Disabling the RFID in the New U.S. Passports 294
slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, so you can still use it.' "
What the Heck... (Score:3, Informative)
Microwave the sucker and be done with it, I say.
Oh wait, that leaves a big smoking hole in the passport... Errr, never mind, carry on...
Re:Tinfoil Passport Cover? (Score:4, Informative)
Re:Microwave... (Score:3, Informative)
Re:Tinfoil Passport Cover? (Score:3, Informative)
And as long as you keep your passport in the RF shield, nobody can read it.
But the instant you pull it out, anyone can try accessing it.
What's worse: You *know* that Customs Officials won't have Faraday Cages around their reader stations. All someone'll have to do is set up a high-gain antenna somewhere in the area, and they can parasite the data as it's being read by the legitimate scanner.
Re:No Hurry (Score:5, Informative)
What technology would you suggest to use to do this broadcasting? The contactless smart card chip in the passport won't do the job very effectively because:
Perhaps you could photocopy the information page and post flyers? Or just walk around holding your passport open so that any would-be passport cloner can see the MRZ data? If you *really* want to use the passport's contactless chip to distribute the data, I guess you could print your name, birthdate and passport number on a sign, hang it around your neck, and then stick your passport to it so it's held open. Given the name, birthdate and passport number, an attacker will be able to guess the MRZ fairly quickly. If you want to make them work for it a little, you could leave out the birthdate and passport number and let them guess those values. Be sure to give them your name, though, otherwise it'll take too long, because the chip just doesn't report the failed authentication attempts fast enough. There's also the small issue of the communication range of the contactless chip, but perhaps there's an area of the airport that is nicely EM-shielded so that the attacker's lab-grade transciever and signal processing equipment can talk to your passport at a reasonable range. Or perhaps you could just let the attacker give you a booster device that you could hold near your passport.
All in all, it seems like a rather ineffective way to broadcast your data. I'd go with the flyers.
Removing toungue from cheek, it's a pretty ineffective way for an attacker to try to get your data, too. There are many other approaches that are much, much easier.
State Department FAQ (Score:5, Informative)
What will happen if my Electronic passport fails at a port-of-entry?
The chip in the passport is just one of the many security features of the new passport. If the chip fails, the passport remains a valid travel document until its expiration date. The bearer will continue to processed by the port-of-entry officer as if he/she had a passport without a chip.
Re:Great idea! (Score:4, Informative)
So unless they are going to recall all non-chipped passports, they'll have to wait quite a while to make it a requirement.
Also:
Bad Idea (Score:2, Informative)
Somebody doesn't grok RFID... (Score:2, Informative)
There are two types of RFID tags - active (carries its own power supply) and passive (powered by the magnetic field generated by an RFID reader). The best active tags can be read a couple hundred feet away - that's what you use to go speeding through toll booths and such.
Passive tags (like the one in the passport) can only be read a few inches away and someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.
Also, when using the FUD Technologies Nuclear Long Distance Handheld Omnidirectional RFID Reader® one has to remember that tags operating on the same frequency will tend to interfere with each other, reducing the chance of getting a good read.
My suggestion is to take the tinfoil off one's head, wrap their passport in it and go about their business
Re:Anybody got an RFID detector? (Score:4, Informative)
I haven't tried them yet, but if you are interested in PC-based RFID readers, some friends recommended these:
http://www.hobbyengineering.com/H2177.html [hobbyengineering.com]
http://www.phidgets.com/index.php [phidgets.com]
Re:No Hurry (Score:5, Informative)
That's true if your definition of "open" is anything not held tightly closed.
It has already been demonstrated that the faraday cage effect of the shielding is negated if the passport is only open a centimeter or so, as could easily happen with a passport carried in a handbag, or pretty much anywhere there is not much pressure to hold it closed.
So, while you may not be able to crack the data from the RFID, you can certainly talk to it under conditions that are reasonably common in the field.
it requires execution of a cryptographic authentication protocol using an AES key derived from data printed inside the passport cover (called the MRZ)before it will divulge anything; and
Doesn't this strike anyone as ironic? The RFID is of no value for official use without first having to read something printed on the inside. So much for any improvement in convenience or ease of use over the previous implementation. Seems like an RFID manufacturer (patent holder?) hired a really good lobbyist.
Re:Somebody doesn't grok RFID... (Score:3, Informative)
Good post. I just want to add that because the readers EM field powers the chip and the chip's transmitter that the effective power requirement increases with the *cube* of distance, rather than following the normal inverse-square law. That's not to say it's impossible to read chips from larger distances, but it's very tricky, and works best in an EM-shielded lab environment.
you're either lying or ignorant of the field (Score:4, Informative)
Here's a nice little marketing presentation to get you started on the capabilities of passive RFID using Ultra-High Frequency
*Yes, I know its only "1 meter" under near-ideal conditions but average street conditions still don't degrade the range to "a few inches".
Re:Anybody got an RFID detector? (Score:3, Informative)
http://209.85.135.104/search?q=cache:HuNI-ek20WkJ
They also link to the RFID detector in the C'T magazine (first reference).
Re:Somebody doesn't grok RFID... (Score:5, Informative)
Passive tags (like the one in the passport) can only be read a few inches away and someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.
While you may "do" it for a living, it sounds like you don't hack it for a living. It takes a whole different mindset to look for vulnerabilities to exploit.
Even the State Department admits the RFIDs used in the passports can be read from at least 10 feet away. [oreillynet.com] NIST says they've been able to do 30 feet and are working on clever ways to get beyond even that. These numbers are for ISO 14443 RFIDs which seem to be the type used in US passports.
one has to remember that tags operating on the same frequency will tend to interfere with each other, reducing the chance of getting a good read.
There are plenty of situations in which just knowing that the RFID and associated passport are present are trouble enough. The classic example being the bomb with an "american detector" - left out in a public area it only needs to get enough of a signal fingerprint to differentiate american passports from others in order to make that passport's owner very unhappy. Put one of those into the doorframe of a mcdonalds somewhere and you don't even need to worry about long-range fancy-smancy stuff.
Re:Tinfoil Passport Cover? (Score:4, Informative)
Here's how it would work:
1) The customs official asks you for your passport.
2) You pull it out of your tinfoil sleeve and hand it over.
3) Customs official opens the front cover and scans the front page so his computer has all of the information for the security key. (It's not used for encryption. It's just a plaintext password.)
4) Customs official's station broadcasts the security key.
5) The RFID tag in your passport broadcasts your passport data.
If I have a sensitive enough high gain antenna pointed at that customs station, I now have both your security key AND all of the information in your passport.
The broadcasts in steps 4 and 5 are OMNI-DIRECTIONAL. They're relatively low-power, because according to the design, the passport's supposed to be only a few cm away from the reader.. But that's why you need a high-gain antenna.
whats the beef? (Score:2, Informative)
35-45 feet (Score:2, Informative)
Better Yet..... (Score:3, Informative)
N50 Neodymium magnets can be a little pricey (about UK3.00 / US6.00), but with a magnet that strong, you could probably keep yourself amused until the end of time!
Re:Great idea! (Score:3, Informative)
In reality, it just opens up a whole new area to be exploited. If route A is easier than route B, people will choose route A for whatever it is they want to do. A quick idea, which I'm sure the "terrorists" have already considered: Kill a person, steal his identity, get new ID. Easy. The passport is real, your photo will be real. Immigration will be happy.
Hell, you don't even need to kill anyone to steal their identity! Just go find someone that lives in Idaho. Chances are this person will never leave the U.S., and thus neither the person in question, nor immigration, will ever notice something is fishy.
Another idea. Get a genuine, non-U.S. passport that's in someone elses name, and travel with it. Just find another contry that is lax with issuing passports and get one there. Not such a big deal if you're part of an international terrorist ring, right?
Essentially what the gov't is doing is similar to what I saw at a datacenter once. The front entrance was like a freakin' fort. But to get in, all you needed to do was slip in through the back when the cleaning lady was walking in. Really, Stupid. As we all know, the weakest link in the chain will break it.
Which reminds me of a recent trip from Tokyo to Frankfurt that I took. I was in business class, which had REAL cutlery with the meals. But the butter knives were plastic. BUTTER KNIFE!! I swear to god, if I had a real butter knife and a real fork, and I had to use one or the other to threaten someone or defend myself, I would choose the fork!!! Stupid, stupid, stupid. Oh, and the inflight material all says that ALL radio wave emitting devices are banned from use. Then the Connexion by Boeing ad shows how to use your WiFi card to get internet access. Oh, the list of complaints I have over stupid policy...
Re:Tinfoil Passport Cover? (Score:3, Informative)
I was with you until number 4. All I can say is, HUH? Why would it broadcast the security key. The RFID chip has no use for the key since it cannot use it. Where does this RFID chip store, oh I don't know, the RAM and CPU required to decrypt data.
The key phrase here is *reader*. The passport system reads the data off the RFID and then applies the key in the computer system. The only way the key is "transmitted" in the clear is via photons to the OCR.
Here's a revised list that I think will more accurately reflect reality:
1) The customs official asks you for your passport.
2) You pull it out of your tinfoil sleeve and hand it over.
3) Customs official opens the front cover and scans the front page so his computer has all of the information for the security key. (It's not used for encryption. It's just a plaintext password.) (kind of missing your point here)
4) The RFID tag in your passport broadcasts your passport data.
5) The customs officical's system decrypts the data received using the non-transmitted key.
For a thief to clone a passport, he will need to know the plain text in addition to nabbing the RFID data. Both are fairly trivial, esp. if there's a team working it. A pickpocket to lift/read/copy and replace. And another to "listen" for the OTA data. Of course you're only going to get targeted victims, not the wholesale copying people are claiming.
This is simply security theater. The problem is not cloned or forged passports. The problem is people getting valid passports for false IDs. This tries to solve a problem that doesn't exist.
How to tell if your passport has RFID (Score:3, Informative)
I renewed mine about 1.5 months ago and didn't have it.
Re:No Hurry (Score:5, Informative)
Perhaps I'm simply naive here but if the RFID tag requires information printed inside the passport be entered into a computer then why have RFID at all?
It's an anti-forgery mechanism. A forger doesn't want to duplicate a passport, a forger wants to create a passport with the bogus holder's photo, plus some either real or real-looking but innocuous identification data. The thing the RFID's copy of the data has that the printed page doesn't have is digital signatures. A forger may be able to print a perfect-looking passport, and embed a chip loaded with all of the corresponding data, but he won't have access to the private keys necessary to apply the proper digital signature to the data. This makes the new passports essentially impossible to forge, assuming RSA remains unbroken and assuming the private key is well-protected.
There's no need to use a contactless method unless someone is picturing a scenario where customs will be something that you just walk through with your passport in your pocket or just have it tapped on a reader.
Not true. The engineers who created the passport chip specification for ICAO wanted to use off-the-shelf technology, rather than inventing and debugging something entirely new. Given how much trouble the various vendors have had making the off-the-shelf technology interoperate correctly, this was a wise choice. But off-the-shelf contact smart card technology has some fundamental limitations for this application.
First, where on a passport do you put the chip and how do you insert it? Obviously, you can't use off-the-shelf smart card readers, because the passport is the wrong shape and size. Further, passports aren't rigid enough to guarantee that the contacts will correctly land on the regions of the smart card contact plate. Using a contact chip would have required adding some card-shaped rigid plastic "page" to the passport, which would have complicated manufacturing, made the passports more fragile and probably also increased the time required for Immigration officials to insert the card.
Second, and more importantly, contact smart cards are too slow. Due to a quirk of history, contact smart cards are limited to a maximum data rate of 115kbps. Because of the inefficiency built into the ISO 7816 T=0 and T=1 protocols, that means you get about 8KiBps (note: kbps = 10^3 bits per second, KiBps = 2^10 bytes per second) throughput, *max*. And, in practice, you only get that speed by carefully matching and testing cards and readers. In the smart card world, we expect real-world transfer rates of 1-2KiBps. The ICAO data set sizes are in the range of 30-40KiB. Contactless cards, however, are either 400kbps or 800kbps. Even at the slower speed, that produces a transfer rate of over 30KiBps. You can see that a contact card's best case is around four seconds to move the data set, and a more realistic common case is 10-15 seconds. A contactless card's worst case is about 1.3s, and the best case is about 300ms.
Add to that the fact that contactless is more forgiving of passport placement accuracy than contact, and you have a really significant difference in per-person processing time. Five seconds per traveler, per agent adds up to another full-time position or two at each major airport.
All of this could have been addressed by designing a new contact interface and protocol, of course. The custom contact plate could have been much larger so the individual contact areas were much bigger, solving most of the issues. But they wanted off-the-shelf, both in the interest of development time and in the interest of cost. By using standard parts, the passport issuers and immigration agencies benefit from economies of scale that they wouldn't get with custom components.
Finally, there was really no reason *not* to go contactless. Privacy wasn't traditionally part of the security issues that passport agencies were concerned about and, in any case, the MRZ-based encryption seemed to addr
Re:No Hurry (Score:4, Informative)
I gave a better answer to this question here [slashdot.org].