Wired Magazine is running an article about the very real dangers of Radio Frequency Identification (RFID) chips. The average consumer best knows this technology as what makes systems like ExxonMobil's SpeedPass and automatic thruway toll paying possible, but in the next few years the prevalence of these chips will be increasing dramatically as they're integrated into everything from price tags to the forthcoming US passports.
The danger of RFID chips is that most of them are not encrypted, and will yield up whatever information they carry to anyone with the right hardware. This makes it possible not only to clone chips (and, say, buy gas with someone else's SpeedPass), but also to read and write data to these chips (perhaps making it possible to track a car via its EZ Pass transponder).
Most worrying, the next generation of US passports will integrate RFID technology that, though it is claimed as secure by the government, may actually be hackable, according to technology experts.
"We believe the new US passport is probably vulnerable to a brute-force attack," [says Ari Juels, research manager at the high tech security firm RSA Labs]. "The encryption keys in them will depend on passport numbers and birth dates. Because these have a certain degree of structure and guessability, we estimate that the effective key length is at most 52 bits. A special key-cracking machine could probably break a passport key of this length in 10 minutes."
[via Slashdot ]