jump to navigation

New NEXUS Cards Issued March 8, 2009

Posted by Matthew in NEXUS Card.
Tags: , , , ,
trackback

I recently received a new NEXUS card in the mail. It looks a little less like it was printed with an off-the-shelf card printer and a more like the watermarked, foil-imprinted government ID card you’d expect.

A sample of the new NEXUS card from the Canada Border Services Agency.

A sample of the new NEXUS card from the Canada Border Services Agency.

The domain they send you to activate it in the accompanying letter is a secure website: https://goes-app… (note the ‘S’ after http). Force of habit led me to look right past the S, and type in http://goes-app… I sat there wondering why the page wasn’t loading.  With a quick check later, I realized my mistake. Once on the site, the card can be activated without even logging in; All you are required to do is enter two numbers that are found on the back of the card.

New security features:

  1. Black and white picture, interleaved with color background
  2. Color-changing “North America” foil seal on the top right
  3. Multicolor “Plane, Car, Boat” reflective overlay
  4. RFID-blocking cover (see below)

Even more fun? It came with a copper-lined shield (packaged along side it) to keep it in when not in use. This is the kind of thing that I hope the new RFID credit cards come with. That, or I guess I could always make an RFID-blocking wallet.

This raises some interesting questions: (Yes, it’s tin-foil hat time…)

  1. Since the cards were mailed without being first inserted into the protective covers, how many people could have snooped its contents? Are the card’s contents openly readable like Electronic Drivers’ License (EDLs) or Passport Cards [1,2,3], or encrypted like the US Passport [4]?
    1. An article from SecurityInfoWatch.com about the Security of EDLs and Passport Cards
    2. Watch Chris Paget’s YouTube video, the source of all this controversy around EDL and Passport Cards
    3. Watch Chris Paget’s Schmoocon lecture regarding the technology of his Youtube video [2]. It’s long, but worth the watch; it’s startling.
    4. An article from RFIDUpdate.com about the new Security included in US Passports
  2. Since no login is required to activate a new card, and since an old card would be deactivated immediately, how long would it take someone to notice if one of these mailed packets were lost or stolen? I wasn’t expecting my new card, I’d assume neither were others. If someone were to steal it, they could activate it. This is offset, however, by the comforting fact that customs agents actually LOOK at the picture on the card.

All in all, as far as RFID ID cards go, with the copper-foil-lined holder, it seems secure enough to carry around in my wallet.

Sample NEXUS card from the Canada Border Services Agency used with permission for non-commercial purposes.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: