You're confident your RFID passport is safe in its signal-blocking wallet as
you pass through immigration. What you don't know is that the man behind you
is recording the data sent by your passport's RFID chip as it is
scanned.Your name, nationality, gender, birthday, birthplace and a nicely
digitized photo is in his hands. With that info he can photoshop up a
passport, get a copy of your Social Security card and with that get credit
cards and bank accounts in your name.
*Rewarding individual enterprise*
Thanks to bureaucratic confidence in RFID technology this is a real threat.
An article in the Communications of the Association for Computing Machinery
<http://cacm.acm.org/magazines/2009/12/52836-a-threat-analysis-of-rfid-passports/fulltext>
goes into the details:
For successful data retrieval the perpetrator's antenna must catch
two different interactions: the forward channel, which is the signal
being sent from the RFID reader to the RFID token; and the backward
channel, which is the data being sent back from the RFID token to
the RFID reader. . . .
. . . the perpetrator would need only an antenna and an amplifier to
boost the signal capture, a radio-frequency mixer and filter, and a
computer to store the data. The amplifier itself would not even need
to be that powerful, since it would need to boost the signal over
only a short distance of three to five meters. . . . These RFID
"sniffers" can then be plugged into a laptop via a USB port.
*They've got your data, now what?*
The weak 52-bit key encryption is easily broken. Then just counterfeit the
passport, get a social security card and start shopping!
As the article notes, forging a passport can be expensive. It might be
easier just to steal it.
*The Storage Bits take*
The RFIDiocy keeps getting worse. The Feds were pwnd at DefCon
<http://blogs.zdnet.com/storage/?p=565> earlier this year.
But these are just the risks we know about today. What new technologies will
appear in the next 15 years to make both eavesdropping and forgery easier?
The RFID passport is a technological sitting duck for bad guys of all
kinds - criminals and terrorists - courtesy of the US State Department. As I
noted in previous post:
The time to end this nonsense is now. There are perfectly usable
non-RF storage technologies - like 3D barcodes - that can safely
store data in hard to crack, hard to hack formats.
We can do better. And we must.
Robin HarrisRobin Harris has been messing with computers for over 30 years
and selling and marketing data storage for over 20 in companies large and
small. See his full profile <http://blogs.zdnet.com/bio.php#harris> and
disclosure <http://blogs.zdnet.com/storage/?page_id=154> of his industry
affiliations.
http://blogs.zdnet.com/storage/?p=713&tag=nl.e550
> You're confident your RFID passport is safe in its signal-blocking
> wallet as you pass through immigration. What you don't know is that the
> man behind you is recording the data sent by your passport's RFID chip
> as it is scanned.Your name, nationality, gender, birthday, birthplace
> and a nicely digitized photo is in his hands. With that info he can
> photoshop up a passport, get a copy of your Social Security card and
> with that get credit cards and bank accounts in your name.
>
Any evidence that anyone has done this yet?
I don't mean someone has done something clever in a lab, I mean a
criminal stealing an identity via a passport at an airport.
--
William Black
"Any number under six"
The answer given by Englishman Richard Peeke when asked by the Duke of
Medina Sidonia how many Spanish sword and buckler men he could beat
single handed with a quarterstaff.
And why should I worry about this? The only things that are broadcast are
the things that can be obtained by reading the passport,
I really don't see why anybody sees this as a problem.
Scare mongering for the sake of it
tim
A lot more people are victims of ID theft.
and just how useful is knowing someone's name and date of birth, if you
don't know their address?
tim
>
>
> and just how useful is knowing someone's name and date of birth, if you
> don't know their address?
>
At least in the US, if you the date of birth it makes it a lot
easier to get addresses.
--
To find that place where the rats don't race
and the phones don't ring at all.
If once, you've slept on an island.
Scott Kirby "If once you've slept on an island"
I agree
This is a circular argument
If there is a publicly accessible database that enables you to find
someone's address from a name and date of birth, then there is also a
publicly accessible database that enables someone to find a date of birth
from an address and a name.
ISTM that the ID thief is far more likely to have the name and address of
the person who they wish to target than their name and date of birth. So,
it is the accessibility of this database that is the major risk factor here,
not the fact that chipped passports are potentially insecure.
tim
"Your name, nationality, gender, birthday, birthplace and a nicely
digitized photo is in his hands. With that info he can photoshop up a
passport, get a copy of your Social Security card and with that get credit
cards and bank accounts in your name."--Such useful databases include Nexis
and others that charge even more and provide far more information.
>
> ISTM that the ID thief is far more likely to have the name and address of
> the person who they wish to target than their name and date of birth. So,
> it is the accessibility of this database that is the major risk factor
> here, not the fact that chipped passports are potentially insecure.
Such databases are available to the public through workplaces, libraries
and even anyone's home computer., if the price is paid.
> "Kurt Ullman" <kurtu...@yahoo.com> wrote in message
> news:kurtullman-2EAF3...@70-3-168-216.pools.spcsdns.net...
> > In article <7ofpt9F...@mid.individual.net>,
> > "tim...." <tims_n...@yahoo.co.uk> wrote:
> >
> >> and just how useful is knowing someone's name and date of birth, if you
> >> don't know their address?
> >>
> > At least in the US, if you the date of birth it makes it a lot
> > easier to get addresses.
>
> This is a circular argument
Nonsense. You asked how useful it was to get the name and date of birth
if you did not have an address. I said, that at least in the US, name
and dob made finding the address easier.
>
> If there is a publicly accessible database that enables you to find
> someone's address from a name and date of birth, then there is also a
> publicly accessible database that enables someone to find a date of birth
> from an address and a name.
Yeah, but as I outlined that is not my interpretation of the
original statement you made. You seemed to be suggesting that if
someone had a name and dob (from the passport) it would be less than
useful unless they had an address. My suggestion was that what was
available from the passport, made finding the missing piece easier.
>
> ISTM that the ID thief is far more likely to have the name and address of
> the person who they wish to target than their name and date of birth. So,
> it is the accessibility of this database that is the major risk factor here,
> not the fact that chipped passports are potentially insecure.
>
The two go together. You need the chipped passport to start
the process by allowing you to get the first two bits of information.
Now how real any of this, don't know, don't care/
> Any evidence that anyone has done this yet?
Nobody has shot down a civilian airliner with a missile in the U.S. yet, but
that doesn't mean that the risk isn't credible or significant.
> I don't mean someone has done something clever in a lab, I mean a
> criminal stealing an identity via a passport at an airport.
Criminals don't usually announce the sources of the identities they steal.
> and just how useful is knowing someone's name and date of birth, if you
> don't know their address?
For one thing, it makes it a lot easier to find out the person's address. The
more you have, the more you can find. A name attached to a photo is perhaps
some of the most useful information of all.
> If there is a publicly accessible database that enables you to find
> someone's address from a name and date of birth, then there is also a
> publicly accessible database that enables someone to find a date of birth
> from an address and a name.
Right.
> ISTM that the ID thief is far more likely to have the name and address of
> the person who they wish to target than their name and date of birth. So,
> it is the accessibility of this database that is the major risk factor here,
> not the fact that chipped passports are potentially insecure.
These are targets of opportunity, not premeditated targets.
No, I'm suggesting that it's information that they can get from elsewhere so
there's no new security risk form getting it this way
tim
what use is a passport with a photo of someone else
What you need to steal someone's identity, is a passport in their name with
*your* photo
tim
I don't deny this, but my point is you can already obtain this information
without having to risk snooping at airports
>A name attached to a photo is perhaps
> some of the most useful information of all.
Why? For a Photo ID to be useful to you, *you* have to look like the photo.
There are no security systems in place that rely upon someone having a
document with a photo in it, where the photo is of somebody other than the
person holding the document
tim
and so is every person in the phone book.
Why bother taking the risk of getting caught snooping at an airport (for
which you will undoubtedly be charged with a serious terrorist offence if
caught) when you can do virtually risk free snooping in your public library?
tim
> No, I'm suggesting that it's information that they can get from elsewhere so
> there's no new security risk form getting it this way
It MAY (and I am not at all sold) be an ADDITIONAL security risk.
One additional channel to get information that may be useful for
nefarious reasons. How much of an added risk is subject to debate.
> and so is every person in the phone book.
Phone books don't provide as much information as passports.
> Why bother taking the risk of getting caught snooping at an airport (for
> which you will undoubtedly be charged with a serious terrorist offence if
> caught) when you can do virtually risk free snooping in your public library?
See above.
> I don't deny this, but my point is you can already obtain this information
> without having to risk snooping at airports
You can't get pictures or Social Security numbers associated with names.
> Why? For a Photo ID to be useful to you, *you* have to look like the photo.
You might want to find someone, instead of pretending to be someone.
So that's a 'no' then.
Glad to see you're still bonkers Mitzi...
>William Black writes:
>
>> Any evidence that anyone has done this yet?
>
>Nobody has shot down a civilian airliner with a missile in the U.S. yet, but
>that doesn't mean that the risk isn't credible or significant.
There have been attempts to buy the technology to do that.
>There are no security systems in place that rely upon someone having a
>document with a photo in it, where the photo is of somebody other than the
>person holding the document
>
>tim
You're assuming that there are no resemblances between people, that
all the pictures are always scrutinized and that people don't change
at all. I've lost almost 100 lbs. since my id pictures were taken and
have never had a problem being challenged. I do look like a thinner
version of how I looked before but not everyone does. Men grow beards
or shave them; hair is dyed, etc.
You can't get a social security number from a passport either (on the very
simple basis that 90% of the world doesn't have them)
I've already made my point about pictures
tim
Having already established that (in your jurisdiction, not in mine) there is
a searchable database to obtain the rest, then what is available in the
directory is enough to fill in the gaps.
As I've already said, what is available in the passport is insufficient on
its own so you have to search this database anyway. Thus starting at the
directory is equivalent to starting with the passport info.
tim
>
> As I've already said, what is available in the passport is insufficient on
> its own so you have to search this database anyway. Thus starting at the
> directory is equivalent to starting with the passport info.
>
Nope. Because with the passport information you are looking for one
specific person. Otherwise you are essentially looking at random
individuals in the database. Assuming you are not just hanging out at
the airport, cruiseline, hotel, etc, and grabbing everything as it goes
past. Even then, you have some idea of the general demographics of the
person you are targeting based on where you are harvesting.
> You can't get a social security number from a passport either (on the very
> simple basis that 90% of the world doesn't have them)
U.S. passports included Social Security numbers, last time I looked (it has
been a while, though, and I don't know if they are also encoded on the chip).
My current one doesn't and the one I got in '91 did not. The
application has a spot, but that appears only for the use of the IRS.
> My current one doesn't and the one I got in '91 did not.
Look at the string of digits printed across the bottom.
My new one doesn't, I still can't find my old one.
I think you missed out how we got here.
The passport information you are collecting is of the random person who has
just walked through the check at the airport. I don't call this a specific
person.
tim
Bob M.
> Is there really ANY reason at all for believing that this can readily
> be done with equipment small enough to be concealed on
> a person?
Yes. It should be trivially easy. If you can put a GPS receiver in a
wristwatch, you can certainly put an RFID reader or sniffer in a space at
least as small.
So why isn't Radio Shack selling them to every nerd in the world?
> So why isn't Radio Shack selling them to every nerd in the world?
Perhaps because there is no demand, and there might be legal complications as
well.
Don't be bloody silly.
Half the geeks on the planet want something that'll read RFID chips at a
distance.
> Half the geeks on the planet want something that'll read RFID chips at a
> distance.
The device would have to be specific to the application. There are no generic
radios, and likewise, there are no generic RFID readers.
Well, there are generic radios...
http://watkins-johnson.terryo.org/Surveillance-systems/RS-160/RS-160.htm
http://watkins-johnson.terryo.org/WJ-Receivers/WJ-8617.htm
>Don't be bloody silly.
>
>Half the geeks on the planet want something that'll read RFID chips at a
>distance.
I would think that there would be possible liability if not legal
issues.
> Well, there are generic radios...
>
> http://watkins-johnson.terryo.org/Surveillance-systems/RS-160/RS-160.htm
>
> http://watkins-johnson.terryo.org/WJ-Receivers/WJ-8617.htm
Does Radio Shack sell them?
I very much doubt that.
You're restricting the sale of technical equipment.
In a society where you can buy just about any sort of machinery and
device, short of lethal weapons, without a permit it is very unlikely
that this is the case.
Silly child...
It was a sensible response to your asinine post.
--
JohnT
Look children.
All this sort of stuff is freely available if it's made.
That it isn't available means nobody is making it.
That nobody is making it means it can't be done yet.
If you've got proof =of anything different going on then say so and I'll
say 'sorry'.
Otherwise shut up.
>I very much doubt that.
>
>You're restricting the sale of technical equipment.
>
>In a society where you can buy just about any sort of machinery and
>device, short of lethal weapons, without a permit it is very unlikely
>that this is the case.
You underestimate the trial lawyers.
Tell us all about when this has been done to some device that isn't a
weapon.
The British government tried over the years to restrict access to CB
radio and scanner type receivers.
In the end they gave up.
You can't stop people getting hold of this sort of stuff.
> All this sort of stuff is freely available if it's made.
>
> That it isn't available means nobody is making it.
How do you know it's not available? Where do you shop?
> That nobody is making it means it can't be done yet.
Even if nobody were making it, that would hardly mean that it couldn't be
done.
> If you've got proof =of anything different going on then say so and I'll
> say 'sorry'.
>
> Otherwise shut up.
Or else what?
Why do people think that doing one thing automatically
implies that another different thing is possible?
Bob M.
Everywhere.
You know, on the Internet.
>> That nobody is making it means it can't be done yet.
>
> Even if nobody were making it, that would hardly mean that it couldn't be
> done.
In this case it does.
Probably because they're idiots.
> Everywhere.
Nobody shops everywhere.
> Why do people think that doing one thing automatically
> implies that another different thing is possible?
I was not making a generalization. Receiving and decoding multiple GPS
signals is considerably more complex than receiving and decoding a single RFID
reply.
Sophistry.
Tell me where I can buy one or go away you dreadful little fool.
> Sophistry.
No sophistry required here. If your arguments contain holes, I will find
them.
My argument has no hole in this case.
There is no equipment, the trick can't be done, your output is the
deranged maundering of a diseased mind.
Oh, it's been done for years:
"Most commercial RFID tags don't include security, which is expensive: A
typical passive RFID chip costs about a quarter, whereas one with encryption
capabilities runs about $5. It's just not cost-effective for your average
office building to invest in secure chips.
This leaves most RFIDs vulnerable to cloning or - if the chip has a writable
memory area, as many do - data tampering. Chips that track product shipments
or expensive equipment, for example, often contain pricing and item
information. These writable areas can be locked, but often they aren't,
because the companies using RFIDs don't know how the chips work or because
the data fields need to be updated frequently. Either way, these chips are
open to hacking.
"The world of RFID is like the Internet in its early stages," says Ari
Juels, research manager at the high tech security firm RSA Labs. "Nobody
thought about building security features into the Internet in advance, and
now we're paying for it in viruses and other attacks. We're likely to see
the same thing with RFIDs."
David Molnar is a soft-spoken computer science graduate student who studies
commercial uses for RFIDs at UC Berkeley. I meet him in a quiet branch of
the Oakland Public Library, which, like many modern libraries, tracks most
of its inventory with RFID tags glued inside the covers of its books. These
tags, made by Libramation, contain several writable memory "pages" that
store the books' barcodes and loan status.
Brushing a thatch of dark hair out of his eyes, Molnar explains that about a
year ago he discovered he could destroy the data on the books'
passive-emitting RFID tags by wandering the aisles with an off-the-shelf
RFID reader-writer and his laptop. "I would never actually do something like
that, of course," Molnar reassures me in a furtive whisper, as a nonbookish
security guard watches us.
Our RFID-enabled checkout is indeed quite convenient. As we leave the
library, we stop at a desk equipped with a monitor and arrange our
selections, one at a time, face up on a metal plate. The titles instantly
appear onscreen. We borrow four books in less than a minute without
bothering the librarian, who is busy helping some kids with their homework.
Molnar takes the books to his office, where he uses a commercially available
reader about the size and heft of a box of Altoids to scan the data from
their RFID tags. The reader feeds the data to his computer, which is running
software that Molnar ordered from RFID-maker Tagsys. As he waves the reader
over a book's spine, ID numbers pop up on his monitor.
"I can definitely overwrite these tags," Molnar says. He finds an empty page
in the RFID's memory and types "AB." When he scans the book again, we see
the barcode with the letters "AB" next to it. (Molnar hastily erases the
"AB," saying that he despises library vandalism.) He fumes at the Oakland
library's failure to lock the writable area. "I could erase the barcodes and
then lock the tags. The library would have to replace them all."
Frank Mussche, Libramation's president, acknowledges that the library's tags
were left unlocked. "That's the recommended implementation of our tags," he
says. "It makes it easier for libraries to change the data."
For the Oakland Public Library, vulnerability is just one more problem in a
buggy system. "This was mostly a pilot program, and it was implemented
poorly," says administrative librarian Jerry Garzon. "We've decided to move
ahead without Libramation and RFIDs."
But hundreds of libraries have deployed the tags. According to Mussche,
Libramation has sold 5 million RFID tags in a "convenient" unlocked state.
While it may be hard to imagine why someone other than a determined vandal
would take the trouble to change library tags, there are other instances
where the small hassle could be worth big bucks. Take the Future Store.
Located in Rheinberg, Germany, the Future Store is the world's preeminent
test bed of RFID-based retail shopping. All the items in this high tech
supermarket have RFID price tags, which allow the store and individual
product manufacturers - Gillette, Kraft, Procter & Gamble - to gather
instant feedback on what's being bought. Meanwhile, shoppers can check out
with a single flash of a reader. In July 2004, Wired hailed the store as the
"supermarket of the future." A few months later, German security expert
Lukas Grunwald hacked the chips.
Grunwald cowrote a program called RFDump, which let him access and alter
price chips using a PDA (with an RFID reader) and a PC card antenna. With
the store's permission, he and his colleagues strolled the aisles,
downloading information from hundreds of sensors. They then showed how
easily they could upload one chip's data onto another. "I could download the
price of a cheap wine into RFDump," Grunwald says, "then cut and paste it
onto the tag of an expensive bottle." The price-switching stunt drew media
attention, but the Future Store still didn't lock its price tags. "What we
do in the Future Store is purely a test," says the Future Store spokesperson
Albrecht von Truchsess. "We don't expect that retailers will use RFID like
this at the product level for at least 10 or 15 years." By then, Truchsess
thinks, security will be worked out.
Today, Grunwald continues to pull even more-elaborate pranks with chips from
the Future Store. "I was at a hotel that used smartcards, so I copied one
and put the data into my computer," Grunwald says. "Then I used RFDump to
upload the room key card data to the price chip on a box of cream cheese
from the Future Store. And I opened my hotel room with the cream cheese!"
Aside from pranks, vandalism, and thievery, Grunwald has recently discovered
another use for RFID chips: espionage. He programmed RFDump with the ability
to place cookies on RFID tags the same way Web sites put cookies on browsers
to track returning customers. With this, a stalker could, say, place a
cookie on his target's E-ZPass, then return to it a few days later to see
which toll plazas the car had crossed (and when). Private citizens and the
government could likewise place cookies on library books to monitor who's
checking them out.
In 1997, ExxonMobil equipped thousands of service stations with SpeedPass,
which lets customers wave a small RFID device attached to a key chain in
front of a pump to pay for gas. Seven years later, three graduate students -
Steve Bono, Matthew Green, and Adam Stubblefield - ripped off a station in
Baltimore. Using a laptop and a simple RFID broadcasting device, they
tricked the system into letting them fill up for free.
The theft was concocted by Avi Rubin's computer science lab at Johns Hopkins
University. Rubin's lab is best known for having found massive, hackable
flaws in the code running on Diebold's widely adopted electronic voting
machines in 2004. Working with RSA Labs manager Juels, the group figured out
how to crack the RFID chip in ExxonMobil's SpeedPass.
Hacking the tag, which is made by Texas Instruments, is not as simple as
breaking into Van Bokkelen's Sandstorm offices with a cloner. The radio
signals in these chips, dubbed DST tags, are protected by an encryption
cipher that only the chip and the reader can decode. Unfortunately, says
Juels, "Texas Instruments used an untested cipher." The Johns Hopkins lab
found that the code could be broken with what security geeks call a
"brute-force attack," in which a special computer known as a cracker is used
to try thousands of password combinations per second until it hits on the
right one. Using a home-brewed cracker that cost a few hundred dollars,
Juels and the Johns Hopkins team successfully performed a brute-force attack
on TI's cipher in only 30 minutes. Compare that to the hundreds of years
experts estimate it would take for today's computers to break the publicly
available encryption tool SHA-1, which is used to secure credit card
transactions on the Internet.
ExxonMobil isn't the only company that uses the Texas Instruments tags. The
chips are also commonly used in vehicle security systems. If the reader in
the car doesn't detect the chip embedded in the rubbery end of the key
handle, the engine won't turn over. But disable the chip and the car can be
hot-wired like any other.
Bill Allen, director of strategic alliances at Texas Instruments RFID
Systems, says he met with the Johns Hopkins team and he isn't worried. "This
research was purely academic," Allen says. Nevertheless, he adds, the chips
the Johns Hopkins lab tested have already been phased out and replaced with
ones that use 128-bit keys, along with stronger public encryption tools,
such as SHA-1 and Triple DES.
Juels is now looking into the security of the new US passports, the first of
which were issued to diplomats this March. Frank Moss, deputy assistant
secretary of state for passport services, claims they are virtually
hack-proof. "We've added to the cover an anti-skimming device that prevents
anyone from reading the chip unless the passport is open," he says. Data on
the chip is encrypted and can't be unlocked without a key printed in
machine-readable text on the passport itself.
But Juels still sees problems. While he hasn't been able to work with an
actual passport yet, he has studied the government's proposals carefully.
"We believe the new US passport is probably vulnerable to a brute-force
attack," he says. "The encryption keys in them will depend on passport
numbers and birth dates. Because these have a certain degree of structure
and guessability, we estimate that the effective key length is at most 52
bits. A special key-cracking machine could probably break a passport key of
this length in 10 minutes."
I'm lying facedown on an examination table at UCLA Medical Center, my right
arm extended at 90 degrees. Allan Pantuck, a young surgeon wearing running
shoes with his lab coat, is inspecting an anesthetized area on the back of
my upper arm. He holds up something that looks like a toy gun with a fat
silver needle instead of a barrel.
I've decided to personally test-drive what is undoubtedly the most
controversial use of RFIDs today - an implantable tag. VeriChip, the only
company making FDA-approved tags, boasts on its Web site that "this 'always
there' identification can't be lost, stolen, or duplicated." It sells the
chips to hospitals as implantable medical ID tags and is starting to promote
them as secure-access keys.
Pantuck pierces my skin with the gun, delivering a microchip and antenna
combo the size of a grain of long rice. For the rest of my life, a small
region on my right arm will emit binary signals that can be converted into a
16-digit number. When Pantuck scans my arm with the VeriChip reader - it
looks sort of like the wand clerks use to read barcodes in checkout lines -
I hear a quiet beep, and its tiny red LED display shows my ID number.
Three weeks later, I meet the smartcard-intercepting Westhues at a greasy
spoon a few blocks from the MIT campus. He's sitting in the corner with a
half-finished plate of onion rings, his long blond hair hanging in his face
as he hunches over the cloner attached to his computer.
Because the VeriChip uses a frequency close to that of many smartcards,
Westhues is pretty sure the cloner will work on my tag. Westhues waves his
antenna over my arm and gets some weird readings. Then he presses it lightly
against my skin, the way a digital-age pickpocket could in an elevator full
of people. He stares at the green waveforms that appear on his computer
screen. "Yes, that looks like we got a good reading," he says.
After a few seconds of fiddling, Westhues switches the cloner to Emit and
aims its antenna at the reader. Beep! My ID number pops up on its screen. So
much for implantable IDs being immune to theft. The whole process took 10
minutes. "If you extended the range of this cloner by boosting its power,
you could strap it to your leg, and somebody passing the VeriChip reader
over your arm would pick up the ID," Westhues says. "They'd never know they
hadn't read it from your arm." Using a clone of my tag, as it were, Westhues
could access anything the chip was linked to, such as my office door or my
medical records.
John Proctor, VeriChip's director of communications, dismisses this problem.
"VeriChip is an excellent security system, but it shouldn't be used as a
stand-alone," he says. His recommendation: Have someone also check paper
IDs.
But isn't the point of an implantable chip that authentication is automatic?
"People should know what level of security they're getting when they inject
something into their arm," he says with a half smile.
They should - but they don't. A few weeks after Westhues clones my chip,
Cincinnati-based surveillance company CityWatcher announces a plan to
implant employees with VeriChips. Sean Darks, the company's CEO, touts the
chips as "just like a key card." Indeed."
--wired.com
Not at any range and not covertly.
And wandering the book shelves of a library with a laptop isn't 'covert'...
> Not at any range and not covertly.
The article describes a large number of proofs of concept.
> And wandering the book shelves of a library with a laptop isn't 'covert'...
But doing it with a PDA in your pocket is.
In summary, it can be done, and it has been done. The security of RFID is
poor, and what little security it provides is easy to overcome.
No it hasn't.
So far nobody has been shown to do anything that isn't perfectly legal
and overt.
I'm not saying it won't be done, and it may well be done in the near
future, but so far nobody has done it, except possibly a major
intelligence agency, and you can't hide secrets from them whatever you
do...