Ra­dio chips leave visa data un­se­cured; home­land vows to safe­guard sys­tems

The Washington Times Weekly - - National - By Au­drey Hud­son

For­eign visas and in­for­ma­tion on U.S. air­craft pro­tec­tion are vul­ner­a­ble to unau­tho­rizedac­cess­be­cause of short­com­ings in the Home­land Se­cu­rity De­part­ment’s use of tech­nol­ogy, ac­cord­ing to a re­port re­leased on Aug. 21 by the de­part­ment’s in­spec­tor gen­eral.

The re­port says the se­cu­rity is­sues in­volve the use of ra­dio fre­quency iden­ti­fi­ca­tion chips (RFID) and data­bases at three Home­land Se­cu­rity agen­cies.

“Th­ese se­cu­rity-re­lated con­cerns, if not ad­dressed, in­crease the po­ten­tial for unau­tho­rized ac­cess to DHS re­sources and data,” the re­port said. “We iden­ti­fied vul­ner­a­bil­i­ties on data­bases that could be ex­ploited to gain unau­tho­rize­dor un­de­tectedac­cess to sen­si­tive data.”

The re­port was only able to fo­cus on Cus­toms and Border Pro­tec­tion (CBP), Trans­porta­tion Se­cu­rity Ad­min­is­tra­tion (TSA), and the U.S. Vis­i­tor and Im­mi­grant Sta­tus In­di­ca­tor Tech­nol­ogy pro­gram (USVISIT) be­cause the de­part­ment lacks “an ac­cu­rate in­ven­tory of sys­tems us­ing RFID tech­nol­ogy.”

RFID chips use wire­less tech­nol­ogy to store data that can be re­trieved to con­firm the iden­tity of a per­son or lo­ca­tion of an ob­ject through a tiny ra­dio trans­mit­ter.

“The flex­i­bil­ity and porta­bil­ity of RFID tech­nol­ogy and de­vices, as well as the in­for­ma­tion that re­sides on the tags, in­creases the need for se­cu­rity and pri­vacy con­trols,” the re­port said.

The re­port found se­cu­rity con­cerns in pass­word man­age­ment, user ac­cess per­mis­sion and a lack of au­dit­ing in the sys­tems that CBP uses to track for­eign vis­i­tors upon en­try at the two U.S. land borders. The Free and Se­cure Trade (FAST) pro­gram on the Mex­i­can border and the Global En­roll­ment Sys­tem on the Cana­dian border col­lect in­for­ma­tion that is fed into the USVISIT pro­gram, which con­tains per­sonal and bio­met­ric in­for­ma­tion on 17.5 mil­lion for­eign vis­i­tors who have passed through nearly 200 air, land and sea ports.

Home­land of­fi­cials agreed with the in­spec­tor gen­eral’s find­ings and say ad­di­tional se­cu­rity mea­sures will be taken and guide­lines de­vel­oped to se­cure data­bases. The chips are still in the test­ing stage at the TSA to iden­tify air­line pi­lots, track their weapons,car­goand­pas­sen­ger bags.

The in­spec­tor’s gen­eral find­ings on the weapons-track­ing sys­tem was redacted. How­ever, the Fed­eral Flight Deck Of­fi­cer op­er­a­tion that would iden­tify pi­lots and track guns “is cur­rently cap­tur­ing op­er­a­tional data in sup­port of TSA’s mis­sion,” In­spec­tor Gen­eral Richard L. Skin­ner said in a July 7 let­ter to Ed­mund “Kip” Haw­ley, TSA as­sis­tant sec­re­tary.

The weapons-track­ing sys­tem does not use en­cryp­tion and is nei­ther cer­ti­fied or ac­cred­ited for op­er­a­tion, the let­ter said.

The State De­part­ment is us­ing RFID chips in new e-pass­ports for all U.S. cit­i­zens that will be is­sued by the end of this year, de­spite con­cerns the chips canbe eas­ily cloned.

In­fi­neon, aGer­man­com­pany,an­nounced on Aug. 21 that it will sup­ply the tech­nol­ogy for the new­pass­ports, which will con­tain the tiny RFID chips on the back of their cov­ers. Frank Moss, deputy as­sis­tant sec­re­tary for con­sular af­fairs at the State De­part­ment, says In­fi­neon’s epass­port sys­temhas­beenap­proved by the Na­tional In­sti­tute of Stan­dards and Tech­nol­ogy.

How­ever, re­searchers at the Black Hat Brief­ings se­cu­rity con­fer­ence in Las Ve­gas ear­lier this month were able to copy in­for­ma­tion from the chip.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.