Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1841 posts

Uber Geek
+1 received by user: 111


# 179103 26-Aug-2015 12:38
Send private message

Another thing I noticed in the UK whilst out and about was more people using this "hold your phone up " to pay your bill at the checkout.

In keeping with that was a concern by some of phones being "read"

This apparently is overcome by products like "Scannerguard" and little aluminum wallets etc.

I have various cards now that have a RFID "chip" in them and of course both my UK and Oz passports apparently have this technology in.

So

Is this just a beat up or is it something we should be concerned about?





Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me


Create new topic
2091 posts

Uber Geek
+1 received by user: 849


  # 1374564 26-Aug-2015 12:52
Send private message

Each implementation is different, but newer RFID cards tend to use half decent crypto to make them harder to impersonate.

That being said, no system is perfect - you can be as paranoid as you feel comfortable being. if you are going to a Blackhat convention - wrap everything in lead-lined tin foil, in a concrete bunker, 1km underground. Day to day - I don't really worry too much.

The phone thing is similar tech but adds the whole software/mobile OS layer that can also be done badly and/or compromised, but also allows the NFC chip part to be turned off when not in use making it more challenging.

BDFL - Memuneh
63583 posts

Uber Geek
+1 received by user: 14064

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1374602 26-Aug-2015 13:44
Send private message
 
 
 
 


12867 posts

Uber Geek
+1 received by user: 4305

Trusted
Lifetime subscriber

  # 1374671 26-Aug-2015 14:55
Send private message

Scottevest make a number of tech-enabled clothing items that include RFID blocking pockets.





483 posts

Ultimate Geek
+1 received by user: 286

Trusted

  # 1374689 26-Aug-2015 15:04
Send private message

gnfb:I have various cards now that have a RFID "chip" in them and of course both my UK and Oz passports apparently have this technology in.


Yes, anybody can read a passport, you open up it's pages and the data is printed on the pages.

That is rather the point, that you can show your passport to somebody and they can read it and use it to verify you.

The electronic version has a public read key so a border-guard can read the public key using an OCR, then use NFC to read the rest of the data.

The write keys are an entirely different matter and very closely guarded by the various agencies.



1841 posts

Uber Geek
+1 received by user: 111


  # 1374743 26-Aug-2015 16:47
Send private message

roobarb:
gnfb:I have various cards now that have a RFID "chip" in them and of course both my UK and Oz passports apparently have this technology in.


Yes, anybody can read a passport, you open up it's pages and the data is printed on the pages.

That is rather the point, that you can show your passport to somebody and they can read it and use it to verify you.

The electronic version has a public read key so a border-guard can read the public key using an OCR, then use NFC to read the rest of the data.

The write keys are an entirely different matter and very closely guarded by the various agencies.


Thanks for pointing that out I didn't realize  you could open the passport and read it!

And that is what the border-guard does when he opens the passport looks at it then looks at me ..ok

helpful thank you

Its good to know that the write keys are closely guarded as well no chance of them getting in the public domain...




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me




1841 posts

Uber Geek
+1 received by user: 111


  # 1374744 26-Aug-2015 16:49
Send private message

freitasm: Visited that website and there are so many errors there I wonder if that thing really works...



Reminded me of a magician "nothing up my sleeve!"




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me


2374 posts

Uber Geek
+1 received by user: 384

Trusted

  # 1374751 26-Aug-2015 16:57
Send private message

gnfb: Another thing I noticed in the UK whilst out and about was more people using this "hold your phone up " to pay your bill at the checkout.

In keeping with that was a concern by some of phones being "read"

This apparently is overcome by products like "Scannerguard" and little aluminum wallets etc.

I have various cards now that have a RFID "chip" in them and of course both my UK and Oz passports apparently have this technology in.

So

Is this just a beat up or is it something we should be concerned about?



Reading the RFID on passports is easy but you need to know the Passport Machine readable Key in the 1st place (The numbers down the bottom of the main page there)
The Information (including the picture) is then readable but this is 100% the same information as printed on the physical passport.

If someone has this number then they would have had your passport in the first place so no need to read it via RFID.



 
 
 
 


483 posts

Ultimate Geek
+1 received by user: 286

Trusted

  # 1374873 26-Aug-2015 20:30
Send private message

gnfb: Its good to know that the write keys are closely guarded as well no chance of them getting in the public domain...


About the same chance as somebody getting the master Visa and MasterCard keys. 

SIMs, EMV cards and Passports all use very similar JavaCard technology and one would expect them to use derived keys.

If master keys were compromised then one would expect to see existing cards cancelled and compulsory renewal.

A recent public example was the Gemalto hacking incident.


2936 posts

Uber Geek
+1 received by user: 402


  # 1374895 26-Aug-2015 21:50
One person supports this post
Send private message

In terms of credit cards being skimmed from the card or phone, I don't even give it a second thought. If it happens, the bank issues you a new card and deals with the rest. I imagine the process would be the same if it was done from a phone. 

But for something like a passport I don't think there's much risk because you probably won't be carrying it around with you on the streets everyday, and if it was compromised it'd probably be quite hard to make useful. 

If there was anything to be worried about, I think it would be paying with the Chip + PIN method and having to hand your card over to the merchant. A stranger has your card in their hand and it'll be out of your sight for a few moments but that's all it takes. With the contactless you hold the card/phone yourself, can cover it with your hand and you don't have to compromise your PIN. Apple Pay (and some other mobile payment methods?) will use unique card numbers for every transaction, so if the phone was read the card details they get from it will be completely useless anyway.

edit: spelling




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


2152 posts

Uber Geek
+1 received by user: 545


  # 1374937 26-Aug-2015 23:02
Send private message

tardtasticx: In terms of credit cards being skimmed from the card or phone, I don't even give it a second thought. If it happens, the bank issues you a new card and deals with the rest. I imagine the process would be the same if it was done from a phone. 

But for something like a passport I don't think there's much risk because you probably won't be carrying it around with you on the streets everyday, and if it was compromised it'd probably be quite hard to make useful. 

If there was anything to be worried about, I think it would be paying with the Chip + PIN method and having to hand your card over to the merchant. A stranger has your card in their hand and it'll be out of your sight for a few moments but that's all it takes. With the contactless you hold the card/phone yourself, can cover it with your hand and you don't have to compromise your PIN. Apple Pay (and some other mobile payment methods?) will use unique card numbers for every transaction, so if the phone was read the card details they get from it will be completely useless anyway.

edit: spelling


I believe PayWave also has something similar, Each time it is used the data changes (the chip)

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Epson launches new 4K Pro-UHD projector technology
Posted 1-Jun-2019 15:26


Lenovo and Qualcomm unveil first 5G PC called Project Limitless
Posted 28-May-2019 20:23


Intel introduces new 10th Gen Intel Core Processors and Project Athena
Posted 28-May-2019 19:28


Orcon first to trial residential 10Gbps broadband
Posted 28-May-2019 11:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.