The danger of RFID chips is that most of them are not encrypted, and will yield up whatever information they carry to anyone with the right hardware. This makes it possible not only to clone chips (and, say, buy gas with someone else’s SpeedPass), but also to read and write data to these chips (perhaps making it possible to track a car via its EZ Pass transponder).
Most worrying, the next generation of US passports will integrate RFID technology that, though it is claimed as secure by the government, may actually be hackable, according to technology experts.
“We believe the new US passport is probably vulnerable to a brute-force attack,” [says Ari Juels, research manager at the high tech security firm RSA Labs]. “The encryption keys in them will depend on passport numbers and birth dates. Because these have a certain degree of structure and guessability, we estimate that the effective key length is at most 52 bits. A special key-cracking machine could probably break a passport key of this length in 10 minutes.”
[via Slashdot ]