Forgot your password?
typodupeerror
Privacy United States Your Rights Online

Researchers Find Problems With RFID Passport Cards 172

Posted by timothy
from the clearly-unpossible dept.
An anonymous reader writes "Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card." You can also read the summary of the researchers' report.
This discussion has been archived. No new comments can be posted.

Researchers Find Problems With RFID Passport Cards

Comments Filter:
  • This just in (Score:2, Insightful)

    by Anonymous Coward
    Bear shits in woods, news at 11.
  • Breaking news: (Score:5, Interesting)

    by cosmocain (1060326) on Friday October 24, 2008 @05:23AM (#25495345)
    The left hand doesn't know what the right hand is doing.

    FTFA:

    We show that a key anti-cloning feature proposed by the U.S. Department of Homeland Security (the tag-unique TID) remains undeployed in these cards.

    • Re: (Score:2, Funny)

      by GoombaTroopa (1022351)

      The left hand doesn't know what the right hand is doing.

      It's probably better off not knowing. ;)

      (This sort of joke was inevitable)

  • by mapkinase (958129) on Friday October 24, 2008 @05:30AM (#25495371) Homepage Journal

    Did they compare the efficiency of copying passports w/ and w/out RFID?

    • I'm going to guess easier to copy than traditional passports.Can find anyone who can copy my passport in a few minutes after simply passing me on the street while my passport was inside my bag without me knowing they've obtained a copy?

      • by NoisySplatter (847631) <noisysplatter@@@gmail...com> on Friday October 24, 2008 @07:37AM (#25495957)

        They still can't.

        From the article:
        "Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance..."

        Considering the "passport" is the entire document and the tag itself contains no identifying information they still can't clone your passport at a distance. They could clone the tag inside it, but the process of faking your passport would still involve creating the paper hard copy. I'd say if they still have to do everything they used to and also something new then it's more secure, not less.

        Of course the ability to recognize and track a person's movements through the use of RFID is still worrying, but it's no easier to fake a passport than it used to be.

        • Then what is the point of using RFID in the first place? If you need to see the actual passport anyway, why not use magstripe or barcodes? *sigh*

          • Magstripes decay. Neither stores data all that densely.
            • Not arguing, but what data? If the tag doesn't contain personal information, exactly how much data does it need to store, and for what? How about 2D Aztek or DataMatrix bar codes that need to have the passport in hand, and opened, to scan?
        • by houghi (78078)

          then it's more secure, not less.

          That is security through obscurity. I could even argue that it has become less secure. Now people will look at green light that will show up and when that does happen then it must be OK.
          People tend to believe the machien more then they do themselves. This because they do not have to take the resposability, but can blame somebody (or in this case something) else. A simple case of "Gee, I can not give you another seat, because the computer tells me the plane is full" even thou

          • Re: (Score:3, Insightful)

            by NoisySplatter (847631)

            Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent, but even the best lock only works if you use it properly.

            • Re: (Score:3, Insightful)

              by Jah-Wren Ryel (80510)

              Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent,

              No, a system that does not take into account natural human behavior is flawed, not the humans. Your attitude is what leads to counterproductive 'security' like the UAC on Vista.

              • I understand what you're talking about, and agree that things like that aren't good, but we're not talking about just clicking through an error message or "are you sure" dialog. These people are controlling the border of a country that is paying them to do it properly and accurately. There are a number of ways to test for continued compliance to a standard including random monitoring and even sending people through whose documents don't match to see if they're caught.

                The reason the RFID chips are even in th

                • This action isn't an interruption of thier task, it is their task. If that isn't enough to keep them on their toes then they need to find a new line of work.

                  And that's the problem - it is not an interruption. Unless we plan on breeding idiot-savants for the job, no human can do that reliably all day long. We are just not wired that way to do the same repetitive task over and over and then notice the 1 out of 100 or 1 out of 1000 exception. It doesn't matter if a nuke will go off if the person fails, they will still fail.

  • Elvis (Score:5, Funny)

    by Krneki (1192201) on Friday October 24, 2008 @05:31AM (#25495379)

    So, if I want to be Elvis all I need is one of those new passports.

    Cool.

  • by retech (1228598) on Friday October 24, 2008 @05:36AM (#25495411)
    1. I am shocked!
    2. I am outraged!
    3. I am indignant!
    4. Tubes, what tubes?
    5. This is why I wrap all my important body parts in tinfoil.
    6. Why didn't we know about this sooner?
    7. If it's not on BoingBoing I don't believe it.

    Please, someone in authority with intelligence tell me what to think about this. Oh.. wait... that's never going to happen is it.

    • by SharpFang (651121) on Friday October 24, 2008 @09:13AM (#25496683) Homepage Journal

      8. Shut up. This is to stop the terrorists. And you don't want to support terrorism, do you?
      9. Shut up. This is to protect the children. And you don't want to support pedophilia, do you?
      10. This is a classified information you were not authorised to obtain. Please lay on the ground face down and place your hands on your head.

      • by gknoy (899301)

        10. This is a classified information you were not authorised to obtain. Please lay on the ground face down and place your hands on your head.

        11. A party associate will arrive shortly to collect you for your party. Make no further attempt to leave the testing area. Assume the "Party Escort Submission Position" or you will miss the party.

    • Re: (Score:3, Funny)

      by TubeSteak (669689)

      Your solution advocates a

      ( ) technical ( ) legislative ( ) market-based ( ) vigilante (*) emotional

      approach to solving a looming privacy problem. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular emotional state, and it may have other flaws which used to vary from state to state or country to country before a bad federal or international law was passed.)

  • Security (Score:3, Informative)

    by supernova_hq (1014429) on Friday October 24, 2008 @05:42AM (#25495441)
    I guess this is especially bad, considering their security! [washingtontimes.com]
  • Again (Score:5, Interesting)

    by RAMMS+EIN (578166) on Friday October 24, 2008 @06:03AM (#25495535) Homepage Journal

    This is about the umpteenth time we hear about this. Somehow, I can't believe anymore that putting these chips in passports was meant to increase security. The question is...what _was_ the purpose?

    • by SL Baur (19540)

      The question is...what _was_ the purpose?

      The main stated reason was to facilitate entry of US citizens into Great Britain. It was also supposed to be "more secure".

      Sigh. See my earlier post in this article how kidnapper convenient these things are.

      • Re:Again (Score:5, Informative)

        by Yer Mum (570034) on Friday October 24, 2008 @08:14AM (#25496187)

        My first reaction would be to say that you are kidding, but then this is yet another example of policy laundering.

        In the UK the government said it was because it was being deployed by the US.

        Basically it was a working group from the US, UK, Canada, Australia, and New Zealand which pushed it onto the ICAO and then each country was forced to grudgingly and unwillingly implement this standard which they previously pushed for.

        • by klui (457783)
          Maybe the Chinese will do it right and just put a shoddy non-working chip into its citizens' passports. The first time when DOA is a good thing.
      • by SharpFang (651121)

        The main stated reason of introducing RFID passports in GB was to facilitate entry of GB citizens into US.

        So, bullshit.

        • Re:Again (Score:4, Insightful)

          by DrgnDancer (137700) on Friday October 24, 2008 @10:37AM (#25497613) Homepage

          I don't see the conflict here:

          Step one: US and UK (and probably several other) governments get together and decide this is a good idea.
          Step two: Both governments go back to their people and say "This is to facilitate entry into $otherCountry."
          Step three: Both governments get the standards implemented and both get to make it look like they were just being nice and facilitating travel to $otherCountry; while at the same time getting what they actually wanted anyway.

          Both governments get what they want, neither side actually lied (since, after all, travel between the two or more countries IS facilitated) and everyone is happy except for the people who realized that this was a dumb, ineffective, and potentially abusable idea in the first place.

    • Re:Again (Score:5, Informative)

      by will_die (586523) on Friday October 24, 2008 @06:56AM (#25495753) Homepage
      The purpose was to decrease the time it took to process a passport aka person. Bar codes can have problems being read and take more time to scan then RFIDs. In addition the RFID contain the same information you see in the passport, so that you can check that against the database and future use would allow checking the RFID stored photo with a camera scan to verify ID.

      The problems mentioned here and elsewhere are that you can copy an RFID make a duplicate of it. With a regular passport that is not really a problem, excluding privacy since they contain personnal data but the US system and others are suppose to be encrypted so you cannot get the info without the physical passport so you can get the key, because your passport is checked against the database entery and then the person doing the check is suppose to compare the computer to the passport to the holder and they should all match. In this case the problem is that these are passport cards, not regular passports, designed for people who cross the borders all time and this will allow for quick processing with the passport card never being checked by human; same system that you have for toll road cards.
      Since these cards and also drivers licenses are not encrypted and not checked by humans an evil person could copy the card, get your PIN and then have easy access to cross the border, provided they don't have sort of facial recognition system, being implemented, that checks your passport card against the database against the facial recognition system.
      • Re: (Score:3, Interesting)

        by hughk (248126)

        In addition the RFID contain the same information you see in the passport, so that you can check that against the database and future use would allow checking the RFID stored photo with a camera scan to verify ID.

        No. A friend of a friend got his new RFID chipped passport in the US. He refused to accept the passport without the chip being checked. This was good because it was someone else's chip in his passport. The manufacturing process has got screwed up and the wrong data was recorded in the passport.

        The

    • Re:Again (Score:4, Interesting)

      by jlarocco (851450) on Friday October 24, 2008 @07:03AM (#25495777) Homepage

      This is about the umpteenth time we hear about this. Somehow, I can't believe anymore that putting these chips in passports was meant to increase security. The question is...what _was_ the purpose?

      First, the article isn't talking about passports. It's talking about the new passport cards [state.gov]. It's not necessarily a given that the same RFID chip is used in both of them.

      Second, passport cards aren't even required. You can get a regular passport with or without getting the card. The cards have nothing to do with extra security and everything to do with making travel between the US, Canada and Mexico more convenient.

      Third, the RFID chip in regular passports isn't required either. You can get the passport, smash the chip with a hammer, and use it just like a regular old passport.

      In any case, it's 100x easier to just order somebody's birth certificate, make a fake ID, and order a legit passport in their name.

    • Re:Again (Score:4, Informative)

      by swillden (191260) <shawn-ds@willden.org> on Friday October 24, 2008 @08:53AM (#25496441) Homepage Journal

      The purpose WAS to increase security, and it works just fine. What these researchers did was simple, obvious and pointless.

      Sure you can copy the data from one passport to another. So what? It still contains the original photo and any other biometrics, binding it to the true owner of the passport. The data can't be altered because it's digitally-signed. Someone else can impersonate the passport holder, but only if they have the passport holder's face. As more biometrics are added, they'll also need the passport holder's fingerprints, iris -- maybe someday they'll need the passport holder's DNA.

      Now, the fact that the passport might be detectable from a distance is something of an issue. US passports have foil in the cover to create a mini Faraday cage and RF-isolate the chip when the passport is closed, so for holders of US passports the solution is simple: put a rubber band around your passport to hold it closed. Holders of passports from other countries may want to cover their passport in tinfoil if they're concerned about being tracked.

      • Re: (Score:2, Interesting)

        by TheP4st (1164315)

        The data can't be altered because it's digitally-signed.

        mmkay.. [guardian.co.uk]

        • by swillden (191260)

          The data can't be altered because it's digitally-signed.

          mmkay.. [guardian.co.uk]

          That's got nothing to do with the digital signature on the data.

          In order to read the data from the card, you first have to authenticate with a challenge-response protocol using a symmetric authentication key. That key is derived from data printed on the inside of the passport, the "Machine Readable Zone", or MRZ. The purpose of this authentication is to make it difficult for someone to read your passport data without your knowledge. In theory, they'd need to open your passport, grab an image of the ins

          • by hughk (248126)
            There are schemes where passport data can be secured with a digital signature from the issuing authority. The problem is that it means that you have to have a key distribution infrastructure. Public Key Infrastructures have a lot of problems even in one organisation, let alone across international borders.
            • by swillden (191260)
              ICAO acts as the root CA and certifies the national keys. It's a well-understood problem.
              • by hughk (248126)

                Large PKI systems have a number of major issues complicating it, especially when you have a relatively long lived piece of information like a passport or other identity document.

                One such problem is the root certificate. PKI is a hierarchical trust system so should ICAO signing key become discovered this would invalidate every document signed using that key. This would invalidate the national issuer keys which in turn would invalidate the issued documents. All of them.

                • by swillden (191260)

                  Large PKI systems have a number of major issues complicating it, especially when you have a relatively long lived piece of information like a passport or other identity document.

                  Yes, and all of those issues are also well-understood and there are reasonable ways to address them. For starters do some research into FIPS 140-2 level 4-certified hardware crypto modules. Such devices, along with key-splitting techniques and secure backup and key management techniques, provide the basis for making secure generation and management of such important keys possible. Not easy, but possible -- and done all the time by numerous government and commercial institutions.

                  One such problem is the root certificate. PKI is a hierarchical trust system so should ICAO signing key become discovered this would invalidate every document signed using that key. This would invalidate the national issuer keys which in turn would invalidate the issued documents. All of them.

                  Nonsense.

                  The compromise

          • In February 2005, cryptographers were already saying things like "Until further notice all new designs should use SHA-256" due to recently discovered weaknesses in SHA-1. It hasn't been cracked, and it's not in immediate danger, but in any system that will be around for decades to come it is an unwise choice.

            • by swillden (191260)

              Yes, they're using SHA-1. This standard was completed and countries had already made large investments in building and deploying passports and infrastructure before the first reports of possible weakness in SHA-1 came out.

              I'm sure they'll change that in a future revision, but it'll take a decade or two. I'll be surprised if pre-image attacks against SHA-1 become possible before then.

      • The day I'm required to supply my fingerprints, iris scan, and DNA to hold a passport, would be the day I uproot my family and reverse emigrate to San Miguel, Azores, Portugal. My In-Laws have property that's high on a cliff overlooking the ocean there. I'm tempted to see how much they want for it. There's hot springs there so a simple geothermal generator is possible. Solar too.. The climate is very temperate. I could do Linux consulting remotely to pay the bills. The Patriot Act is anything but pat

        • by swillden (191260)

          The day I'm required to supply my fingerprints, iris scan, and DNA to hold a passport, would be the day I uproot my family and reverse emigrate to San Miguel, Azores, Portugal.

          Portugal will almost certainly implement biometric requirements before the US will.

      • Someone else can impersonate the passport holder, but only if they have the passport holder's face.

        It is called "identity shopping" and not they do no need to have his face. They only need to look vaguely like the original holder because, as everyone with a driver's license knows, that the picture on your photo-id is rarely all that great of a picture.

        As more biometrics are added, they'll also need the passport holder's fingerprints, iris -- maybe someday they'll need the passport holder's DNA.

        Boy, that's a day to look forward to. But even that's not foolproof, have you seen the movie GATTACA? If DNA should ever become a requirement, there will be plenty of ways to impersonate that too, especially when you consider that people constantly shed

        • by swillden (191260)

          Wow, you've made an amazing discovery: Nothing is perfect!

          Of COURSE it will always be possible to defeat any security scheme. It's always been possible to forge passports in the past. The new MRTDs are a response to the fact that technology has been making it easier and easier to forge the paper and ink characteristics that have been the primary security technologies in the past. No one seriously expects the new technologies to achieve perfection either -- and even if they did, you could STILL beat th

          • Wow, you've made an amazing discovery: Nothing is perfect!

            The discovery I've made is that the price we are paying for imperfection keeps going up.

            • by swillden (191260)

              Wow, you've made an amazing discovery: Nothing is perfect!

              The discovery I've made is that the price we are paying for imperfection keeps going up.

              Not really. The inflation-adjusted price of passports has remained fairly constant, with only minor fluctuations. Or did you think that all of the equipment to produce holograms, optically-variable inks, layered printing, UV printing, laser engraving, etc., was cheap? In the past, the high cost of the equipment was the ONLY thing preventing forgers from successfully producing perfect fakes.

              If you meant something else by "price", don't be coy: spit it out so we can discuss it. I may agree with you.

    • by pluther (647209)
      The question is...what _was_ the purpose?

      My guess is that the answer to that will be obvious if someone can answer:
      1. Who approved this in the first place.
      2. Who is profiting from the manufacture of these new passports.
      3. How much money #2's lobbyists gave to #1.

  • this is intentional (Score:5, Interesting)

    by Anonymous Coward on Friday October 24, 2008 @06:03AM (#25495537)

    Part of creating a more authoritarian society is to keep your populace under fear. To have the more knowledgeable elements of your population know just how close they are to losing their freedom due to a modern equivalent of a filing error is entirely intentional.

    No-one in government/civil service wants these documents to be 100% secure. A few accidental misidentifications will keep everyone realising how powerless they are, and a few "accidental" misidentifications will be used to conveniently eliminate specific undesirables.

    Summary: If you fear that your identity will be stolen now, the government is operating as intended.

  • by dword (735428) on Friday October 24, 2008 @07:11AM (#25495825)
    Damn it, now I have to take off my tinfoil hat and use the tinfoil to protect my RFID!
    • by glop (181086)

      Does it actually work?
      What's the frequency used for RFID chips? How thick a metal box do you need? What kind of joints does one need?
      Come on guys, don't tell me I'll have to Google it!

      • Thin foil should work as long as it's electrically insulated from the loop antenna in the document ; since this is embedded between a sheet of plastic and a cardboard cover, that's already done.

        Complete coverage works for any frequency.

        Heck, a conductive antistatic bag might be enough.

    • by houghi (78078)

      I do have made a pouch for my RFID passport. I took some tinfoil and put somer duct tape on one side a bit more then souble the size of my passport in length. Doublefolded it and put duct tape on the outside as well. Now it is like an envelope. Layer of duct tape, layer of tinfoil and again a layer of duct tape.

      I was once asked why I did this. I told them it was because I once had problems with a password becoming wet and unreadable, so this is to prevent that. If they would have asked about the tinfoil in

  • the question im asking right now is not "why didnt everyone just listen to me when i said it was a problem" but, "does this make me a researcher too??"
  • by jjo (62046) on Friday October 24, 2008 @08:26AM (#25496287) Homepage
    Just cloning the RFID code isn't a particularly safe way to forge a border-crossing card. With a blank RFID card carrying cloned data you are running the risk that the border agents will examine your bogus RFID card, see that it's not geniuine, and bust you for forgery.

    Even if you do a convincing forgery of the card itself, you run a risk of discovery. Using the RFID data as an index into the government database, the border agent's computer system will pull up the photo (or other biometric data) of the genuine cardholder. If they are paying attention, they will see that you are not the right person, and bust you for forgery.

    Also, each RFID passport card comes with a foil-lined sleeve that protects it from both physical damage and RFID skimming. I always keep mine in the sleeve when not in use. If others do the same, this vulnerability will be restricted to places where the cards are used, i.e., border crossings. Lurking around border crossings to clone RFID data seems like another risky strategy.

    • by hughk (248126)
      In theory your own border guards may be able to validate the identity of a passport holder. In reality, if you go to the US with a UK passport, I don't think the US will allow the UK immigration officials access to their database. In reality they will just use the image on the chip (maybe).
    • by pluther (647209)

      1. Forging the card is easy. You don't need access to the original, you just need to know what it's supposed to look like. They all look the same, and the info you need is on the chip. Convenient, huh?

      2. I didn't get a foil sleeve with my new RFID passport. Nor did either of the other two people in my household who got theirs at about the same time.

      3. "Lurking around border crossings" is perfectly safe, and not suspicious. I've crossed lots of borders and one thing they all have in common is large numbers

      • You did get a foil sleeve with your new RFID passport. If you are talking about the standard "book-type" passport, the RFID sleeve is integrated in the cover. However, the new passport card comes with a separate foil sleeve.

        While forging the card isn't "easy" by any reasonable definition of the word, even a perfect forgery isn't enough. The picture (and in future, other biometrics) of the genuine passport holder will be stored in the government database, and called up via the index stored in the RFID c

  • Quick! (Score:3, Informative)

    by BigBadBus (653823) on Friday October 24, 2008 @08:49AM (#25496403) Homepage
    Someone call the Mythbusters! Oh, someone did? Darn.
  • Would keeping my passport in an anti-static bag that computer parts come with prevent it from being read? And does anyone know where I can get an RFID reader cheap? (cuz I don't trust the /. crowd to really know the answer to the first question.)

    Also, what anti-copying technology could they possibly be talking about. It seems to me that unless the RFID chips have evolved into active things that actually read some transmitted data, decrypt it (proving you have the secret key without revealing the secret key)

  • All you people who said I was full of sh** when this subject last came up on slashdot.
  • Hell, even my aging grandmother could find flaws in the RFID passports.
  • How does someone use a microwave oven to zap the embedded RFID without leaving a noticeable mark on the passport (like a burn mark after too much power/time)? Maybe there's some amount of popcorn kernels that can pop before burning the passport, then stop the process after the chip is fried, before some larger amount of kernels pop before the passport burns?

  • by TrentTheThief (118302) on Friday October 24, 2008 @03:29PM (#25501883)

    "Microwave"

A Fortran compiler is the hobgoblin of little minis.

Working...