Potential security leaks from passport RFID chips?

31 October 2008, 7:54am

RFID chips in U.S. passport cards and some driver's licenses are at risk of being counterfeited or tracked, researchers say.

For some U.S. travelers, border crossings can be sped up by enhanced driver's licenses or by passport cards, wallet-sized plastic cards that are issued by the federal government and permit passage by land or sea to Canada, Mexico, Bermuda, or the Caribbean. Both types of cards are cheaper than ordinary passports and contain radio frequency identification (RFID) devices that can be read at a distance. If a traveler holds a card up to the windshield of a car, a border crossing agent can automatically pull up information about him or her from a database. However, a recent analysis by researchers at the University of Washington and RSA Laboratories, based in Bedford, MA, shows that attackers could use the RFID signals sent by the cards to create counterfeit documents or to spy on cardholders.

Such cards are relatively new. As of July 2009, travelers will no longer be able to get through US borders with Canada and Mexico by simply showing a driver's license and birth certificate, but will need special, approved documents.

The RFID chips contained in the cards, when scanned, return a unique number tied to a database maintained by the federal government, where information such as photographs of the cardholders is stored. Ari Juels, director and chief scientist at RSA Laboratories, who took part in the recent analysis, explains that, while it was known that such tags could be copied, several features of the new ID cards increase the risk that they could be counterfeited, tracked, or even deactivated by a malicious attacker.

The type of chip used in the cards can be reprogrammed using off-the-shelf equipment. An attacker with a stolen ID number can load it onto a blank chip fairly easily. But if each chip also had a unique serial number programmed into it at the factory, it would be more difficult to duplicate. The counterfeiter would have to alter the serial number in the blank chip--a much harder proposition.

Another problem with the cards is that they can be read from relatively long distances, so an attacker could intercept the card's number by eavesdropping at a checkpoint or reading the card carried on a victim's person.

The cards are issued with a protective sleeve intended to block unauthorized access, but the researchers found that some cards could still be read through the sleeve. RFID tags can also be disabled by sending a kill command to them (which is ow they are supposed to be disabled when attached to products in stores, following purchase).

While passport cards are protected from this attack, not all of the new ID cards using the technology are so protected, which could allow an attacker to disrupt border crossings by killing large numbers of cards, or to harass particular individuals, since a killed card is likely to draw suspicion.

Jonathan Westhues, an independent security researcher who has studied RFID, notes that much depends on how the tag is actually used. If any official assumes that the tag itself is sufficient proof of identity, then the threat of cloning is serious. As far as privacy goes, he adds that many people already carry smart cards or cell phones that could be used to track them.

Article by Erica Naone in MIT Technology Review

Copyright Technology Review 2008.

Read the full article

Geo: International