Fatal Flaw Weakens RFID Passports

fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.

Put away your tinfoil hats...

[phpm0nkey (768038)]

Time to don the full body tinfoil armor!

Re:Put away your tinfoil hats...

[by Anonymous Coward]

  Time to don the full body tinfoil armor!


You must have missed the announcement that all tin foil manufacturers have started putting rfid chips in their products.

Re:Put away your tinfoil hats...

[moro_666 (414422)]

Instead of wearing the tinfoil armour, i suggest you look into the mirror, understand that most of the world really doesn't give a lama's ass about where who and why you are. If people are capable of scanning/tracking your rfid chip, they probably are talented enough to do much more profitable stuff.

Dont let that ego cover you up in tinfoil, try to get in touch with reality for a second ... (and they tell me that i with my 128 bit encryption am being paranoid ... ha!)

Microwave your Passport?

[n76lima (455808)]

So its time to Microwave your new Passport for a few seconds to cook the RFID device, right?

--We don't NEED no stinkin' sig!

Re:Microwave your Passport?

[UTPinky (472296)]

Yep... because tampering with federal documents is always the smartest thing to do...

Re:Microwave your Passport?

[Marillion (33728)]

If the destruction can appear as innocent "wear and tear" one can always feign innocence. It wouldn't put a foil lined document in a microwave, however.

I'm not too worried about the data that's on there. The level of sophistication required to acquire and decrypt my details is pretty high. I'd be more worried about a lightning strike.

This is the scenario that give me the willies: The "ping" scenario. Most of us know about the internet tool called ping. A terrorist (or anyone else with strong motivations against the US) is walking down the streets of Paris or Frankfort or Cairo or wherever looking for Americans. He doesn't care who the American is, he just cares that someone is an American. He walks down the street getting within a foot or two of people until he gets an RFID ping.

RFID Ping == American.
American == Target.

I've yet to hear anyone adequately appease this concern.

Re:Microwave your Passport?

[bastion_xx (233612)]

Well, you could always keep your passport locked in the hotel safe.

Of course, the supposed terrorist could always check:

a) Does the individual wear white tennis shoes (black socks and shorts optional)?
b) Speak in a loud and/or abrasive manner?
c) Stands to the left on an escalator (or any other cultural misqueue)

Being an US citizen and traveling abroad quite often to Europe, it's not too hard picking out my compatriots.

The same can be said for European's in the US. European males -- LOSE THE MAN-CAPRI'S PLEASE! :)

Re:Microwave your Passport?

[Hillgiant (916436)]

RFID Ping == American.
American == Target.

I will do you one better, RFID seaking missile.

Have a nice damn day.

Re:Microwave your Passport?

[MntlChaos (602380)]

How else do you think they'll react when they'll expect a RFID signal and will get none?

They'll assume the RFID chip broke. It happens occasionally. My college has had RFID-based ID cards, and there have been instances when the cards just suddenly stop working. The office in charge of them seemed to know that this occured and was ready to make new cards if needed.

Re:Microwave your Passport?

[krakelohm (830589)]

So what would the point be if they just have to give you another passport? Just sounds like a waste of many peoples time to me.

Re:Microwave your Passport?

[johnpaul191 (240105)]

but if you cook it a second or two longer than needed it will burn the area where the chip is. a chip embedded in a plastic ID card is easier to destroy than one embedded in a basically paper document. did you ever see the pictures of the money people microwave? they have obvious burn marks where the chips supposedly are.

and as also stated, having a non-functional passport may be flagged as possible forgery and lead to bigger issues.

i am just as against the chips as anyone else, but think it through before you react. personally my passport needs to be renewed now so i will do that and not be an early adopter of the RFID model. hopefully any issues will show up and a fix will be worked out before i get a chipped one. by fix i even mean some 3rd party idea of a shielded passport wallet or something if that is what it comes down to.

Re:Microwave your Passport?

[_bug_ (112702)]

did you ever see the pictures of the money people microwave? they have obvious burn marks where the chips supposedly are.

That's been debunked. See here [snopes.com] and here [rfid-weblog.com].

There are no RFID tags in Andrew Jackson's eye [prisonplanet.com].

TFA is inconsistent

[Agelmar (205181)]

TFA is flawed and inconsistent with its own citations. RFID chips in passports can not be read from a distance of 69 feet. If one reads TFA, it links to a Washington Post blog about RFID tags being read from 69 feet at Defcon. If you actually follow the link [washingtonpost.com] and read the story, however, you see:

Los Angeles-based Flexilis set the world record for transmitting data to and from a "passive" radio frequency identification (RFID) card -- covering a distance of more than 69 feet. (Active RFID -- the kind being integrated into foreign passports, for example -- differs from passive RFID in that it emits its own magnetic signal and can only be detected from a much shorter distance.)

The author is misrepresenting articles that he cites! wtf?

Re:TFA is inconsistent

[starrift (864840)]

The RFIDs in the passports are passive. They were to be active but that was canceled. I think you may be "misrepresenting articles."

Re:TFA is inconsistent

[SiliconEntity (448450)]

Los Angeles-based Flexilis set the world record for transmitting data to and from a "passive" radio frequency identification (RFID) card -- covering a distance of more than 69 feet. (Active RFID -- the kind being integrated into foreign passports, for example -- differs from passive RFID in that it emits its own magnetic signal and can only be detected from a much shorter distance.)

This article (from the WaPost blog) is confused. Active RFID has a battery attached to the chip. It has MUCH higher power and MUCH higher range. It can be used for tracking animals in the field and similar purposes. You can receive a signal from hundreds of yards away or even more. It's really unlimited depending on how much power you use.

Passive RFID has no internal power supply. It gets power from the radio signal that is used to query it. These chips have a much lower range. Generally, the power required to query a passive RFID goes as the fourth power of the distance. I can't imagine successfully querying one of these things from 70 feet. That is some pretty impressive antenna technology, either that or they were using a microwave beam so intense that it would be dangerous to get in front of it.

AFAIK all passports would be passive RFID. Nobody has proposed to put batteries in them, because of battery lifetime issues among other problems.

Re:TFA is inconsistent

[drinkypoo (153816)]

Besides, as the blurb says, they can't be read unless the passport is open. So long as you keep it shut they can't read it at all.

Do you really believe that? [mit.edu]

What a surprise.

[iainl (136759)]

As with the UK's attempts to push through ID cards, the politicians in charge have at best a vague fuzzy idea of what the technology can do, but it sounds funky so let's do it anyway.

Tiny details like monumental security problems and the things plain not working don't exist in the simplified pitch they get from their lobbyists, so they continue to push it through anyway, on the grounds that it's "Anti-Terror".

You don't support Terror, do you?

So...

[LiquidCoooled (634315)]

this magical RFID device needs to be opened manually, looked at, checked, optically scanned and then finally used as RFID to get the digital picture and print from the device?

This is going to take 3x longer and be prone to more failures surely?
This is a benefit how?

Surely a 2d barcode would be better, or just use old tech mag swipe?

Stupid mofo imbeciles.

Re:So...

[avdp (22065)]

I don't think the handling speed is, or has ever been a concern. After all, they started taking pictures and finger prints of many passengers coming into the US. Hardly a speedy process.

The point of the new passports are twofold: raise the bar on forgers (it's always a cat and mouse game) and carry verifiable biometric information. Just to make you really are who you say you are. Of course, how is that going to prevent terrorism is beyond me. But I guess Osama Bin Ladden will have a harder time comi

Re:So...

[llefler (184847)]

There is no problem with putting biometric information into a 2d barcode. A PDF417 barcode can hold 1100-1800 characters of data. Datamatrix can hold about 2000 characters. And there is no reason why there couldn't be more than one barcode in the passport. If I remember the sizes correctly, probably 3-4 barcodes per page.

RFIDs typically hold 2k (or less) data. And there is nothing special about RFID that will stop counterfeiting.

But hey, if it's good enough for Walmart.... Only terrorists need privacy. A

my understanding...

[YesIAmAScript (886271)]

I expressed similar questions when reading the previous articles. Why not a barcode? An RFID system only has an identifier, a key ot a database. A barcode could have actual data on it.

From one of the responses to the previous articles of this sort, I understand that the system here is a bit different than regular RFID. One is that this system actually does have information in it, not just an ID. That doesn't relate to your question, but I found it very enlightening.

Another thing this system does is it is a challenge-response system. That is, it has information in it that is not emitted until you give the right information to it. Perhaps this is the information in that barcode on the password, I dunno. Anyway, a barcode is there for everyone to read, it cannot hide itself until the right key is given to it. The content could be encrypted, but once you take a picture of the barcode, you have its data, you could work on cracking it later, and the "owner" of the barcode wouldn't even know you were doing it. With this system, you can only work on extracting its secrets when you are in proximity to the chip. In addition, it is possible for the chip to monitor and know that you successfully passed its test and got its info. So you will at least know if you've been had when the "successful reads" counter (if it has one) is higher than you expected.

All in all, it seemed like a reasonable system to me. The actual presence of data (as opposed to just a key), the tinfoil cover and the requirement to read the barcode optically before you can get the data (other than ID) out all just adds up to a pretty good system to me. Definitely far better than the representations of it I had seen earlier.

Re:So...

[Jerry Coffin (824726)]

Surely a 2d barcode would be better, or just use old tech mag swipe?

According to the State Department [state.gov] the chip will contain a complete electronic picture of the passport holder. Neither barcodes (even the 2D variety) nor mag stripes store information at high enough density to make this practical.

Fortunately, there is some middle ground here: smart cards that require direct electrical contact to read the data. This isn't an instant panacea by any means, but it certainly eliminates a lot of the most o

AJAX on passorts = great idea

[bigtrike (904535)]

If you don't keep quiet, we're going to end up with lots of other buzzword techs in our passports.

So wrong

[Conare (442798)]

wrong. There are still 2 important benefits:

1. Contact chips only last 4-5 years. US passports are valid for 10. The contactless chip is more durable. 2. There is no need to attempt to mandate the exact size and shape of 28 countries different passport. Very difficult, especially in the current political climate. Remember that this initiative started when the US said you have to do this to be a visa waiver country. The International Civil Aviation Organization then set the standards. So don't blame just

Re:So...

[over_exposed (623791)]

Then I'll just have to microwave my hand then! Ha! That'll teach them!!

Oh, Wait...damn! My microwave doesn't work with the door open...

Re:So...

[87C751 (205250)]

"Optically read" formats can be forged with a printer.

The format can be, but the data contained can be encrypted/signed, making it difficult to do any more than duplicate an existing barcode. Creating "new" records would be difficult, and given biometric data, duplicating existing ones would be of limited use. Besides, the new plan includes an optical barcode, which carries the key to the encrypted data on the RFID chip.

Contact-based things like smart cards or mag stripes are subject to mechanical wear

Don't use passports

[pintpusher (854001)]

I only travel by climbing fences and digging tunnels.

Re:Don't use passports

[k31bang (672440)]

The problem with travling via tunnels is the chance that you may take a wrong turn at Albuquerque.

Tracking

[kevin_conaway (585204)]

RFID chips, including the ones specified for U.S. passports, can still be uniquely identified by their radio behavior. Specifically, these chips have a unique identification number used for collision avoidance. It's how the chips avoid communications problems if you put a bagful of them next to a reader. This is something buried deep within the chip, and has nothing to do with the data or application on the chip.

Ok, so it has a unique ID on it but it doesn't appear that the ID is tied to you or the data. FUD?

RFID bandwagon?

[phorm (591458)]

The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches

I've got to wonder why, in this case, they don't use Magcards instead of RFID. Older technology, yes, but not any more limited for the use given, and a bit more secure as they require contact with the card to read. If they're supposedly going to limit the RFID to magcard limits, why not just use a magcard?

Specialized Hardware...

[NelsonM (906317)]

"A demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet."

Is this anything like the BlueSniper [esato.com]?

Open the passport, the whole thing falls apart

[digitaldc (879047)]

"To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed."

Well there has to be better protection for identity theft than having the passport closed all the time. You may not know whether it is open or closed, but it should have some way of notifying you if it is unsecured. How about having the passport just become a single card with some kind of flash memory built in?

There are many other scenarios where the RFID tags could be exploited, but you will first have to put on your tinfoil hat in order to even conceive of any of these conspiracies.

Add another layer...

[asphinx (921110)]

Why not just make a container for the passport - like a cigarette holder - but lighter, which does not allow reading the RFID chip at all from any distance?

Beat the RFID - renew now

[davidwr (791652)]

Get or renew your passport now and it should be RFID-free for the next 10 years.

Please Explain The Fear and Uncertainty

[mpapet (761907)]

The Benefits:
For the average bad guy, a contactless module will make much harder to fabricate an identity.

Ideally, gov'ts have a better idea who is coming and going from a country and in a much more efficient manner.

For the average person, this doesn't affect them at all.

For the average dissident, the gov't still going to give them a hard time, so this might be one more way to make life difficult.

The Bad:
Bad guys can "collect" information. It's unclear to me what they would do with a unique identifier. They need much more than just the unique identifier. They would need to associate the identifier with (one assumes) the right identity. You don't need to be a bad guy to do that. You can buy most of it from totally legal companies right now. Please explain if I'm missing something here.

Epensive! Understand that it's not just about a passport that will be at least 10x more expensive to make, but the infrastructure to make it work at least half-way decent is a huge project. I submitted my passport information at my local post office. Now, every agency that can accept passport applications has to be somehow connected to the place where the passport is made. Then how do the airports "know" the passport is authentic? More new infrastructure.

The gov't collects information.
Well, they do that already except they buy it from private enterprises. They watch the bad guys. They watch people that they view as threatening. I don't see what changes here. Furthermore, anyone that's been on /. for a little knows how easy collecting personal data can be.

Am I missing something?

Edited for accuracy.

[flutkatastrophe (866004)]

Edited for accuracy.

Don't lie to us like that.....not all of us are N00bs

Time for see-through faraday cage

[davidwr (791652)]

As someone else pointed out, many countries make you show your passport as identification.

It's time someone make a passport "book cover" that covered the inside-covers with a transparent faraday cage. Think clear plastic with thin closely-spaced wires.

Or, if that doesn't work, a "book cover" that includes a probably-battery-powered jammer that jams any attempt to read it.

Of course you'd remove your passport from this at points of entry and for other official purposes, but when a private merchant asks to see your passport as ID, he won't be able to scan it, leaving him with a business decision: rely on the visible passport, or ask you to shop elsewhere. More importantly, the hopefully-rare-but-I-don't-want-to-meet-him id-theiving-store-clerk won't be able to scan it.

Re:Time for see-through faraday cage

[geoffspear (692508)]

When merchants start asking me to see my passport before they'll sell me anything, I'm moving to a unabomber-style shack in the woods and never talking to another human being again.

German passport

[Crouty (912387)]

Under US pressure and the general terrorism FUD the German government decided to introduce new passport documents with RFID starting from Nov 1st 2005. I got me an old one without RFID that will be valid until 2015 and every day I am more sure I did the right thing.

Re:German passport

[slavemowgli (585321)]

If you want to visit the USA, you just may have to get a new one soon, anyway (considering that they implemented this in order to still be eligible for the visa waiver program) - either that, or apply for a visa, which isn't exactly a wark in the park, either.

Case in point: I have a friend who lives in Sweden who once needed a visa. Outside of having her photo taken by a photographer certified by the US embassy (a regular photo used for passports etc. wouldn't work), she also had to come to the embassy in Stockholm in person to be interviewed - a six-hour train drive, FWIW, and the fact that they gave her an appointment at 8:30 Monday morning meant that she had to arrive on Sunday already, too (so in addition to the train ride, she also had to pay for a hotel room for one night). The interview itself was pretty much straightforward, from what she told me, but relatively long - more than half an hour. And the security measures were rather tight, too; for example, she had brought a bottle of water, and she actually had to drink that before being allowed to enter. And not just some of it, in order to prove it wasn't poison or whatever they suspected it might be - all of it.

The whole thing, IMO, was/is extremely idiotic, but considering that she needed the visa, she had to put up with it.

I'm not sure, but if that's the price you have to pay in order to get a visa, even in a highly developed country like Sweden (or Germany, for that matter), then having an RFID passport almost sounds like the lesser evil - at least you can put that into a leaded box and leave it at home whenever you're not travelling. (When you are, to the USA at least, all bets are off, anyway; you'll be fingerprinted and photographed upon trying to enter, and I wouldn't be surprised if in a few years, they'd conduct random body cavity searches as well. The problem is that pretty much noone here actually cares - after all, it all just happens to foreigners, anyway.)

Passport still needs to be scanned???

[xlv (125699)]

Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner.

If an optical scanner needs to be used to read the encryption key, doesn't that defeat the no-contact advantage of RFID as the passport then needs to be close to the scanner. Why not just use some smart card technology and avoid the radio part altogether?

Smartcard?

[frantzdb (22281)]

Is there ever a reason the wireless feature of RFID would be needed for passports? Wouldn't smartcards provide all the necessary forgery prevention and data storage without any need for tinfoil hats?

What should be in the article...

[Hugonz (20064)]

Although some have derided this as a tinfoil hat for passports, the fact is that it is indeed a fucking tinfoil hat!

No more Radio Waves!!!

[mmeister (862972)]

If the KEY is printed and thus has to be scanned, why don't they just print the information on there too? I mean, they are already planning to require you to put it across an optical scanner, so there must be another, unspoken, reason for using RFID.

The reasoning behind using RFID Passports seems *VERY* flawed. I am suspect of any agency that is a proponent of such reasoning. I'm sure terrorists and boogyman will be mentioned several times in the explanation as to why we should have this technology.

Someone is hiding something!!

Optical Scan + RFID? Why?

[Irvu (248207)]

If they need to scan it optically in order to obtain the info, then why use RFID at all? Seriously, at best the only viable argument for RFID chips is that they might make those lines move a little faster. But noe, for sthe sake of security we have to a) have the passport open, and b) have it scanned by an optical scanner. At which point absolutely nothing is gained by using RFID.

To review:

• RFID:
  
  1. Can be scanned by anyone in a remote fashion (without holders knowledge).
  2. Supposedly this means the end of lines at passport offices.
  3. But, It necessitates countermeasures to ptorect it (tinfoil shield).
  4. Said shield is unlikely to be perfect. If you hold it open in your hand (while waiting in line), open it to check it elsewhere, let it fall open in your bag, etc, it no longer helps.
  5. To protect data said chip is encrypted requiring an optical scan to verify. Optical data is itself imperfect in that it too can be scanned, but now much closer.
• Old Method:
  
  1. Data is stored in human or machine readable form on the passport requiring optical scan.
  2. Data cannot be efficiently scanned remotely (i.e. without the holder's knowledge).
  3. But we end up waiting in long lines.

Am I the only one who is beginning to think that RFID is a problem in search of a different problem. This news today proves conclusively that nothing is gained by using the chips. They open up pointless security holes and provide not one bit of protection.

What a damned waste.

Re:kidnapping travelling americans made easy

[tuxette (731067)]

Why bother? American tourists are very easy to spot without having to resort to fancy technology. Just follow the bright white sneakers and the loud complaints about the food, the hotel, the prices, etc. etc...

Re:kidnapping travelling americans made easy

[Catbeller (118204)]

My mom used to work at the welfare office for the Cabrini Green projects in Chicago. She used to listen to some of her fellow workers sitting at screens, data mining the client's records for people who weren't at home during working hours. They were using the information to rob the empty homes during lunch hours. True story.

Technology gives bad people with power ever more ways of fucking you over. If they DON'T need the tool, don't give it to them. We didn't need RFID passports before, and we don't need them now. Misdirection is afoot. What ELSE are they adding to the passports besides RFID? Get that question answered, and you'll know how they are fucking us in brand new ways.

When a corporation or a government (in the U.S., indistiguishable now) wants a new way to track people, it's never for the citizens' good, but for their own. Acquiesence to tyranny happens a tiny bit at a time. In twenty years, a whole generation of the world's people will have grown up in a virtual prison, and won't even notice.

 

Re:WARNING: Do not destroy your passport

[TheOrangeMan (884380)]

A days parking at the airport : 12$
Homemade Magnetron gun concealed in suitcase : 250$
Watching everyone you point your suitcase at miss their flight and get arrested (before you get arrested yourself) : Priceless!

Re:WARNING: Do not destroy your passport

[Chyeld (713439)]

I am VERY interested in YOUR comments. PLEASE specify more where YOU heard this INFORMATION. Was it PERCHANCE at a heavy METAL rock concert?

Re:Why contactless?

[Conare (442798)]

Excellent Question!

US Passports have a validity of 10 years. Modern contact chips in smart cards have an estimated life of 4-5 years. So you would theoretically have to get at least twice as many passports. Also, you can't really just replace passports with smart cards because not every country in the world will be able to read those smartcards at the get go. (Think Chad or other 3rd world countries) so you have to continue to use a typical human readable passport. This program is designed for the 27 or so VISA-waiver countries. There was no way that anyone was going to successfully mandate a single physical form factor for the passports of 28 different sovereign nations, but they were able to (finally) reach an agreement on an embedded chip, interface and some minimal and optional contents. These were the driving reason for contactless, and it is unfortunate that the US State Dept. did not consider privacy from the get go. But thanks to a public outcry, now they have.

Someone else asked what was wrong with the current passports. In a word, the answer is forgery. The new passports include a digital signature across the entire contents of the passport including the photo. So if I as a bad guy, take your passport and try to replace your photo with mine, either the photo on the chip won't match, or if you somehow figure out how to replace the photo on a chip that has had its write mode disabled permanantly, the digital signature will not verify. So with the new passports, the only way to get an undetectable forgery is to get the real thing through the passport office, probably not impossible (think bribes and extortion of issuance officers), but now we have an honest shot at detecting it, and if one does turn up, you might be able to go back and figure out who issued it. This has an additional side benefit in that it makes stealing chip equipped passports worthless. This should help increase the security of travellers who are sometimes attacked or robbed solely for their passport.

Im my opinion, now that steps have been taken to reduce the possibilities of skimming, the benefits of the new passports outweigh the negatives. Schnier's alarmism about the serial numbers is just that. If someone really wants to track people so badly that they will start building databases of those serial numbers and correlating them with information that they have obtained through some justified mechanism, just so that they can track you when you happen to have your passport open anyway, then they are going to track you, and there is not much you can do about it anywyay. This is roughly the same risk as having a hidden camera near a point where you open your passport (or someone opens it for you). It's just to far to go for the limited benefit. The new protections have tipped the balance in favor of the new ePassport, and while Schnier does point out a flaw that is unfortunate, it is certainly repairable in the future, and not "fatal". If the US starts issuing passports without the flaw in the next few years (before all the passports with no chip at all expire) no one will bother trying to attack passport security in this fashion. It just isn't worth it.