Researchers Find Problems With RFID Passport Cards 172
An anonymous reader writes "Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card." You can also read the summary of the researchers' report.
This just in (Score:2, Insightful)
Re: (Score:2)
Breaking news: (Score:5, Interesting)
FTFA:
We show that a key anti-cloning feature proposed by the U.S. Department of Homeland Security (the tag-unique TID) remains undeployed in these cards.
Re: (Score:2, Funny)
The left hand doesn't know what the right hand is doing.
It's probably better off not knowing. ;)
(This sort of joke was inevitable)
Re: (Score:2)
Good for those who sleep on their arms.
question to those who read the article (Score:3, Insightful)
Did they compare the efficiency of copying passports w/ and w/out RFID?
Re: (Score:2)
I'm going to guess easier to copy than traditional passports.Can find anyone who can copy my passport in a few minutes after simply passing me on the street while my passport was inside my bag without me knowing they've obtained a copy?
Re:question to those who read the article (Score:5, Insightful)
They still can't.
From the article:
"Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance..."
Considering the "passport" is the entire document and the tag itself contains no identifying information they still can't clone your passport at a distance. They could clone the tag inside it, but the process of faking your passport would still involve creating the paper hard copy. I'd say if they still have to do everything they used to and also something new then it's more secure, not less.
Of course the ability to recognize and track a person's movements through the use of RFID is still worrying, but it's no easier to fake a passport than it used to be.
Re: (Score:2)
Then what is the point of using RFID in the first place? If you need to see the actual passport anyway, why not use magstripe or barcodes? *sigh*
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent, but even the best lock only works if you use it properly.
Re: (Score:3, Insightful)
Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent,
No, a system that does not take into account natural human behavior is flawed, not the humans. Your attitude is what leads to counterproductive 'security' like the UAC on Vista.
Re: (Score:2)
I understand what you're talking about, and agree that things like that aren't good, but we're not talking about just clicking through an error message or "are you sure" dialog. These people are controlling the border of a country that is paying them to do it properly and accurately. There are a number of ways to test for continued compliance to a standard including random monitoring and even sending people through whose documents don't match to see if they're caught.
The reason the RFID chips are even in th
Re: (Score:2)
This action isn't an interruption of thier task, it is their task. If that isn't enough to keep them on their toes then they need to find a new line of work.
And that's the problem - it is not an interruption. Unless we plan on breeding idiot-savants for the job, no human can do that reliably all day long. We are just not wired that way to do the same repetitive task over and over and then notice the 1 out of 100 or 1 out of 1000 exception. It doesn't matter if a nuke will go off if the person fails, they will still fail.
Elvis (Score:5, Funny)
So, if I want to be Elvis all I need is one of those new passports.
Cool.
Re:Elvis (Score:5, Informative)
http://hackaday.com/2008/09/30/cloning-and-modifying-e-passports/ [hackaday.com]
By the way, the most "funny" thing I saw about RFID passports was that in Pakistan, at least one occurrence of "American passport bearer detection" has occurred in a market crowd. Fortunately, the goal was then to steal the passport, not behead the bearer.
Re: (Score:2)
Re:Elvis (Score:5, Funny)
Elvis would be a good choice when registering to vote in Chicago. For border crossings, I'd recommend using Cat Stevens.
How should I respond to this? (Score:5, Funny)
Please, someone in authority with intelligence tell me what to think about this. Oh.. wait... that's never going to happen is it.
Re:How should I respond to this? (Score:5, Interesting)
8. Shut up. This is to stop the terrorists. And you don't want to support terrorism, do you?
9. Shut up. This is to protect the children. And you don't want to support pedophilia, do you?
10. This is a classified information you were not authorised to obtain. Please lay on the ground face down and place your hands on your head.
Re: (Score:2)
11. A party associate will arrive shortly to collect you for your party. Make no further attempt to leave the testing area. Assume the "Party Escort Submission Position" or you will miss the party.
Re: (Score:3, Funny)
Your solution advocates a
( ) technical ( ) legislative ( ) market-based ( ) vigilante (*) emotional
approach to solving a looming privacy problem. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular emotional state, and it may have other flaws which used to vary from state to state or country to country before a bad federal or international law was passed.)
Security (Score:3, Informative)
Again (Score:5, Interesting)
This is about the umpteenth time we hear about this. Somehow, I can't believe anymore that putting these chips in passports was meant to increase security. The question is...what _was_ the purpose?
Re: (Score:2)
The question is...what _was_ the purpose?
The main stated reason was to facilitate entry of US citizens into Great Britain. It was also supposed to be "more secure".
Sigh. See my earlier post in this article how kidnapper convenient these things are.
Re:Again (Score:5, Informative)
My first reaction would be to say that you are kidding, but then this is yet another example of policy laundering.
In the UK the government said it was because it was being deployed by the US.
Basically it was a working group from the US, UK, Canada, Australia, and New Zealand which pushed it onto the ICAO and then each country was forced to grudgingly and unwillingly implement this standard which they previously pushed for.
Re: (Score:2)
Re: (Score:2)
The first time when DOA is a good thing.
I don't know about that. I ordered a mail order steak once...
Re: (Score:2)
The main stated reason of introducing RFID passports in GB was to facilitate entry of GB citizens into US.
So, bullshit.
Re:Again (Score:4, Insightful)
I don't see the conflict here:
Step one: US and UK (and probably several other) governments get together and decide this is a good idea.
Step two: Both governments go back to their people and say "This is to facilitate entry into $otherCountry."
Step three: Both governments get the standards implemented and both get to make it look like they were just being nice and facilitating travel to $otherCountry; while at the same time getting what they actually wanted anyway.
Both governments get what they want, neither side actually lied (since, after all, travel between the two or more countries IS facilitated) and everyone is happy except for the people who realized that this was a dumb, ineffective, and potentially abusable idea in the first place.
Re:Again (Score:5, Informative)
The problems mentioned here and elsewhere are that you can copy an RFID make a duplicate of it. With a regular passport that is not really a problem, excluding privacy since they contain personnal data but the US system and others are suppose to be encrypted so you cannot get the info without the physical passport so you can get the key, because your passport is checked against the database entery and then the person doing the check is suppose to compare the computer to the passport to the holder and they should all match. In this case the problem is that these are passport cards, not regular passports, designed for people who cross the borders all time and this will allow for quick processing with the passport card never being checked by human; same system that you have for toll road cards.
Since these cards and also drivers licenses are not encrypted and not checked by humans an evil person could copy the card, get your PIN and then have easy access to cross the border, provided they don't have sort of facial recognition system, being implemented, that checks your passport card against the database against the facial recognition system.
Re: (Score:3, Interesting)
No. A friend of a friend got his new RFID chipped passport in the US. He refused to accept the passport without the chip being checked. This was good because it was someone else's chip in his passport. The manufacturing process has got screwed up and the wrong data was recorded in the passport.
The
Re:Again (Score:4, Interesting)
First, the article isn't talking about passports. It's talking about the new passport cards [state.gov]. It's not necessarily a given that the same RFID chip is used in both of them.
Second, passport cards aren't even required. You can get a regular passport with or without getting the card. The cards have nothing to do with extra security and everything to do with making travel between the US, Canada and Mexico more convenient.
Third, the RFID chip in regular passports isn't required either. You can get the passport, smash the chip with a hammer, and use it just like a regular old passport.
In any case, it's 100x easier to just order somebody's birth certificate, make a fake ID, and order a legit passport in their name.
Re:Again (Score:4, Informative)
The purpose WAS to increase security, and it works just fine. What these researchers did was simple, obvious and pointless.
Sure you can copy the data from one passport to another. So what? It still contains the original photo and any other biometrics, binding it to the true owner of the passport. The data can't be altered because it's digitally-signed. Someone else can impersonate the passport holder, but only if they have the passport holder's face. As more biometrics are added, they'll also need the passport holder's fingerprints, iris -- maybe someday they'll need the passport holder's DNA.
Now, the fact that the passport might be detectable from a distance is something of an issue. US passports have foil in the cover to create a mini Faraday cage and RF-isolate the chip when the passport is closed, so for holders of US passports the solution is simple: put a rubber band around your passport to hold it closed. Holders of passports from other countries may want to cover their passport in tinfoil if they're concerned about being tracked.
Re: (Score:2, Interesting)
The data can't be altered because it's digitally-signed.
mmkay.. [guardian.co.uk]
Re: (Score:2)
The data can't be altered because it's digitally-signed.
mmkay.. [guardian.co.uk]
That's got nothing to do with the digital signature on the data.
In order to read the data from the card, you first have to authenticate with a challenge-response protocol using a symmetric authentication key. That key is derived from data printed on the inside of the passport, the "Machine Readable Zone", or MRZ. The purpose of this authentication is to make it difficult for someone to read your passport data without your knowledge. In theory, they'd need to open your passport, grab an image of the ins
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Large PKI systems have a number of major issues complicating it, especially when you have a relatively long lived piece of information like a passport or other identity document.
One such problem is the root certificate. PKI is a hierarchical trust system so should ICAO signing key become discovered this would invalidate every document signed using that key. This would invalidate the national issuer keys which in turn would invalidate the issued documents. All of them.
Re: (Score:2)
Large PKI systems have a number of major issues complicating it, especially when you have a relatively long lived piece of information like a passport or other identity document.
Yes, and all of those issues are also well-understood and there are reasonable ways to address them. For starters do some research into FIPS 140-2 level 4-certified hardware crypto modules. Such devices, along with key-splitting techniques and secure backup and key management techniques, provide the basis for making secure generation and management of such important keys possible. Not easy, but possible -- and done all the time by numerous government and commercial institutions.
One such problem is the root certificate. PKI is a hierarchical trust system so should ICAO signing key become discovered this would invalidate every document signed using that key. This would invalidate the national issuer keys which in turn would invalidate the issued documents. All of them.
Nonsense.
The compromise
They're using SHA-1? (Score:2)
In February 2005, cryptographers were already saying things like "Until further notice all new designs should use SHA-256" due to recently discovered weaknesses in SHA-1. It hasn't been cracked, and it's not in immediate danger, but in any system that will be around for decades to come it is an unwise choice.
Re: (Score:2)
Yes, they're using SHA-1. This standard was completed and countries had already made large investments in building and deploying passports and infrastructure before the first reports of possible weakness in SHA-1 came out.
I'm sure they'll change that in a future revision, but it'll take a decade or two. I'll be surprised if pre-image attacks against SHA-1 become possible before then.
Re: (Score:2)
The day I'm required to supply my fingerprints, iris scan, and DNA to hold a passport, would be the day I uproot my family and reverse emigrate to San Miguel, Azores, Portugal. My In-Laws have property that's high on a cliff overlooking the ocean there. I'm tempted to see how much they want for it. There's hot springs there so a simple geothermal generator is possible. Solar too.. The climate is very temperate. I could do Linux consulting remotely to pay the bills. The Patriot Act is anything but pat
Re: (Score:2)
The day I'm required to supply my fingerprints, iris scan, and DNA to hold a passport, would be the day I uproot my family and reverse emigrate to San Miguel, Azores, Portugal.
Portugal will almost certainly implement biometric requirements before the US will.
Re: (Score:2)
Someone else can impersonate the passport holder, but only if they have the passport holder's face.
It is called "identity shopping" and not they do no need to have his face. They only need to look vaguely like the original holder because, as everyone with a driver's license knows, that the picture on your photo-id is rarely all that great of a picture.
As more biometrics are added, they'll also need the passport holder's fingerprints, iris -- maybe someday they'll need the passport holder's DNA.
Boy, that's a day to look forward to. But even that's not foolproof, have you seen the movie GATTACA? If DNA should ever become a requirement, there will be plenty of ways to impersonate that too, especially when you consider that people constantly shed
Re: (Score:2)
Wow, you've made an amazing discovery: Nothing is perfect!
Of COURSE it will always be possible to defeat any security scheme. It's always been possible to forge passports in the past. The new MRTDs are a response to the fact that technology has been making it easier and easier to forge the paper and ink characteristics that have been the primary security technologies in the past. No one seriously expects the new technologies to achieve perfection either -- and even if they did, you could STILL beat th
Re: (Score:2)
Wow, you've made an amazing discovery: Nothing is perfect!
The discovery I've made is that the price we are paying for imperfection keeps going up.
Re: (Score:2)
Wow, you've made an amazing discovery: Nothing is perfect!
The discovery I've made is that the price we are paying for imperfection keeps going up.
Not really. The inflation-adjusted price of passports has remained fairly constant, with only minor fluctuations. Or did you think that all of the equipment to produce holograms, optically-variable inks, layered printing, UV printing, laser engraving, etc., was cheap? In the past, the high cost of the equipment was the ONLY thing preventing forgers from successfully producing perfect fakes.
If you meant something else by "price", don't be coy: spit it out so we can discuss it. I may agree with you.
Re: (Score:2)
Social cost. I thought that was obvious.
Re: (Score:2)
Re: (Score:2)
My guess is that the answer to that will be obvious if someone can answer:
1. Who approved this in the first place.
2. Who is profiting from the manufacture of these new passports.
3. How much money #2's lobbyists gave to #1.
this is intentional (Score:5, Interesting)
Part of creating a more authoritarian society is to keep your populace under fear. To have the more knowledgeable elements of your population know just how close they are to losing their freedom due to a modern equivalent of a filing error is entirely intentional.
No-one in government/civil service wants these documents to be 100% secure. A few accidental misidentifications will keep everyone realising how powerless they are, and a few "accidental" misidentifications will be used to conveniently eliminate specific undesirables.
Summary: If you fear that your identity will be stolen now, the government is operating as intended.
Tinfoil anyone? (Score:5, Funny)
Re: (Score:2)
Does it actually work?
What's the frequency used for RFID chips? How thick a metal box do you need? What kind of joints does one need?
Come on guys, don't tell me I'll have to Google it!
Re: (Score:2)
Thin foil should work as long as it's electrically insulated from the loop antenna in the document ; since this is embedded between a sheet of plastic and a cardboard cover, that's already done.
Complete coverage works for any frequency.
Heck, a conductive antistatic bag might be enough.
Re: (Score:2)
An electromagnetic field cannot exist inside a conductor.
I think you meant that an external electromagnetic field is canceled inside a conductive shell.
Re: (Score:2)
Re: (Score:2)
So what? You still need to forge the card itself (Score:5, Interesting)
Even if you do a convincing forgery of the card itself, you run a risk of discovery. Using the RFID data as an index into the government database, the border agent's computer system will pull up the photo (or other biometric data) of the genuine cardholder. If they are paying attention, they will see that you are not the right person, and bust you for forgery.
Also, each RFID passport card comes with a foil-lined sleeve that protects it from both physical damage and RFID skimming. I always keep mine in the sleeve when not in use. If others do the same, this vulnerability will be restricted to places where the cards are used, i.e., border crossings. Lurking around border crossings to clone RFID data seems like another risky strategy.
Re: (Score:2)
Re: (Score:2)
1. Forging the card is easy. You don't need access to the original, you just need to know what it's supposed to look like. They all look the same, and the info you need is on the chip. Convenient, huh?
2. I didn't get a foil sleeve with my new RFID passport. Nor did either of the other two people in my household who got theirs at about the same time.
3. "Lurking around border crossings" is perfectly safe, and not suspicious. I've crossed lots of borders and one thing they all have in common is large numbers
Even a perfect forgery isn't enough (Score:2)
While forging the card isn't "easy" by any reasonable definition of the word, even a perfect forgery isn't enough. The picture (and in future, other biometrics) of the genuine passport holder will be stored in the government database, and called up via the index stored in the RFID c
Quick! (Score:3, Informative)
anti-static bag (Score:2)
Would keeping my passport in an anti-static bag that computer parts come with prevent it from being read? And does anyone know where I can get an RFID reader cheap? (cuz I don't trust the /. crowd to really know the answer to the first question.)
Also, what anti-copying technology could they possibly be talking about. It seems to me that unless the RFID chips have evolved into active things that actually read some transmitted data, decrypt it (proving you have the secret key without revealing the secret key)
Take that! (Score:2)
Oh REALLY? (Score:2)
Microwaving them Dead (Score:2)
How does someone use a microwave oven to zap the embedded RFID without leaving a noticeable mark on the passport (like a burn mark after too much power/time)? Maybe there's some amount of popcorn kernels that can pop before burning the passport, then stop the process after the chip is fried, before some larger amount of kernels pop before the passport burns?
One Word Solution. Problem Solved. (Score:3, Insightful)
"Microwave"
Re:Anonymous Coward (Score:5, Informative)
Re:Anonymous Coward (Score:4, Informative)
Re: (Score:2)
How about this [thinkgeek.com] for your cards, or this [thinkgeek.com] if you like the idea, but want to keep your passport and cards in one place.
However, if you think that having all your ID in one place is a good idea, I don't think you should be on this thread.
Re: (Score:2)
Based on the photos the wallets are the same ones.
Re: (Score:2)
Re:Anonymous Coward (Score:5, Interesting)
A moulding nail works great for smashing the hell out of just the RFID chip. My new AmEx came with one and I immediately crushed the hell out of it. I was thinking about doing the same to my new passport when it arrives. I decided that the plausible deniability might be a little slim for a precisely placed hole over the chip though. Perhaps another destructive method might be in order. Who knows what might happen if I accidentaly stood too close to a strong microwave emitter... I hear that the microwave oven is good for drying out wet passports too.
Re: (Score:3, Interesting)
It will be considered a mangled document. Never mind that it's also an old style passport, if the RFID tag is broken then it's considered the same as if the passport was dipped in ink or burned too badly to read.
The fun starts when you consider that RFID tags break if exposed to too stong a signal of the kind used in RFID scanners. You could build one fairly easily, stick it in your backpack and hang out or even walk through somewhere with a lot of tourists.
Re:Anonymous Coward (Score:4, Insightful)
It will be considered a mangled document. Never mind that it's also an old style passport, if the RFID tag is broken then it's considered the same as if the passport was dipped in ink or burned too badly to read.
Having a toasted RFID chip would be much like having a gunked up, but not deliberately defaced passport number. The OCR machines are notoriously bad at reading the data at the bottom of the document. A fried, but not obviously physically damaged chip would appear to the border offical as if the chip or the reader had malfunctioned. They would most likely simply input the data by hand and send you on your way. If you use a hole punch to remove the chip, it's a completely different story. Then it looks like you're up to no good. They key hear is to look innocent ;)
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2, Interesting)
Government Property? (Score:2)
Well, it doesn't seem to be in the fine print of my new passport (without RFID!), but my old one states:
THIS PASSPORT IS THE PROPERTY OF THE UNITED STATES OF GOVERNMENT.
Followed by a paragraph titled:
ALTERATION OR MUTILATION OF PASSPORT
Prosecution (Title 18, U.S. Code, Section 1543), etc ...
I wonder if the new ones state: "This passport is only valid with a functioning RFID chip."
Re:nothing to worry (Score:5, Interesting)
Oh yeah. Nothing to worry about. One of the main stated reasons they started introducing these things was to facilitate entry to Great Britain. I've never been to Europe, have no planned trips there for maybe the rest of my life. Wonderful.
Another danger is that the tags can be read from as far as 150 feet away in some situations, so criminals could read them without being detected.
s/criminals/kidnappers/ which IS an issue in places I travel. Those RFID thingies shout out, "I'm an American citizen, kidnap me!".
Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance, they said.
See previous comment.
Though there's no reason for panic, "Our hearts should start to beat a little faster," Kohno said.
Bwahahahaha. Can I please have my paper only passport back, please? It's for my safety and think of my children.
Re:nothing to worry (Score:5, Informative)
Really?! Because I thought here in the UK, one of the main stated reasons they started introducing RFID passports was to facilitate entry to the United States!
Re:nothing to worry (Score:5, Insightful)
One of the main stated reasons they started introducing these things was to facilitate entry to Great Britain.
Actually, much of Europe. But talk to your government about that - they started the tit-for-tat escalating entry requirements. When someone enters the US now, they are photographed and fingerprinted, and the only reason I didn't require a biometric passport for entry last time I went was because there was a temporary visa waiver program in place for people without biometric passports.
Most of the stupid entry requirements for Americans entering other countries are due to politicians responding to pressure from their constituents complaining about being treated like criminals when they enter the USA.
Re: (Score:2, Informative)
http://www.travel.state.gov/visa/temp/without/without_1990.html [state.gov]
You also realize that the US required these 27 countries to comply with their intent to implement RFID enabled passports, right? Should they decide NOT to implement the passports, they faced possibly losing their visa-free status.
"...requirements under the US Visa Waiver Programme which calls for countries to roll
Re: (Score:2)
But who wants to go to a terrorist nation anyway? Or would you go to Iran, because they say you need no visa?
In both cases there is a high probability that you lose your laptop and maybe not even come back at all.
There, I did it. I compared the USA to Iran. Beautiful countries with good people, but evil extremistic governments that brainwash them for their own power.
Oh, and we in Europe will join you soon. By then I'll be gone to one of the new growing independend nations...
Re: (Score:2)
I hear in Iceland, there's a woman behind every tree.
Re: (Score:2)
Yeah, even Indonesia is initiating biometric passports. It's really odd to contrast entering Indonesia vs entering the US. When entering Indonesia, they check your passport, check your luggage, and make sure all your entry papers are in order. But, the people you deal with are generally pr
Re:nothing to worry (Score:5, Insightful)
Are you ready for the inevitable conspiracy theory? Here it is, cooked up between my wife and myself after discussing the implications of renewing our passports shortly.
The problems are actually a feature. Let me explain. Remember how the old Soviet-bloc countries didn't like their nationals traveling because they would see how much better the rest of the world was? (Don't get me wrong, I like it here just fine.) Well, if everyone who hears about this says "I guess I won't be traveling any time soon", it effectively stops travel (usually by the intelligentia) all the while allowing the govt to say "We have no travel restrictions on our own citizens".
Of course, all this is nonsense. Our current administration would never feign incompetence to obtain other goals. [npr.org] Yet there's plenty of other information that suggests there's no tom-foolery about this and that the incompetence is real [washingtonpost.com].
So in short, I'm not sure which it is, but the bottom line for me is that I'm waiting until the last minute in the hopes that some of the recommended features are implemented by then.
Re: (Score:2)
Watch the zeitgeist movie. Skip to 01:48:50 and you'll know what I mean.
At 01:51:00 comes the part with the RFID chip. Damn scary. So I think might be more of an effort to get people used to carrying around remotely readable RFID chips carrying their ID.
http://www.zeitgeistmovie.com/ [zeitgeistmovie.com]
Re: (Score:2)
I already carry around a RFID in a work ID, that I have to touch to scanners to open certain doors, and two of my credit cards have RFID for some "insta-pay" feature I never use. I have tried stacking my credit cards with my work ID and scanning into a locked door at work. Sometimes it works sometimes it fails, but without the credit cards RFID tags the job ID always works. So I'm wo
Re: (Score:2)
Those RFID thingies shout out, "I'm an American citizen, kidnap me!".
Stop with the paranoia. You'll find people around the world are generally all decent people. Of course, YMMV in Iraq, Afghanistan, etc, etc
Re: (Score:3, Insightful)
Stop with the paranoia. You'll find people around the world are generally all decent people. Of course, YMMV in Iraq, Afghanistan, The White House, etc, etc
There, fixed that for you.
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
Can I please have my paper only passport back, please?
Just put the one you have now in your microwave for a few seconds, that'll fry anything in there and you'll effectively have a paper-only one again. If they ever try to engage the RFID portion and it doesn't work just say "huh, wierd". Yours won't be the only one to ever fail.
Re: (Score:2)
Once they finally crack down on all that tourist traffic stuff and start controlling state border crossings, we'll all have passports. The war on tourism won't fight itself ya know!
Comment removed (Score:5, Informative)
Re:And this is news? (Score:4, Insightful)
It's hard to find a large group of people more cynical than slashdot users.
If anything I'd say this proves that the cynical tend to be correct.