Passport RFID cloning with $250 of off-the-shelf parts

[unixronin]

Those new secure¹ RFID passports?  The ones that the US Government is so certain can't be faked?

Using inexpensive off-the-shelf components, an information security expert has built a mobile platform that can clone large numbers of the unique electronic identifiers used in US passport cards and next generation drivers licenses.

The $250 proof-of-concept device - which researcher Chris Paget built in his spare time - operates out of his vehicle and contains everything needed to sniff and then clone RFID, or radio frequency identification, tags.  During a recent 20-minute drive in downtown San Francisco, it successfully copied the RFID tags of two passport cards without the knowledge of their owners.

Got two passports just driving randomly around SF.  Now imagine how many you could get, sitting in the vicinity of the international departures lounge at SFO innocently reading a book, or sitting in the parking lot across the street from the DMV office...

Because the technology employs no encryption and can be read from distances of more than a mile, the tags are highly susceptible to cloning and tracking, researchers have concluded.

[...]

Paget's device has a range of about 30 feet, making it ideal for discretely skimming the EDL and passport card tags of people who pass by his vehicle.  With modifications, Paget says his device could read RFID identifiers that are more than a mile away.

[1]  According to the government...

Comments

[greyman.livejournal.com]

This article, like many others about RFID, make it sound like it is simple or easy to read RFID tags from great distances. I doubt that his device as described, with a few modifications, could read tags a mile away.

Now, I do believe that you could eavesdrop on RFID tags activated by a normal reader (which is in normal read range) with a sensitive receiver and a directional antenna (24 dB more than the stock antenna). I'm not sure a decent 13.56 MHz directional antenna is something you can conceal about your person and carry in public (departures lounge scenario) without attracting attention. Assume you can, though... you get the encrypted off the tag, and can burn it to another tag. whee?

As far as storing the passport in a metalized mylar sleeve (like an antistatic bag) I think that would sufficient to cut the sensitivity enough to prevent most stand-alone sniffers. Remember, an RFID "reader" has to power the chip as well as reading the return signal.

Also, if you put it in your pocket instead of a bag or briefcase it makes it hard to read... so close to a big bag of water.

You still need passport-specific information to decrypt the identifier. In order to clone a passport you still need to make a convincing looking passport with information on it that matches the data used to encrypt the identifier.