Wednesday, 9 August 2006
RFID passports cloned and shown to be poorly shielded
I wasn't there, but at a hacker conference last weekend in Las Vegas, two different security research groups publicly demonstrated major vulnerabilities in the RFID passports now beginning to be issued by the USA and many other countries.
Using a new German passport (based on the same ISO14443 and ICAO document 9303 specifications as the new USA passports with RFID chips), Lukas Grunwald of DN-Systems showed how the data on the RFID chip in each of these passports could be remotely read, copied onto another off-the-shelf blank chip, and used to fool an RFID reader .
After Grunwald's demonstration some RFID proponents claimed that the encryption of most of the data on the chip (although not the unique chip ID number broadcast in the clear ) would prevent the use of a cloned RFID passport chip for digital impersonation -- conveniently forgetting that the encryption has already been cracked .
At least as significant, but much less widely publicized, was another report on tests by Flexilis of the RF shielding in the outer covers of the RFID passports, which has been heavily advertised by the USA State Department as "preventing" reading of the RFID chip unless the passport is deliberately opened.
The graph on page 2 of the experimental results shows that an RFID passport "shielded" according to the current standard could be read from 4 (10 cm) inches away (e.g. by someone bumping against the outside of the victims' pocket or purse with an RFID reader in a piece of luggage) if the covers gapped open as much as 1/2 inch (1.2 cm) at their outer edges, as could easily happen inadvertently. Even a 1/4 inch (7 mm) gap between the outer edges of the passport covers allowed reading from 1 1/2 inches (4 cm) away, well within the plausible range of a approach for a "bump" attack through clothing or a purse. And as has already been demonstrated , the distances at which the chips can be read will likely continue to increase with improved readers during the 10-year validity of RFID passports now being issued.
If you want a new USA passport (valid for the next 10 years) without an RFID chip, apply for one now . You probably just barely have time, if you do so immediately. When you get your new passport, check for the RFID logo on the front cover; if you find it, please let me know right away when and by which office your passport was issued, so I can spread the word.
And if you do get stuck with an RFID passport, don't rely on adequate shielding being built into the cover. Keep it wrapped in electrically conductive mylar or aluminum foil, or in one of these RF-shielding cases whenever you don't want it read.Link | Posted by Edward on Wednesday, 9 August 2006, 07:41 ( 7:41 AM) | TrackBack (0)