Passport RFID cloning with $250 of off-the-shelf parts

[unixronin]

Those new secure¹ RFID passports?  The ones that the US Government is so certain can't be faked?

Using inexpensive off-the-shelf components, an information security expert has built a mobile platform that can clone large numbers of the unique electronic identifiers used in US passport cards and next generation drivers licenses.

The $250 proof-of-concept device - which researcher Chris Paget built in his spare time - operates out of his vehicle and contains everything needed to sniff and then clone RFID, or radio frequency identification, tags.  During a recent 20-minute drive in downtown San Francisco, it successfully copied the RFID tags of two passport cards without the knowledge of their owners.

Got two passports just driving randomly around SF.  Now imagine how many you could get, sitting in the vicinity of the international departures lounge at SFO innocently reading a book, or sitting in the parking lot across the street from the DMV office...

Because the technology employs no encryption and can be read from distances of more than a mile, the tags are highly susceptible to cloning and tracking, researchers have concluded.

[...]

Paget's device has a range of about 30 feet, making it ideal for discretely skimming the EDL and passport card tags of people who pass by his vehicle.  With modifications, Paget says his device could read RFID identifiers that are more than a mile away.

[1]  According to the government...

Comments

[rosencrantz23.livejournal.com]

why does this not surprise me?

nothing new under the sun (http://www.nukees.com/d/19970318.html)....

[jhetley.livejournal.com]

But you know those damned third-worlders aren't smart enough to figure this out. They're brown. That chops their IQs in half.

[mzmadmike.livejournal.com]

Why do you hate your country?


;-)

[n5red.livejournal.com]

I am often exposed to fairly strong RF fields, so I doubt a RFID tag would survive very long in my passport.

[lisa-marli.livejournal.com]

That is why I am getting a mylar bag for my passport (the thing needs renewal, ugh).
And Yes, They are selling Passport covers with a mylar layer now. Just to prevent cloning.
And I guess my DL will go in mylar too when our state decides to issue licenses with tags.
The Only Time those tags need to be read is when a law enforcement or border person asks. Otherwise, they can and should be protected from random rfid readers.

[ithildae.livejournal.com]

Will the mylar make an effective Faraday cage? That signal is pretty sneaky.

[lisa-marli.livejournal.com]

It keeps my Bay Area Fastrak transponder from being read by anything when it is stored in my glove compartment.
And I have heard from other sources as well that Mylar Bags make an OK Faraday Cage.
You do need to make sure that the bag completely surrounds the item being secured from snooping. My Fastrak bag completely contains the transponder then flops over and has a piece of sticky tape to keep the flap closed. There are no gaps in the mylar enclosure.
I've heard the passport holders are similar with the mylar being between two pieces of stuff (leather, plastic, fabric) and then the holder closes around the passport. Should work.

[ithildae.livejournal.com]

I made an RFID reader for encrypted tags for an EE lab project. I used an RFID antenna (expensive) and a PIC processor. It worked great, with a range of about 30 feet. Counting the PIC LAB programmer, it cost about $400. If I used surface mount components, only the antenna would need to be visible, and that could be covered. All the parts came out of a Circuit Cellar Ink magazine advertisement section. (Fun magazine, BTW.) Someone with a sophomore level EE course could do it easy. Why is this even news?

[cymrullewes.livejournal.com]

If you search through Circuit Cellar's online articles for DJ Delorie... he won a contest with a clock. I've got one of those clocks on my desk. I like amazing people with the ethernet port on the back.

[lizzibabe.livejournal.com]

This is why I got my passport renewal in just under the deadline. I wanted no part of it, and now I don't have to worry about it until 2016.

Idiots.

[greyman.livejournal.com]

This article, like many others about RFID, make it sound like it is simple or easy to read RFID tags from great distances. I doubt that his device as described, with a few modifications, could read tags a mile away.

Now, I do believe that you could eavesdrop on RFID tags activated by a normal reader (which is in normal read range) with a sensitive receiver and a directional antenna (24 dB more than the stock antenna). I'm not sure a decent 13.56 MHz directional antenna is something you can conceal about your person and carry in public (departures lounge scenario) without attracting attention. Assume you can, though... you get the encrypted off the tag, and can burn it to another tag. whee?

As far as storing the passport in a metalized mylar sleeve (like an antistatic bag) I think that would sufficient to cut the sensitivity enough to prevent most stand-alone sniffers. Remember, an RFID "reader" has to power the chip as well as reading the return signal.

Also, if you put it in your pocket instead of a bag or briefcase it makes it hard to read... so close to a big bag of water.

You still need passport-specific information to decrypt the identifier. In order to clone a passport you still need to make a convincing looking passport with information on it that matches the data used to encrypt the identifier.