Forgot your password?
typodupeerror
Privacy United States Technology

Disabling the RFID in the New U.S. Passports 294

Posted by Zonk
from the very-high-tech dept.
slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, so you can still use it.' "
This discussion has been archived. No new comments can be posted.

Disabling the RFID in the New U.S. Passports?

Comments Filter:
  • No Hurry (Score:5, Insightful)

    by JusticeISaid (946884) on Tuesday December 26, 2006 @11:25AM (#17366786)
    Great idea! Anything else I can do to slow down my passage through Immigration and Customs after a long flight? I'm always looking for ideas.
    • Re: (Score:2, Funny)

      by Anonymous Coward
      here's one: broadcast your personal data, allowing others to clone your passport and using it to enter the U.S. while you are off on holiday. Customs will surely take notice that you are trying to enter the country a second time.
      • Re:No Hurry (Score:5, Informative)

        by swillden (191260) * <shawn-ds@willden.org> on Tuesday December 26, 2006 @12:06PM (#17367212) Homepage Journal

        here's one: broadcast your personal data, allowing others to clone your passport and using it to enter the U.S. while you are off on holiday. Customs will surely take notice that you are trying to enter the country a second time.

        What technology would you suggest to use to do this broadcasting? The contactless smart card chip in the passport won't do the job very effectively because:

        • it requires execution of a cryptographic authentication protocol using an AES key derived from data printed inside the passport cover (called the MRZ)before it will divulge anything; and
        • the shielding in the passport cover hold the chip incommunicado unless the passport is open

        Perhaps you could photocopy the information page and post flyers? Or just walk around holding your passport open so that any would-be passport cloner can see the MRZ data? If you *really* want to use the passport's contactless chip to distribute the data, I guess you could print your name, birthdate and passport number on a sign, hang it around your neck, and then stick your passport to it so it's held open. Given the name, birthdate and passport number, an attacker will be able to guess the MRZ fairly quickly. If you want to make them work for it a little, you could leave out the birthdate and passport number and let them guess those values. Be sure to give them your name, though, otherwise it'll take too long, because the chip just doesn't report the failed authentication attempts fast enough. There's also the small issue of the communication range of the contactless chip, but perhaps there's an area of the airport that is nicely EM-shielded so that the attacker's lab-grade transciever and signal processing equipment can talk to your passport at a reasonable range. Or perhaps you could just let the attacker give you a booster device that you could hold near your passport.

        All in all, it seems like a rather ineffective way to broadcast your data. I'd go with the flyers.

        Removing toungue from cheek, it's a pretty ineffective way for an attacker to try to get your data, too. There are many other approaches that are much, much easier.

        • Re:No Hurry (Score:5, Informative)

          by Jah-Wren Ryel (80510) on Tuesday December 26, 2006 @01:08PM (#17367874)
          the shielding in the passport cover hold the chip incommunicado unless the passport is open

          That's true if your definition of "open" is anything not held tightly closed.

          It has already been demonstrated that the faraday cage effect of the shielding is negated if the passport is only open a centimeter or so, as could easily happen with a passport carried in a handbag, or pretty much anywhere there is not much pressure to hold it closed.

          So, while you may not be able to crack the data from the RFID, you can certainly talk to it under conditions that are reasonably common in the field.

          it requires execution of a cryptographic authentication protocol using an AES key derived from data printed inside the passport cover (called the MRZ)before it will divulge anything; and

          Doesn't this strike anyone as ironic? The RFID is of no value for official use without first having to read something printed on the inside. So much for any improvement in convenience or ease of use over the previous implementation. Seems like an RFID manufacturer (patent holder?) hired a really good lobbyist.
          • Re:No Hurry (Score:4, Insightful)

            by rlp (11898) on Tuesday December 26, 2006 @02:00PM (#17368404)
            It has already been demonstrated that the faraday cage effect of the shielding is negated if the passport is only open a centimeter or so, as could easily happen with a passport carried in a handbag, or pretty much anywhere there is not much pressure to hold it closed.

            Or you could put a rubber band around the passport to keep it closed.
            • Re: (Score:2, Insightful)

              by Jah-Wren Ryel (80510)
              Or you could put a rubber band around the passport to keep it closed.

              Yeah. Somehow, I don't expect to see THAT in the instructions from the State Department anytime soon. That's the kind of thing that gets noticed, it would end up in Leno's monologue, maybe even a skit or two on SNL.

              The whole point of putting shielding in was that the average joe traveler would not need to worry about band-aid security because the people whose damn job it was to get it right did so.
              • Re: (Score:3, Funny)

                by rlp (11898)
                ... because the people whose damn job it was to get it right did so.

                We ARE talking about the US government, aren't we?
            • Re: (Score:3, Insightful)

              by Tim C (15259)
              Or just put it in your pocket; seems to do a good job of keeping my wallet closed.
          • Re:No Hurry (Score:4, Interesting)

            by Dare nMc (468959) on Tuesday December 26, 2006 @02:05PM (#17368444)
            Doesn't this strike anyone as ironic? The RFID is of no value for official use without first having to read something printed on the inside.

            took me some time to grasp the advantage. I think the obvious advantage of the rfid chip is for the entering country to keep a complete record for post/off site processing. It does no good to the US customs for US citizens to give back the info. We already have that in our databases, + more for anyone "interesting" just from their SSN.
            Essentially the RFID passport is a Tit for Tat jester. To tell the EU, etc we'll force our citizens to give you their data in a nice tight bundle, so that you will return the favor with your citizens data on Entry to the US.
            obviously easier for a untrained agent to beam all passport data to a offsite FBI agent, then you can have one central surveillance office.
      • by Fordiman (689627)
        Which leads me to question:
        Why didn't the government look into a challenge-reponse solution to these passports? Doing an SHA-1 in hardware doesn't take up THAT much juice, does it?
    • Great idea! Anything else I can do to slow down my passage through Immigration and Customs after a long flight? I'm always looking for ideas.

      Hey, actually, it is a great idea. If you're the kind of person who likes to protect his rights and privacy, this is an excellent way to go. Not only do you get to destroy the RFID, but you can still use the passports that are being released from here on out and are the only way to get in or out of the country. This means that we have an option to keep passports as the

    • Re:No Hurry (Score:5, Insightful)

      by Qzukk (229616) on Tuesday December 26, 2006 @11:47AM (#17367002) Journal
      Yeah, because stopping you, scanning your passport, then letting you on through was SO much faster than stopping you, sliding your passport through a stripe reader, and letting you through.
      • Re: (Score:3, Interesting)

        by swillden (191260) *

        Yeah, because stopping you, scanning your passport, then letting you on through was SO much faster than stopping you, sliding your passport through a stripe reader, and letting you through.

        Umm, you missed the point. The intent of the smart card chips isn't to speed up processing,it's to increase security without slowing processing down too much. However, once the smart chips are in place, the normal processing flow for a chip-bearing passport will involve reading the chip data. What happens when the chip fails to respond? Well, that will be an exceptional circumstance that will take the bearer of that passport out of the normal, expedited flow and into another process that scrutinizes t

    • Re:No Hurry (Score:5, Insightful)

      by iron-kurton (891451) on Tuesday December 26, 2006 @02:19PM (#17368556)
      Here's an idea: not giving up your civil liberties for the sake of convenience and national security (to be distinguished from ACTUAL security). What's really funny about your statement is that 5 years ago, people like you were in front of news cameras at the airline check-in saying "we don't mind waiting in line if it makes us more secure." Now, 5 years later, even after we have all established that airport security is a joke, instead of coming up with a more efficient screening method, we spent our resources developing YET another new technology full of holes.

      My point is, your anger at the poster and the method of destroying the chips is a bit misdirected -- if you really want to spend less time at security checkpoints and Immigration and Customs, you should lobby for improving the methods currently in place. Besides, like someone who replied to your post already said, there really is no speed improvement in putting your passport through a barcode reader or waving it in front of an RFID reader. However, there is a relative security difference, and given the choice, I would take the former.
  • ObSneakers (Score:5, Funny)

    by Rob T Firefly (844560) on Tuesday December 26, 2006 @11:28AM (#17366822) Homepage Journal
    (Bishop is at a door with an electronic lock.)
    Bishop: Anybody remember how to defeat an electronic keypad?
    Mother: This might help. An old buddy of mine who was in Desert Storm sent it to me. 'Course, he was on the other side.
    Bishop: Come on. There's got to be a way around these things.
    (He listens intently to instructions via his earpiece.)
    All right, all right... This might work... Yeah. Yeah... Right. Okay. I'll give it a shot.
    (He kicks the door in.)
  • Is it possible to make a passport cover that will block the signal when it's in the cover but USC&I can still use thier RFID thing when you take it out?
    • by Rob T Firefly (844560) on Tuesday December 26, 2006 @11:30AM (#17366866) Homepage Journal
      Yes. [difrwear.com]
    • Re: (Score:3, Informative)

      by melstav (174456)
      Sure.

      And as long as you keep your passport in the RF shield, nobody can read it.
      But the instant you pull it out, anyone can try accessing it.

      What's worse: You *know* that Customs Officials won't have Faraday Cages around their reader stations. All someone'll have to do is set up a high-gain antenna somewhere in the area, and they can parasite the data as it's being read by the legitimate scanner.
      • by MightyYar (622222)
        I think that I'll wait until I actually read about this kind of extreme measure actually occurring before I start bashing my passport with a hammer. I'll take my chances at being the first victim.

        Anyway, I think the odds of me losing my entire passport are quite a bit higher than having it electronically cloned... especially considering that they will apparently accept a passport even if the RFID tag isn't working - why would a counterfeiter bother cloning it?
        • by MightyYar (622222)
          I'm pretty sure that a common thief or pickpocket is not sophisticated enough to have a piece of equipment capable of detecting large amounts of currency, if that's even possible.
          • by triffid_98 (899609) on Tuesday December 26, 2006 @02:23PM (#17368602)
            Really? I'm pretty sure common thieves and pickpockets have had this technology for quite some time. See that 80 year old man in Baggage Claim with the hot 20 year old arm jewelry? I detect large amounts of currency.

            I'm pretty sure that a common thief or pickpocket is not sophisticated enough to have a piece of equipment capable of detecting large amounts of currency, if that's even possible.
      • by jcr (53032)
        All someone'll have to do is set up a high-gain antenna somewhere in the area,

        No chance of that arousing suspicion, since people routinely carry high-gain antennas around airports, right?

        -jcr

  • Great idea! (Score:2, Insightful)

    by tulmad (25666)
    That's great until they make it a requirement to have working RFID to go through customs.
    • Re:Great idea! (Score:5, Interesting)

      by ScrewMaster (602015) on Tuesday December 26, 2006 @11:50AM (#17367026)
      Well, it remains to be seen just how reliable (or otherwise) these things are ... my feeling is that there's going to be a substantial failure rate. It's one thing to require RFID to speed the process of verifying an identity or to make it nominally more accurate. However, if you invalidate a passport because of a malfunctioning chip you're going to have BIG problems. People sit on things, they flex them, they drop things on them, they otherwise break them. It's what people do, whether they mean to or not.

      Let's face it, you're gonna see a certain percentage of RFID passports that just don't work, for whatever reason. What do you do? Lock those people up? No, you just treat the passport like a traditional non-RFID-equipped passport. Well, if you're a properly-trained security person maybe you actually look at the traveler and make sure the picture matches. Maybe you do your job, because if the RFID isn't working you can't just doze through the interview and let the machine do the work. You should be on your toes anyway, because the one time you aren't is when the technology will let you down. And they (yes, they) know that.

      And you can bet your boots that any (ahem!) undesirables will have properly-functioning RFIDs anyway. As always, it's us ordinary folk that will get busted for not dotting our I's and crossing our T's (not that most of us have any way to test the goddamn things anyway, except by trying to travel somewhere and seeing what happens.)

      Personally, I think the Feds ought to focus more on people skills (i.e., well-trained, well-paid security forces with an effective organization to back them) and less on failure-prone, unproven technology.
      • Re:Great idea! (Score:4, Insightful)

        by JFitzsimmons (764599) <justin@fitzsimmons.ca> on Tuesday December 26, 2006 @12:23PM (#17367400)

        The goal of adding RFID to a passport was to add another layer of security to the passport. This may sound a little strange at first, but there is some logic to it. The RFID chip contains the same information as the printed passport, including a digitized version of the picture, AND a cryptographic hash. The desired outcome is that it is difficult to forge BOTH parts of the passport simultaneously. Ideally, the person would only be able to pass if both portions of their passport matched and the hash was valid. Although it may be a result, being able to just wave people on through after scanning the RFID portion of the passport was not a goal.

        Practically, since passports are still valid without RFID, this measure is almost useless, and opens up tons of privacy problems as already stated. I don't think that ranged communication should have been a major feature of a passport, which makes me wonder why the government chose RFID over any other tagging technology, such as smartcards. Smartcards could perform the same or perhaps even better task as the RFID tags currently are, except they would be more secure simply by the virtue that they require physical contact with the reader.

        • Re: (Score:3, Insightful)

          by ScrewMaster (602015)
          ... which makes me wonder why the government chose RFID over any other tagging technology ...

          Well, much has been made over the potential for these passports to be read by bad guys for some distance. It occurs to me that our government (and others) might like to have that same ability. It sure would be convenient for the cops if they could just stop anyone that they can't "ping". It would be a variation on usual "papers, please!" but no less invasive from a privacy perspective. Readers could be installed
        • Re: (Score:3, Informative)

          by Anonymous Coward
          And this, illustrates something I have been mentioning for quite some time now. Why forge something that is so freakin' hard to forge, when you can have the real thing with so much less effort? The government is going through so much trouble to "secure" airports and passports, that they have managed to (and many citizens have managed to play along with) convince themselves that securing this is the final answer to security.

          In reality, it just opens up a whole new area to be exploited. If route A is easie
      • Re: (Score:3, Funny)

        by advocate_one (662832)
        Personally, I think the Feds ought to focus more on people skills (i.e., well-trained, well-paid security forces with an effective organization to back them) and less on failure-prone, unproven technology.

        hahahahahahahahahahahahahahaha... sorry... just had to laugh... you owe me a new keyboard...

    • by peragrin (659227)
      Well the smartest move I made was to get my passport 18 odd months ago. that gives me 8 years to find a solution to this headache.

    • Re:Great idea! (Score:4, Informative)

      by thebigbluecheez (1010821) on Tuesday December 26, 2006 @12:15PM (#17367312)
      The only problem I see with making it a requirement to have working RFID is that my non-RFID-equipped passport is valid until 18 June 2016.

      So unless they are going to recall all non-chipped passports, they'll have to wait quite a while to make it a requirement.

      Also:

      Alteration or mutilation of passport: This passport must not be altered or mutilated in any way. Alteration may make it INVALID, and, if willful, may subject you to prosecution. (Title 18, U.S. Code, Section 1543)
    • Re: (Score:3, Funny)

      by pilgrim23 (716938)
      Someone once said that all better ID control ever does is raise the costs for fake papers.. When I was young I worked a cattle ranch. Back then we had a handy gizmo for tagging the ears of cattle; White tags for cows, blue for steers, yellow for hefers. It made culling for slaughter so much easier. Nice to see this tech put to the next logical step.
  • What the Heck... (Score:3, Informative)

    by Noryungi (70322) on Tuesday December 26, 2006 @11:28AM (#17366830) Homepage Journal

    Microwave the sucker and be done with it, I say.

    Oh wait, that leaves a big smoking hole in the passport... Errr, never mind, carry on...
  • I wouldn't try this with a european passport when I travel the next time to the US - as I don't want to risk it being sent back on the next plane.
    • by rvw (755107)

      I wouldn't try this with a european passport when I travel the next time to the US - as I don't want to risk it being sent back on the next plane.

      "It" being sent back is not such a big problem. You being sent back along with it is maybe more unpleasant.

      • by 56ker (566853)
        Immigration usually confiscate the passport, then keep the person in custody (either at the airport or local prison) until the next plane back. At least that's the way I've seen it done before - even to the innocent. It kind of makes it difficult for a person to return to a country but there are plenty of passports issued under a false name for trips that aren't going to appear on the official "entry/exit" database (or are just asylum seekers - genuine or otherwise).
      • by ultranova (717540)

        I wouldn't try this with a european passport when I travel the next time to the US - as I don't want to risk it being sent back on the next plane.

        "It" being sent back is not such a big problem. You being sent back along with it is maybe more unpleasant.

        Actually, I'd be more worried of being improsoned without trial or access to a lawyer for being a suspicious person, and never again seeing home.

  • DMCA (Score:4, Funny)

    by Anonymous Coward on Tuesday December 26, 2006 @11:30AM (#17366856)
    They'll just say you are violating the DMCA somehow if you bust the RFID in there.
  • by torstenvl (769732) on Tuesday December 26, 2006 @11:30AM (#17366868)
    FTFA: "But be careful - tampering with a passport is punishable by 25 years in prison."

    Also, only TFA works. The other links are bogus.
    • by ceejayoz (567949)
      Sure, but how are they going to prove you hit it with a hammer instead of, say, had it at the bottom of your backpack and put heavy books on it?
      • by ScrewMaster (602015) on Tuesday December 26, 2006 @12:09PM (#17367252)
        That's not the question. I don't think our Federal Government is as much concerned about "proving" things as it should be, not anymore. The real question is: what is the penalty for being accused of tampering with your passport.

        I would think that "tampering" would be more along the lines of "falsification". Destroying the RFID is really more defacement than tampering. At worst that would make the tag useless, at best make it more secure, and only means the passport works the way passports have always worked, requiring visual identification. It doesn't give the holder a different ID or allow him to do anything he otherwise could not.
  • Heh, the solution gives a whole new meaning to the phrase 'hammer time.'

    Makes me wonder if this 'brute force' approach will be applied to other government introduced RFID technologies?

    "duh, how do I know it didn't work ...?"
  • Ooops (Score:4, Funny)

    by dj961 (660026) on Tuesday December 26, 2006 @11:31AM (#17366884) Journal
    I dropped a hammer on my passport.
  • by paladinwannabe2 (889776) on Tuesday December 26, 2006 @11:32AM (#17366890)
    That broadcasts your information. This makes it so much easier to stalk people you've just met! Of course, if I was a criminal I'd just use this to make a list of people going on a nice long overseas flight... plenty of time to stop by their house and help myself to a few things.
    • by teslar (706653)
      yeah, except that RFID chips don't broadcast anything anyway and US RFID passports, unlike their British counterparts have a layer of tinfoil in their covers, so unless it's actually open, you can't read the chip.

      So, to answer the OPs questions.

      How far will you go to protect or disable the RFID chip in your passport?

      Wrap it in tinfoil

      Do you think such a step is necessary?

      For US passports: nope, it's already been done for you, courtesy of your government. Other non-foil-wrapped passports: Meh. But yeah, bett

      • I didn't realize that the US passports were being wrapped in foil- that makes it much more difficult for random people to access your tag. As my post (hopefully) shows, there are reasons why you don't want random people having access to your full name, much less any additional data.
    • by MightyYar (622222)
      You don't have to worry about this unless you walk around with your passport open. When the passport is closed, metal fibers in the cover act as a shield that makes reading the RFID chip impossible.

      At least, that is my recollection.
    • This makes it so much easier to stalk people you've just met!

      A cookie for the first hacker who connects a portable RFID reader to one of those uber-geek scrolling LED name badges and writes out, "Hi, $FIRST_NAME $LAST_NAME, pleased to meet you!" whenever someone with a passport walks up to you.
    • by swillden (191260) *

      Of course, if I was a criminal I'd just use this to make a list of people going on a nice long overseas flight... plenty of time to stop by their house and help myself to a few things.

      Yeah? How would you get the MRZ data that's printed inside the passport? You know you need that to authenticate to the chip before it will give you any data, right? Also, you're going to have to convince the people to open their passports, otherwise the RF shielding in the passport cover will prevent you from talking to the chip. Maybe you can scan them when they show their passports at the checkin counter. Of course, you still need that pesky MRZ data -- maybe a camera with a long lens? Hey, when y

    • by gad_zuki! (70830)
      First off, its encrypted. The key is written on the inside of the passport. Unless theyres some flaw with key generation then that AES will be difficult to crack.

      Secondly, when the passport is closed the chip is enclosed in a layer of tin-foil making it pretty much impossible to read.

      Its not perfect but its not the security nightmare some people make it out to be. Personally, I'd much prefer they use something that requires a physical contact.
  • by 75th Trombone (581309) on Tuesday December 26, 2006 @11:46AM (#17366986) Homepage Journal

    How far will you go to protect or disable the RFID chip in your passport? Do you think such a step is necessary? Does anyone have an argument in favor of the technology's implementation here?

    Or how about in opposition of it? What do you think are the legal ramifications of such a move? Who is likely to be hurt by this scenario? Who am I? What am I doing posting on Slashdot? When is my question-mark key going to break under stress?

  • Taking bets... (Score:5, Insightful)

    by Junior J. Junior III (192702) on Tuesday December 26, 2006 @11:47AM (#17366998) Homepage
    How long until they make hammer possession a felony?
    • Re: (Score:3, Funny)

      by Perseid (660451)
      Who cares? Does anyone still have any of his CDs anyway?
    • Re: (Score:3, Funny)

      by multiOSfreak (551711)
      How long until they make hammer possession a felony?

      Probably not long. And then only the criminals will have hammers. That's why we should all join the National Hammer Association.

      They can have my hammer when they pry it from my cold, dead hands.
    • by dkleinsc (563838)
      Doesn't solve the problem, unless they're going to outlaw rocks as well.
  • Smashing the chip is obviously just a political statement (one that I agree with mind you). If the guy only wanted to prevent the chip broadcasting data everywhere, it's easy enough to make a tinfoil-lined wallet for the passport, or carry it in an old cigarette case.

    The other thing: if a US passport with a defective rfid chip is legal and valid, it won't stay that way for long.
  • No thanks. (Score:2, Insightful)

    by webdog314 (960286)
    And who is more likely to get that random cavity search, the touring Swiss couple who don't give a damn about their privacy risk, or the scruffy looking nerd who's passport just happens to have a non-functional RFID chip?
  • State Department FAQ (Score:5, Informative)

    by brewer13210 (821462) on Tuesday December 26, 2006 @12:06PM (#17367218) Homepage
    From the US State Department FAQ on electronic passports

    What will happen if my Electronic passport fails at a port-of-entry?

    The chip in the passport is just one of the many security features of the new passport. If the chip fails, the passport remains a valid travel document until its expiration date. The bearer will continue to processed by the port-of-entry officer as if he/she had a passport without a chip.
  • by mmurphy000 (556983) on Tuesday December 26, 2006 @12:10PM (#17367270)

    Does anyone make a handheld RFID detector? Not something to read the tags, but just to note their presence, kinda like the rudimentary keychain WiFi detectors? I'd love to have something that I can use at home to find these little buggers as they start invading everything, so I can choose which to keep, which to somehow enclose (e.g., passport), and which to hammer into oblivion.

    For my purposes, a simple meter showing strength of reflected RFID signal would probably suffice, so one can slowly pan over an area to watch for needle jumps. An audible signal (think Geiger counter or metal detector) could work too, though a headset jack would be nice in that case.

    • by Lord Grey (463613) *
      I don't know of a handheld RFID detector, but I've often thought about what I could do about the increasing use of RFID tags and the potential for misuse (particularly with respect to anyone tracking my actions, purchases, etc.). It seems that it will only be more and more difficult to try to defeat RFID tracking. Given that, I've thought that perhaps sowing disinformation is the better way to go. What about a handheld RFID transmitter, instead? One that simply continuously spews random information at m
    • by cdrguru (88047)
      Contrary to popular media, RFID is not something that enables tracking by satellites, black helicoptors or mysterious vans you see roaming your neighborhood streets.

      It is a passive device that requires a RF signal strong enough to induce an electric current in an antenna so the chip can transmit a response.

      No, you aren't going to be able to detect this without transmitting the proper frequency signal at a high enough power to trigger the chip to respond. It isn't going to respond unless "prompted" by a rea
    • by Lurker187 (127055) on Tuesday December 26, 2006 @12:37PM (#17367558)
      Well, if you're scanning objects in your home, you might as well use a stationary device connected to a computer, since there's little point in putting RFID tags in furniture or other normally non-mobile objects. Also, I would think a mobile power source and even basic processing would drive up the price.

      I haven't tried them yet, but if you are interested in PC-based RFID readers, some friends recommended these:

      http://www.hobbyengineering.com/H2177.html [hobbyengineering.com]

      http://www.phidgets.com/index.php [phidgets.com]
    • Re: (Score:3, Informative)

      by owlstead (636356)
      In the Dutch/German C'T magazine there have been schematics on how to build a detector to find ISO 14443 tags (which is what these passports are). Also, you can find another way to protect yourself against these sort of attacks here:

      http://209.85.135.104/search?q=cache:HuNI-ek20WkJ: www.cs.vu.nl/~melanie/rfid_guardian/papers/acisp.0 5.pdf+rfid+vu&hl=en&ct=clnk&cd=2&lr=lang_nl [209.85.135.104]|lang_e n|lang_de

      They also link to the RFID detector in the C'T magazine (first reference).
  • by krygny (473134) on Tuesday December 26, 2006 @12:14PM (#17367298)

    "Does anyone have an argument in favor of the technology's implementation here?"

    Soundly thrash, arrest, incarcerate, try, convict and execute anyone with a malfunctioning passport tag. Problem solved.

  • Why bother hitting it with a hammer or microwaving it when simply wrapping it in aluminum foil will do?

    • I am not concerned with the possibility of having my data stolen when I am at immigration, because that is generally in a secure part of the terminal and I do not think the odds are very high of people setting up to steal data at that location.

      But what about airport check-in? If you are traveling internationally, you will have to show that you have a passport at the check-in counter. That is not inside a secure area and anybody could carry a skimmer inside a backpack or briefcase and attempt to steal the da
  • At least others have done something similar:

    http://www.rpi-polymath.com/ducttape/RFIDWallet.ph p [rpi-polymath.com]
  • Bad Idea (Score:2, Informative)

    by Vulturejoe (570401)
    Don't do this. The government considers US passports to be its property not yours, and mutilating your passport can get you in trouble, especially if you did it on purpose. Plus, there will be a lot of paperwork to fill out if you ever want another passport.
    • by BCW2 (168187)
      How are they going to prove it was done intentionaly? I have a serious workshop, something could have fallen on it like my favorite short handled 3LB hammer!
  • by Zadaz (950521) on Tuesday December 26, 2006 @12:18PM (#17367342)
    If my passport is perfectly valid without it then why does it exist? It's certainly not preventing counterfeiting if they can just skip that step.
  • Here is the new logo mentioned: http://travel.state.gov/images/e_ppt_logo.jpg [state.gov]

    I was just issued my new passport, and while it feels different than the old one, it doesn't have the new logo. As long as I don't lose my passport, I should be good and electronic free until 2016. Hopefully by then, they would have worked through any of those nasty security problems.

    Since passports have such a long expiration date, most people won't have to worry about this for many years.

  • I do this stuff (among other things) for a living.

    There are two types of RFID tags - active (carries its own power supply) and passive (powered by the magnetic field generated by an RFID reader). The best active tags can be read a couple hundred feet away - that's what you use to go speeding through toll booths and such.

    Passive tags (like the one in the passport) can only be read a few inches away and someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate ma
    • Re: (Score:3, Informative)

      by swillden (191260) *

      Passive tags (like the one in the passport) can only be read a few inches away and someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.

      Good post. I just want to add that because the readers EM field powers the chip and the chip's transmitter that the effective power requirement increases with the *cube* of distance, rather than following the normal inverse-square law. That's not to say it's impossible to read chips from larger distances, but it's very tricky, and works best in an EM-shielded lab environment.

    • by Anonymous Coward on Tuesday December 26, 2006 @01:36PM (#17368140)
      Not only can the old-generation passive RFID tags be read more than "a few inches away" (to claim 1 meter="a few inches" you'd have to count the way the Congressional Budget Office does)*, but it's been more than a year since passive RFID tags which can be read anywhere from 4-8 meters away have been on the market.

      Here's a nice little marketing presentation to get you started on the capabilities of passive RFID using Ultra-High Frequency ... http://www.idesco.fi/library/documents/PassiveRFID -Ifsecseminar2005.pdf/ [idesco.fi]

      *Yes, I know its only "1 meter" under near-ideal conditions but average street conditions still don't degrade the range to "a few inches".
      • Actually I'm neither - and couldn't read your link. Pesky 404s anyway - but UHF RFID isn't what's being fielded here ;-)

        In practice your 1 meter degrades to considerably less than half that distance under suboptimal conditions - at least in my experience. I get reliable reads out to about ten inches.
    • by Jah-Wren Ryel (80510) on Tuesday December 26, 2006 @01:40PM (#17368194)
      I do this stuff (among other things) for a living. ...
      Passive tags (like the one in the passport) can only be read a few inches away and someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.


      While you may "do" it for a living, it sounds like you don't hack it for a living. It takes a whole different mindset to look for vulnerabilities to exploit.

      Even the State Department admits the RFIDs used in the passports can be read from at least 10 feet away. [oreillynet.com] NIST says they've been able to do 30 feet and are working on clever ways to get beyond even that. These numbers are for ISO 14443 RFIDs which seem to be the type used in US passports.

      one has to remember that tags operating on the same frequency will tend to interfere with each other, reducing the chance of getting a good read.

      There are plenty of situations in which just knowing that the RFID and associated passport are present are trouble enough. The classic example being the bomb with an "american detector" - left out in a public area it only needs to get enough of a signal fingerprint to differentiate american passports from others in order to make that passport's owner very unhappy. Put one of those into the doorframe of a mcdonalds somewhere and you don't even need to worry about long-range fancy-smancy stuff.
    • by canavan (14778) on Tuesday December 26, 2006 @01:46PM (#17368268)
      passive (powered by the magnetic field generated by an RFID reader).
      Passive RFID tags are not powered by magnetic, but by electromagnetic fields, more precisely essentially the same radio frequency they use to send back their data - they use the same antenna for sending and receiving.

      someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.
      Since we determined that radio is used to power the tags, everyone with a basic understanding of physics should know that the field strength diminishes with something like x^-3 and not y^-x, which would make it a cube law matter, and not exponential. Additionally, the same directional antenna that can be used to read the tag's signal can be used to direct the radiated RF energy to the tag.

      one has to remember that tags operating on the same frequency will tend to interfere with each other, reducing the chance of getting a good read.
      Sorry, but that's wrong again. RFID tags only send an answer when they are specifically addressed. The inventory control tags allow for a binay search to find all tags, e.g. you start by asking if any tag have addresses <2^31. If any answer, you check < 2^30 and between 2^31 and 2^30, etc. until you know the individual addresses of all tags in your range. Only after you have the right adress you will start actually reading their data, anything before that is just to detect their presence. Whether or not passport tags even give away their presence if one doesn't provide the (printed) secret key in the request, I do not know.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      For an isotropic (directionless) transmitter/receiver pair, the power requirement is distance^4. That is not exponential.

      By using a directional transmitter and receiver, the power requirement is distance^4/transGain/recGain. Both the power/sensitivity requirements and interference from non-targetted RFID's decrease. A gain of 6 changes a 2" range into 1'. Antenna gain of 60 increases that to 10' range... all with standard equipment. However, this assumes that the passport is broadside to the attacker;
    • by Catbeller (118204)
      No. Passive RFID tags can be read at a much greater distance than "a few feet". Boosting a faint signal into readability is 90 year-old science.

      The RFID industry claims that the passive tags only work at a distance of a few feet, but such claims have already been refuted. What a motivated technologist can do isn't limited by the opinion of the manufacturer, who you must remember has a vested interest in pretending hacks won't work.

      Besides, I'm more worried about the low-frequency semi-active tags. What wou
  • ... would be a better solution. I am pretty sure the electrical arch that will form on any/all electrically conductive material would be more then enough to fry the sensitive chips.
  • by dpbsmith (263124) on Tuesday December 26, 2006 @01:30PM (#17368072) Homepage
    Which is likely to cause you more trouble? Homeland Security being identify me wirelessly at a distance to they can yell at you "6079 Smith W. Yes, you! Bend lower, please!"

    Or that Homeland Security can identify you as someone who has exhibited an unusual pattern of behavior by sabotaging my own passport, for reasons which they will not be interested in trying to understand?

    Telling them that "An article in Wired says a nonworking RFID doesn't invalidate the passport, so I can still use it" is likely to be about as effective as John Gilmore saying that since nobody can show him a copy of any law [postgazette.com] that says he needs to show ID when flying, he should be able to fly without showing ID.
  • Better Yet..... (Score:3, Informative)

    by IHC Navistar (967161) on Tuesday December 26, 2006 @08:44PM (#17372218)
    Instead of a hammer, which would leave an obvious, and most likely ugly, mark on your passport, you could just use an N50 neodymium magnet. The integrity of the passport would remain unaffected. An RFID chip that has been hammered would most likely damage your passpord by fragmenting and cutting through the cover, if the blow from the hammer hadn't scuffed it up enough already.

    N50 Neodymium magnets can be a little pricey (about UK3.00 / US6.00), but with a magnet that strong, you could probably keep yourself amused until the end of time!
  • by HungWeiLo (250320) on Tuesday December 26, 2006 @10:43PM (#17373032)
    A passport has an RFID implanted if it has this symbol [hasbrouck.org].

    I renewed mine about 1.5 months ago and didn't have it.

Please go away.

Working...