identities in less than a second.

OCR on license plates are very doable if you control the conditions. Make sure the vehicle is going the desired location and mount the camera in the perfect position. Back that up with occasional human to try and work out those cases where OCR fails. With RFID you put up antennas in a few strategic locations and you cover blocks of traffic without worrying about angles, lighting, and other bothersome conditions.

The potential for abuse is already there. RFID makes it more efficient.

Re:My hat ain't enough

[kaatochacha]

I just received a new US passport. The passport itself has a blurb about being shielded when closed. Don't know if this is true or not, as I haven't checked it myself, but the covers feel like there's something in them.

Re:Protection

[Anonymous Coward]

I, for one, have. Well, not specifically that model perhaps but I have a wallet I have noticed to (at least nearly) entirely block RFID. Our tickets for public transport operate with cards that have RFID. Strong enough that they can be shown to the receivers in busses, trains, etc. even if the card is inside a wallet that is inside a handbag or something.

When I switched to my current wallet, I noticed that I no longer could get the things to notice the card from inside the wallet even if I touched the receiver with the wallet. The RFID ticket itself continues to work entirely well from outside the wallet so it's not about it...

I haven't throughly tested that it doesn't let anything through but should at least lower the distance from which a chip can be cloned by a lot.

Re:Why?

[Anonymous Coward]

The U.S. you refer to has ceased to exist: http://epic.org/privacy/hiibel/ [epic.org]. The officer still has to have "suspicion" but who isn't suspicious to a cop?

exaggerated description

[SethJohnson]

This fellow doesn't demonstrate cloning anything. He's just reading RFID codes in the video.

Seth

Re:Why?

[RiotingPacifist]

I suspect your laws are similar to what we have in the UK, in theory to pull you over / search you they need reasonable suspicion, in practice they can just make shit up.

Re:My hat ain't enough

[Jherek Carnelian]

I just received a new US passport. The passport itself has a blurb about being shielded when closed. Don't know if this is true or not, as I haven't checked it myself, but the covers feel like there's something in them.

It is true and it is not. Building a faraday cage into the cover was one of the "concessions" they made in response to all the complaints about privacy issues. But... it only really works if the covers are tightly pressed together. Leaving it open a quarter inch or so may be enough to prevent official readers from picking up the RFID, but not enough to protect against someone with a reader with more juice - like anyone who is up to no good will certainly have.

Its a lie

[dlmarti]

The Author claims you can read the SSID and reprogram another tag with this SSID. This is not true. The SSID is not a R/W field. While technically you could create an active device to pretend to be a tag with the fake SSID, it certainly is not trivial.

Re:Why?

[troll8901]

I think in most places drivers license/government ID are now done on plastic cards (not laminated). Getting a color printer for those plastic ID cards will set you back quite a few grand

Just for the sake of argument, I think a consumer CD printer (e.g. Epson R240) can be modified to print onto a piece of rectangle. With the careful use of glossy ink, the end result may fool casual glances.

The only problem, of course, is getting a stack of blank cards that are inkjet printable and looks professional.

Re:Why?

[alecwood]

You can buy blank cards with mag strips on the back for making key cards for mag strip operated door locks.

There's a jig available for the Epson printer CD caddy for doing the credit card sized mini-cd. I use an R200, and the jig hold the CD by its edge, doesn't use the hole in the middle, so doesn't matter of there isn't one

You'd be surprised just how convincing the output from this combination can be.

If you need one with a chip embedded, for visual effect, then there are may suppliers of printable smart cards out there. I got some lovely unprinted Atmega 163's off eBay for playing around with cable TV - they worked a treat for this purpose too.

Re:Why?

[alecwood]

The key to ANPR success in the UK, and why it would be much more difficult to achieve in the US, is contrast.

The typeface, size, letter spacing, text and background colours are rigidly defined in law. Front only black on white is permitted, rear only black on yellow.

OCR is so much easier when you don't have to read purple text on a blue background, or yellow text on a white one

Re:Why?

[mckinnsb]

Fair question, a la the recent XKCD-put motif of "A human target is almost always weaker than the tech". Although I don't think you are looking for an answer, I'll bite, mostly because I'm bored and sick. It depends on your DMV, and your DMV worker.

First, all DMV's I've been to (NY/CT/MA) have CCTV cameras all over the place - so convincing a DMV employee to create a fake ID during work time is probably somewhat difficult. I would not be surprised if the machines used to produce licenses were set to shut down and start up on a time lock. Second, every one of those aforementioned DMVs had one or two resident State Troopers, monitoring those cameras and generally enforcing the law. It's not as if you would really need a plurality of civilian witnesses to bring a conviction down on someone, as one cop who is deployed to lawfully perform that specific purpose should do it, and most DMV employees would recognize that risk. Third, the penalty for doing so is a felony for both parties involved, and you cannot work for the DMV (or most government agencies AFAIK) with a felony, so the people at the DMV are probably not career criminals. Fourth, you don't really need a college education to work at the DMV (for most positions) and the DMV pays fairly decent for a HS grad job, so most DMV workers would need a hefty sum of money or a heavy arm twisting to be persuaded to create a false ID; it's a good livelihood with fairly decent job security as long as you can deal with your customers. The ones who do not have college educations would probably like to keep their job and a felony off their record, because most other high-paying HS grad jobs will not look on a felony kindly after you get kicked out of the DMV and released from jail. The ones who have college educations are probably smart enough to know that they would probably get caught, and have other options available to them if they are in need of more money that would quickly shrink in number if they were convicted of a felony.

All said and done, convincing a DMV employee to produce a fake license for you is still a lot harder than making an $250 dollar RFID ripper, which probably won't be CCTV monitored, brought to the policies attention, or land you in danger of acquiring a felony on your record.