In an effort to prevent the passive "skimming" of RFID-enabled cards or passports, the U.S. General Services Administration (GSA) issued a set of test procedures for evaluating electromagnetically opaque sleeves.[135] For shielding products to be in compliance with FIPS-201 guidelines, they must meet or exceed this published standard; compliant products are listed on the website of the U.S. CIO's FIPS-201 Evaluation Program.[136] The United States government requires that when new ID cards are issued, they must be delivered with an approved shielding sleeve or holder.[137] Although many wallets and passport holders are advertised to protect personal information, there is little evidence that RFID skimming is a serious threat; data encryption and use of EMV chips rather than RFID makes this sort of theft rare.[138][139]
DIY: Protect Your Data – US To Launch RFID Passports TODAY. (PDF)
Download File: https://precvicnanon.blogspot.com/?iu=2vGKyh
Once the signal has been recovered, it must be interpreted as data. The difficulty of this step depends entirely on whether and how well the data is encrypted. The encryption key is generated from information on the passportspecifically, the name, date of birth, and passport number. There are reports that this key can be easily cracked (for example, -rfid-passport-encryption-standard-cracked-in-2-hours/) because the algorithm used to produce the key is predictable. An analysis published by the International Association of Cryptologic Research indicates that the entropy of the resulting key is on the order of 52 bits, which, while something of a challenge, is not impossible to crack.4 We assume here that decryption is practical; if it is not, then the possibility of these attacks is minimized.
If the WhatsApp is being used privately by your employees, i.e. not for business use, then again, I would update your data protection policy to reflect this and to call out that employees are using WhatsApp themselves and that its not for work purposes and document that the company should not be held liable for employees using WhatsApp for personal purposes. 2ff7e9595c
Comments