Passport RFIDs cloned wholesale by $250 eBay auction spree - By Dan
Goodin in San Francisco
Posted in Security, 2nd February 2009 06:02 GMT
Using inexpensive off-the-shelf components, an information security
expert has built a mobile platform that can clone large numbers of the
unique electronic identifiers used in US passport cards and next
generation drivers licenses.
The $250 proof-of-concept device - which researcher Chris Paget built in
his spare time - operates out of his vehicle and contains everything
needed to sniff and then clone RFID, or radio frequency identification,
tags. During a recent 20-minute drive in downtown San Francisco, it
successfully copied the RFID tags of two passport cards without the
knowledge of their owners.
Paget's contraption builds off the work of researchers at RSA and the
University of Washington, which last year found weaknesses in US
passport cards and so-called EDLs, or enhanced drivers' licenses. So
far, about 750,000 people have applied for the passport cards, which are
credit card-sized alternatives to passports for travel between the US
and Mexico, Canada, the Caribbean, and Bermuda. EDLs are currently
offered by Washington and New York states.
"It's one thing to say that something can be done, it's another thing
completely to actually do it," Paget said in explaining why he built the
device. "It's mainly to defeat the argument that you can't do it in the
real world, that there's no real-world attack here, that it's all
theoretical.
Use of the cards is expected to rise as US officials continue to
encourage their adoption. Civil liberties groups have criticized the
cards and a travel industry association has called on the federal
government to suspend their use until the risks can be better understood.
The cards make use of the RFID equivalent of optical barcodes known as
electronic product code tags, which are widely used to track cattle and
merchandise as it's shipped and then stored in warehouses. Because the
technology employs no encryption and can be read from distances of more
than a mile, the tags are highly susceptible (PDF) to cloning and
tracking, researchers have concluded.
Paget's device consists of a Symbol XR400 RFID reader (now manufactured
by Motorola), a Motorola AN400 patch antenna mounted to the side of his
Volvo XC90, and a Dell 710m that's connected to the RFID reader by
ethernet cable. The laptop runs a Windows application Paget developed
that continuously prompts the RFID reader to look for tags and logs the
serial number each time one is detected. He bought most of the gear via
auctions listed on eBay.
And if you read on, we'll show you video proof that the thing actually
works.
He plans to release the software's source code during a demonstration at
the Shmoocon hacker convention to be held later this month in Washington.
Paget's device has a range of about 30 feet, making it ideal for
discretely skimming the EDL and passport card tags of people who pass by
his vehicle. With modifications, Paget says his device could read RFID
identifiers that are more than a mile away. The antenna was concealed by
the vehicle's tinted window, and the PC and RFID reader fit well below
the eye line, making it virtually undetectable by passersby.
To be sure, the RFID tags contain no personally identifiable
information, but rather what amounts to a record pointer to a secure
Department of Homeland Security database. But because the pointer is a
unique number, the American Civil Liberties Union and other civil
libertarians warn the cards are still susceptible to abuse, especially
if their RFID tags can be read and captured in large numbers. Cloning
the unique electronic identifier is the first step in creating
fraudulent passport cards, they say.
The cards also amount to electronic license plates that could be used to
conduct clandestine surveillance. Law enforcement officials could scan
them at political rallies and then store them in databases. The tags
could also be correlated to other signals, such as electronic toll-booth
payment systems or RFID-based credit cards, to track the detailed
movements of their holders.
Not that the Feds Care
Officials with the US Customs and Border Protection Department say they
have no plans to overhaul the technology used in passport cards. RFID
signals allow border agents to process travelers more quickly and bring
an added level of security to the process, spokeswoman Kelly Ivahnenko
said. The cards come with protective sleeves that prevent the RFID tags
from being readable, she added, and even if they are captured, she said
there is little anyone can do with the information.
"From our standpoint the privacy issues have been misrepresented and
blown out of proportion," she told The Reg. "Anytime that you have a new
technology and use it in a new way, there are always going to be far-out
ways to use information nefariously. We want travelers to be aware of
the technology and to know how it works so that they can be comfortable
using it."
A spokesman from the US State Department - which processes applications
for passport cards and then issues them - declined to comment.
But critics contend the risks are real, especially if RFID-enable
identification becomes universal.
"Just like a social security number, the unique identifier number on
this document must be properly safeguarded,
Technology and Civil Liberties policy director of the ACLU of Northern
California. "If it falls into the wrong hands, it can be used for
tracking, stalking, identity theft, and counterfeiting. If the
government continues to stick its head in the sand and ignore the very
real privacy and security threats that researchers, civil liberties
organizations, and even industry groups have repeatedly brought to its
attention, the American people will pay a very high price." ®
http://www.theregis
also from
http://www.engadget
Read -- Western Hemisphere Travel Initiative
<http://www.dhs.
Read -- RFID passports cloned
<http://www.theregis
Monday, 2 February 2009
Posted by Britannia Radio at 13:10