[转载]BlackHat 06 released on terrorist use of RFID passports to identify and
<p>信息来源: Zone-H.ORG</p><p>Are you American? Are you concerned about terrorism? Do you feel in constant danger? Do you think you can be the next target? </p><p>Don't worry, RFID technology in passports is coming to rescue you, helping to keep terrorists away from you. Or maybe not? </p><p>As demonstrated at Black Hat 2006 by <a href="http://www.flexilis.com/">Flexilis inc.</a>, the proposed American RFID passport might be used by terrorists to identify possible targets and automatically detonate bombs... </p><p> </p><p><img title="passbomb1" height="267" alt="passbomb1" hspace="5" src="http://www.zone-h.org/images/stories/aug06/passbomb1.jpg" width="300" align="left" vspace="5" border="0" />To back up their statements, <a href="http://www.flexilis.com/">Flexilis inc.</a> produced a worrying video in wich an unproperly shielded RFID American passport is used to trigger a detonating device. </p><p>This can happen when the passport has its cover opened by a fraction of inch (which is a quite common situation, especially in women's bags... did you ever get your hand trapped by one of those?) thus allowing to be revealed by a RFID scanning device, eventually connected to a bomb-like device. </p><p>The status of the research though it's still at its early stage as the scanning device can recognize the presence of an RFID passport but cannot decrypt yet its nationality. Given the previous experience of the hacker community in successfully decrypting supposed un-decryptable devices, we are quite confident that this obstacle will be soon removed, allowing eventually RFID passports to be remotely queried by unauthorized scanning devices that will soon be able to detect not only the presence but also the nationality of any given RFID passport. </p><p>Even if the video POC it's a bit extreme in its concept, it is a good demonstration on how alternative thinking, typical of hackers but also of asymmetric terrorists (remember 9/11?), can immediately turn a supposed security feauter in a threat feature. </p><p>Click <a href="http://www.youtube.com/watch?v=-XXaqraF7pI" target="_blank">here</a> to see the video </p><p> </p><p> </p>页:
[1]