UPDATES ON TWITTER: arudoudebito
Hi Blog. Last May I put out an article in the Japan Times about the (now approved) IC Chips in revamped Gaijin Cards. How they would enable the police forces to remotely track foreigners in a crowd, and how data would be less secure from hackers.
Not unsurprisingly, I was told I was exaggerating. But it’s hard in this day to exaggerate the reach and rate of development of technological advances (who would have thought we would have this very medium to communicate through a little over ten years ago?). So here are some sources showing how 1) ID Chips and RFID technology is eminently hackable and remotely trackable, 2) how police already have IC scanning ability in their walkie-talkies, and 3) how the Japanese police in particular are using ID cards beyond their originally-intended purpose to track crime. I don’t think I was exaggerating at all. Arudou Debito in Sapporo
Chips in official IDs raise privacy fears (excerpt)
By TODD LEWAN
Posted on San Jose Mercury News: 07/11/2009 09:37:12 AM PDT, courtesy TJL.
Complete article at http://www.mercurynews.com/breakingnews/ci_12816946
Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he’d bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car.
It took him 20 minutes to strike hacker’s gold.
Zipping past Fisherman’s Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians’ electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he’d “skimmed” the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet.
Embedding identity documents — passports, drivers licenses, and the like — with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country.
But Paget’s February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent.
He filmed his drive-by heist, and soon his video went viral on the Web, intensifying a debate over a push by government, federal and state, to put tracking technologies in identity documents and over their potential toerode privacy.
Putting a traceable RFID in every pocket has the potential to make everybody a blip on someone’s radar screen, critics say, and to redefine Orwellian government snooping for the digital age.
Mark Roberti, editor of RFID Journal, an industry newsletter, recently acknowledged that as the use of RFID in official documents grows, the potential for abuse increases.
“A government could do this, for instance, to track opponents,” he wrote in an opinion piece discussing Paget’s cloning experiment. “To date, this type of abuse has not occurred, but it could if governments fail to take privacy issues seriously.”
Imagine this: Sensors triggered by radio waves instructing cameras to zero in on people carrying RFID, unblinkingly tracking their movements.
Unbelievable? Intrusive? Outrageous?
Actually, it happens every day and makes people smile — at the Alton Towers amusement park in Britain, which videotapes visitors who agree to wear RFID bracelets as they move about the facility, then sells the footage as a keepsake.
This application shows how the technology can be used effortlessly — and benignly. But critics, noting it can also be abused, say federal authorities in the United States didn’t do enough from the start to address that risk.
The first U.S. identity document to be embedded with RFID was the “e-passport.”
In the wake of the Sept. 11 attacks — and the finding that some of the terrorists entered the United States using phony passports — the State Department proposed mandating that Americans and foreign visitors carry “enhanced” passport booklets, with microchips embedded in the covers.
The chips, it announced, would store the holder’s information from the data page, a biometric version of the bearer’s photo, and receive special coding to prevent data from being altered.
In February 2005, when the State Department asked for public comment, it got an outcry: Of the 2,335 comments received, 98.5 percent were negative, with 86 percent expressing security or privacy concerns, the department reported in an October 2005 notice in the Federal Register.
“Identity theft was of grave concern,” it stated, adding that “others expressed fears that the U.S. Government or other governments would use the chip to track and censor, intimidate or otherwise control or harm them.”
It also noted that many Americans expressed worries “that the information could be read at distances in excess of 10 feet.”
Those concerned citizens, it turns out, had cause.
According to department records obtained by researchers at the University of California, Berkeley, under a Freedom of Information Act request and reviewed by the AP, discussion about security concerns with the e-passport occurred as early as January 2003 but tests weren’t ordered until the department began receiving public criticism two years later.
When the AP asked when testing was initiated, the State Department said only that “a battery of durability and electromagnetic tests were performed” by the National Institute of Standards and Technology, along with tests “to measure the ability of data on electronic passports to be surreptitiously skimmed or for communications with the chip reader to be eavesdropped,” testing which “led to additional privacy controls being placed on U.S. electronic passports … ”
Indeed, in 2005, the department incorporated metallic fibers into the e-passport’s front cover, since metal can reduce the range at which RFID can be read. Personal information in the chips was encrypted and a cryptographic “key” added, which required inspectors to optically scan the e-passport first for the chip to communicate wirelessly.
The department also announced it would test e-passports with select employees, before giving them to the public. “We wouldn’t be issuing the passports to ourselves if we didn’t think they’re secure,” said Frank Moss, deputy assistant Secretary of State for passport services, in a CNN interview.
But what of Americans’ concerns about the e-passport’s read range?
In its October 2005 Federal Register notice, the State Department reassured Americans that the e-passport’s chip — the ISO 14443 tag — would emit radio waves only within a 4-inch radius, making it tougher to hack.
Technologists in Israel and England, however, soon found otherwise. In May 2006, at the University of Tel Aviv, researchers cobbled together $110 worth of parts from hobbyists kits and directly skimmed an encrypted tag from several feet away. At the University of Cambridge, a student showed that a transmission between an e-passport and a legitimate reader could be intercepted from 160 feet.
The State Department, according to its own records obtained under FOIA, was aware of the problem months before its Federal Register notice and more than a year before the e-passport was rolled out in August 2006.
“Do not claim that these chips can only be read at a distance of 10 cm (4 inches),” Moss wrote in an April 22, 2005, e-mail to Randy Vanderhoof, executive director of the Smart Card Alliance. “That really has been proven to be wrong.”
The chips could be skimmed from a yard away, he added — all a hacker would need to read e-passport numbers, say, in an elevator or on a subway.
Other red flags went up. In February 2006, an encrypted Dutch e-passport was hacked on national television, with researchers gaining access to the document’s digital photograph, fingerprint and personal data. Then British e-passports were hacked using a $500 reader and software written in less than 48 hours.
The State Department countered by saying European e-passports weren’t as safe as their American counterparts because they lacked the cryptographic key and the anti-skimming cover.
But recent studies have shown that more powerful readers can penetrate even the metal sheathing in the U.S. e-passport’s cover.
John Brennan, a senior policy adviser at the State Department’s Bureau of Consular Affairs, concedes it may be possible for a reader to overpower the e-passport’s protective shield from a distance.
However, he adds, “you could not do this in any large-scale, concerted fashion without putting a bunch of infrastructure in place to make it happen. The practical vulnerabilities may be far less than some of the theoretical scenarios that people have put out there.”
That thinking is flawed, says Lee Tien, a senior attorney and surveillance expert with the Electronic Frontier Foundation, which opposes RFID in identity documents.
It won’t take a massive government project to build reader networks around the country, he says: They will grow organically, for commercial purposes, from convention centers to shopping malls, sports stadiums to college campuses. Federal agencies and law enforcement wouldn’t have to control those networks; they already buy information about individuals from commercial data brokers.
“And remember,” Tien adds, “technology always gets better … ”
With questions swirling around the e-passport’s security, why then did the government roll out more RFID-tagged documents — the PASS card and enhanced driver’s license, which provide less protection against hackers?
The RFIDs in enhanced driver’s licenses and PASS cards are nearly as slim as paper. Each contains a silicon computer chip attached to a wire antenna, which transmits a unique identifier via radio waves when “awakened” by an electromagnetic reader.
The technology they use is designed to track products through the supply chain. These chips, known as EPCglobal Gen 2, have no encryption, and minimal data protection features. They are intended to release their data to any inquiring Gen 2 reader within a 30-foot radius.
This might be appropriate when a supplier is tracking a shipment of toilet paper or dog food; but when personal information is at stake, privacy advocates ask: Is long-range readability truly desirable?
The departments of State and Homeland Security say remotely readable ID cards transmit only RFID numbers that correspond to records stored in government databases, which they say are secure. Even if a hacker were to copy an RFID number onto a blank tag and place it into a counterfeit ID, they say, the forger’s face still wouldn’t match the true cardholder’s photo in the database, rendering it useless.
Still, computer experts such as Schneier say government databases can be hacked. Others worry about a day when hackers might deploy readers at “chokepoints,” such as checkout lines, skim RFID numbers from people’s driver’s licenses, then pair those numbers to personal data skimmed from chipped credit cards (though credit cards are harder to skim). They imagine stalkers using skimmed RFID numbers to track their targets’ comings and goings. They fear government agents will compile chip numbers at peace rallies, mosques or gun shows, simply by strolling through a crowd with a reader.
Others worry more about the linking of chips with other identification methods, including biometric technologies, such as facial recognition.
The International Civil Aviation Organization, the U.N. agency that sets global standards for passports, now calls for facial recognition in all scannable e-passports.
Should biometric technologies be coupled with RFID, “governments will have, for the first time in history, the means to identify, monitor and track citizens anywhere in the world in real time,” says Mark Lerner, spokesman for the Constitutional Alliance, a network of nonprofit groups, lawmakers and citizens opposed to remotely readable identity and travel documents.
For now, perhaps. Radio tags in EDLs and passport cards can’t be scanned miles away.
But scientists are working on technologies that might enable a satellite or a cell tower to scan a chip’s contents. Critics also note advances in the sharpness of closed-circuit cameras, and point out they’re increasingly ubiquitous. And more fingerprints, iris scans and digitized facial images are being stored in government databases. The FBI has announced plans to assemble the world’s largest biometric database, nicknamed “Next Generation Identification.”
“RFID’s role is to make the collection and transmission of people’s biometric data quick, easy and nonintrusive,” says Lerner. “Think of it as the thread that ties together the surveillance package.”
THE NEXT GENERATION OF POLICE WALKIE TALKIES
Courtesy of Ben
Police Service Terminal JT6810-C series (excerpt)
1 PDA palmtop computer
2 Number pad
3 EDGE 2.75G wireless communication
4 Global Position System(GPS)
5 Geographic Information System(GIS)
6 800 M digital mobile radio line
7 IC card reader
8 Digital vidicon
9 Digital sound recorder
IC card reader
* Read the information of IC card in display screen
* Rewrite data
Radio Frequency Identification(RFID)
* No need to touch against the device
Tobacco maker group hands over taspo user data to prosecutors
Japan Today, Monday 27th July, 05:09 AM JST, Courtesy of DR
The Tobacco Institute of Japan, the industry body of tobacco manufacturers, has turned over vending machine use logs on cigarette pack purchases by certain individual smokers to public prosecutors when they requested such information for investigative purposes, informed sources said Sunday. Such logs of ‘‘taspo’’ smart cards included records on when and at which vending machines the smokers bought cigarette packs, as well as their dates of birth, addresses and phone numbers, the sources said.
There has been a case in which the provided logs helped investigators find a person who had evaded some fines, the sources said.
The institute issues to smokers in Japan the taspo cards which entitle its holders to buy cigarette packs at vending machines. Taspo cards are issued only to adults aged 20 and over to block smoking by underage people.
This appears to be the first time that the use of taspo logs by criminal investigative authorities has become public knowledge. The use by such authorities of credit card-related information and mobile phone logs has been known.
The institute handed over taspo logs on a voluntary basis in response to prosecutors’ inquiries based on the Code of Criminal Procedure, but users of taspo cards normally do not assume that there is a possibility their taspo logs may be used in criminal investigations.
Some critics question the appropriateness of handing over such records to criminal investigators from the standpoint of the need to protect personal information, arguing that the institute should inform taspo holders beforehand that it may turn over their logs to third parties.
An institute official told Kyodo News, ‘‘We have kept track of purchases-related logs to check if taspo cards that were stolen or for which reports of loss have been filed may have been used illicitly, and we basically would not provide them to third parties.’’
‘‘But we cannot help turning over such logs as well as the addresses, names, dates of birth and contacts of cardholders to investigative authorities as necessary if the authorities request the logs in writing in line with the Code of Criminal Procedure,’’ the official said.
‘‘Since Article 23 of the rules for taspo cardholders stipulates that cardholders consent to the use of their information by the institute if the institute takes necessary measures to protect the information, we assume that the article also covers logs on their purchases,’’ the official added.
The institute has handed over to investigators such information as the dates of birth, addresses, phone numbers and dates of issuance of taspo cards of certain persons, as well as a list of when and where the cards were used, the sources said.
There have been cases where the institute turned over copies of applications filed by taspo applicants, alongside the copies of their identification cards such as drivers’ licenses which the applicants had attached to the applications.
Taspo logs could help their reviewers figure out what areas cardholders live in and what behavioral patterns they have.
Through the provision of the logs, the Saitama Public Prosecutors Office was able to identify a company where a taspo cardholder who has evaded a fine worked as the cardholder used a vending machine on the company’s premises repeatedly, the sources said.
16 comments on “Update putting the pieces together: upcoming IC Gaijin Cards, RFID hackability, next generation police walkie-talkie, and NPA access to TASPO information”
“e-passport’s chip — the ISO 14443 tag — would emit radio waves only within a 4-inch radius”
“Each contains a silicon computer chip attached to a wire antenna, which transmits a unique identifier via radio waves when “awakened” by an electromagnetic reader”
To be exactly correct, these RFID tags don’t actually “emit” and are not “awakened” They contain no power source of their own at all. How it works is the Reader creates a field that powers the tag. The tag signals it’s data back to the reader by changing how much power it pulls from (how much it loads) the reader’s field.
This is why there is a “limit” to the distance… you have to get enough energy to the RFID tag to power it, and that power decreases with the square of the distance from the reader. Never fear, just have the reader transmit a higher power field and use a directional antenna pointing the direction of your subject.
The cryptography employed is not secure, anyone can download tools to circumvent it (I’ll refrain from linking to the code here…)
It’s too tempting, there is not one single reason why readers would not be used for “security” purposes.
This is the evolution of the 80’s scam where store clerk used to take the credit card’s carbon copy receipt from the trash and use the number to make his own purchases.
If you wanna be protected, and I think you should, wrap your ID in a piece of aluminum foil (available in any convenience store) and no one will be able to read it without your consent (e.g. unfolding it)
unless you have a fairly thick layer, aluminum does not stop RFID transmissions. Rather, it will reduce the range from which you could read an chip. Still useful advice, but to say that it would be completely protected is not completely accurate.
I still contend that the best way to protect yourself from readers is to smash that chip with a hammer. Two good whacks should render it unable to generate a signal.
You don’t need to smash the RFID with a hammer, 3 second in a micro-waves oven melt the RFID enough to make impossible to read the data on it, it also make the destructive operation totally invisible
I like the hammer. microwaving.How about a nail.
Any computer experts know how to crack and see what is actually on these chips?
Destroying the RFID chip in your new gaijin card is not the answer.
Because when the RFID-chippiness starts, and a cop stops you for
“riding a bicycle while gaijin” and your card doesn’t read,
you’re probably going to get taken down to the koban while
they confirm your identity.
Maybe they’ll also ask how your card got damaged.
Well, let us know how it works out for you.
I’ll stick to aluminum (or steel) foil.
With regards to the impending RFID Gaijin cards in Japan.
There is a company that sells a wallet that supposedly works like a
Faraday screen (enclosure formed by conducting material) to defeat the
reading of RFID tags by scanners. Located on the web at:
One could also try using a metal business card case to carry their new
gaijin card to act as a barrier from RFID scanners. Since the Japanese
government is going to have to use passive RFID tags (no battery power,
power derived from the scanner’s RF signal) the business card case
should be an effective barrier.
As far as I can figure, there are only five routine responses for the
Japanese government to counter an RFID barrier:
1. Outlaw any RFID barrier.
2. Make the gaijin card so huge it won’t fit in most wallets or business
3. Ramp up the RF level of the scanner. Since almost all RFID tags
operate in the microwave region, the cops would effectively irradiating
people with much larger microwave levels than they already are.
4. Make the RFID frequency lower in frequency (below microwaves) but the
RFID antenna becomes larger as does the gaijin card holding the RFID
device. Of course the scanner would still be putting out RF energy, but
not at a frequency that would horrify the public like the word
5. The Japanese government could just abandon the RFID if the Japanese
public were informed that the police were irradiating everyone with RF
energy, including pregnant Japanese women, while searching for gaijin
Of course, knowing how the Japanese government operates, they will no
doubt come up with really stupid ways to defeat any RFID barrier such as
having all Gaijins wear their “card” like a name tag.
>unless you have a fairly thick layer, aluminum does not stop RFID transmissions.
I beg to differ. Try to completely wrap your cell phone in piece of aluminum and then try to call it.
Cell phone power is much higher than then the RFID transmitter, but the aluminum is the same.
Try doing that 3 meters from a cell phone tower, though.
A piece of aluminum foil will lower a radio signal received and transmitted of about 60dB (-60dB)
That means that the signal of a typical mobile phone tower with a total output of 1Kw (1000 watts), will be reduced to about 0.001 watt if the receiver is completely wrapped up in a piece of aluminum foil.
That is, if the receiver (the cell phone) is less than 10cm from the tower, otherwise the signal gets lower and lower as the distance increases.
Now, considering that the typical power of an RFID card is measured in milliwatts (thousandth of watt) I would safely assume that the signal generated by the card (if any) will not go anywhere outside the enclosing of the foil.
Also, I would not recommend you to go near a cell phone tower to try what you’ve just said.
With Kw of power on the antenna, your brain won’t last very long.
And also please keep the postings relevant to the subject, we are talking about how to protect your identity, not about unlikely situations of cell phones and towers.
My comment was geared toward making your comparison relevant. Unlike cell towers, RFID card readers are to be used at close distances, and also possibly with directional antennae at power levels presently unknown and perhaps increased to avoid these primative countermeasures. The comparison is what was off-topic, and I pointed that out.
Did you understand what I wrote?
An RFID card is a PASSIVE device, that means it transmit only when it receives power from an outside source (from the guy with the antenna who wants to read your card)
And when it transmits, it does so with only a few milliwatts (thousands of watts)
Now, when you completely wrap up your RFID card in aluminum, the transmitter inside your card won’t be able to send any signal outside the aluminum enclosure (see the numbers in my previous posting) even if, somehow, it receives power from outside.
Sure the bad guy can increase the power of the transmitter, but as I’ve pointed out in my previous posting, you would need about 1000 Watt in order to get 0.001 watt inside the card.
Given that the average microwave oven’s transmitter is about 500 watts, if you go near someone’s pocket with a 1000 watt microwave transmitter I believe they will notice in a nanosecond that you’re up to something.
If for nothing else, when the smell of cooked meat starts spreading around.
And, just a few days behind the discussion here, demonstrated at DEFCON.
No longer a theoretical threat, QED.
Feds at DefCon Alarmed After RFIDs Scanned
By Kim Zetter August 4, 2009 | 9:30 am | Categories: Cybersecurity, DefCon
LAS VEGAS — It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.
But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.
The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.
It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture.
(rest of article at link)
Article from the UK on how to clone (and alter the data contained on) a RFID chipped ID card…
“Embedded inside the card for foreigners is a microchip with the details of its bearer held in electronic form: name, date of birth, physical characteristics, fingerprints and so on, together with other information such as immigration status and whether the holder is entitled to State benefits.
This chip is the vital security measure that, so the Government believes, will make identity cards ‘unforgeable’.
But as I watch, Laurie picks up a mobile phone and, using just the handset and a laptop computer, electronically copies the ID card microchip and all its information in a matter of minutes.
He then creates a cloned card, and with a little help from another technology expert, he changes all the information the card contains – the physical details of the bearer, name, fingerprints and so on. And he doesn’t stop there…”
You’ll just LOVE this one, found it Aug 7th online: http://www.computerweekly.com/Articles/2009/08/06/237215/uk-national-id-card-cloned-in-12-minutes.htm Just imagine what an Akiba-Otaku could do if motivated!
HOWTO kill/block an RFID
POSTED BY CORY DOCTOROW, APRIL 25, 2008 3:49 AM
Instructables have just published their latest installment in their series of HOWTOs inspired by my forthcoming novel Little Brother, a young adult book about kids who use technology to wrest liberty from the Department of Homeland Security. This week, it’s HOWTO block or kill an RFID chip.
-The easiest way to kill an RFID, and be sure that it is dead, is to throw it in the microwave for 5 seconds. Doing this will literally melt the chip and antenna making it impossible for the chip to ever be read again. Unfortunately this method has a certain fire risk associated with it. Killing an RFID chip this way will also leave visible evidence that it has been tampered with, making it an unsuitable method for killing the RFID tag in passports. Doing this to a credit card will probably also screw with the magnetic strip on the back making it un-swipeable.
-The second, slightly more convert and less damaging, way to kill an RFID tag is by piercing the chip with a knife or other sharp object. This can only be done if you know exactly where the chip is located within the tag. This method also leaves visible evidence of intentional damage done to the chip, so it is unsuitable for passports.
-The third method is cutting the antenna very close to the chip. By doing this the chip will have no way of receiving electricity, or transmitting its signal back to the reader. This technique also leaves minimal signs of damage, so it would probably not be a good idea to use this on a passport.
-The last (and most covert) method for destroying a RFID tag is to hit it with a hammer. Just pick up any ordinary hammer and give the chip a few swift hard whacks. This will destroy the chip, and leave no evidence that the tag has been tampered with. This method is suitable for destroying the tags in passports, because there will be no proof that you intentionally destroyed the chip.