Radio Frequency ID [RFID] chip technologies are "too vulnerable in too many ways," says Chris Paget, ethical hacker and partner for H4RDW4RE, a new company creating privacy and security solutions to existing RFID problems in the marketplace.
The public is somewhat aware of RFID or Radio Frequency ID technologies commissioned for national identity documents: passports, Enhanced Drivers Licenses, TWIC cards, Speed Passes and even Tribal Identity Cards. Unfortunately, RFID as a government sanctioned technology earned a big brother reputation from its ability to track a persons location, storing and conveying private information from 20 - 30 feet away.
Chris Paget, a technology penetration consultant, found the Western Hemisphere Travel Initiative [WHTI] compliant RFID tags especially troublesome. He began doing live demonstrations exposing identity security flaws RFIDs had on average cardholders. Then Chris Paget and his business partner Tim Mullen formed H4RDW4RE.com. They have made it their business to demonstrate exactly how insecure Western Hemisphere compliant RFID chips can be for people to possess in identity cards, smart-contactless cards and credit cards.
In this interview, the H4RDW4RE team explains the benefits of technology penetration testing or "ethical hacking" for investors and adopters.One of Paget's demonstrations went viral via YouTube in February, blowing apart any faint notion of RFID's billing as a secure identity technology. Equipped with only a $250 signal reader and a conventional laptop which he cloned or copied private passport information from a parked car in San Francisco.
H4RDW4RE recently featured high profile demonstrations at 2009 conventions, DefCon & Black Hat. They continue to invent solutions for the security problems and risks ordinary people face from identity technologies present in U.S. passports and other public cards.