Researchers hack US RFID passports

Researchers have shown that it is possible for criminals to clone RFID tags held in US border passports and enhanced driver’s licences (EDL) which also contain the chips.

In a paper co-authored with staff at the University of Washington and internet security firm RSA the team detail how the RFID chips can be cloned from distances of up to 150 feet. They also found that a key anti-cloning technique recommended by the Department of Homeland Security (DHS) had not been used on the tags.

Since earlier this year Americans crossing borders by land or sea (but not air) have been able to apply for the United States Passport Card (also known as the PASS Card) which contains a readable RFID chip. This was intended to speed up border crossings and make them more secure.

However, the team found that the RFID tags were Class One Generation Two models, which while cheap at about ten cents each, are very insecure.

“Gen-2 tags, however, are essentially wireless barcodes, with no specific provisions to meet security and privacy needs,” the researchers note.

“Just as their optical counterparts are subject to photocopying, Gen-2 EPC tags are vulnerable to cloning attacks in which their publicly visible data are scanned (\skimmed") by an adversary and then transferred to a clone device, be it another tag or a more sophisticated emulator.”

Furthermore the RFID chips did not use unique tag identifier codes, as recommended by the DHS, but generic manufacturer’s codes, making cloning much easier.

Both the PASS cards and EDLs were also worryingly easy to read from a distance, under ideal conditions from up to 50 metres away. This would make cloning them much less risky for criminals.

“The lessons we have gleaned on cloning and anticloning extend well beyond the setting of EDLs and Passport Cards to Electronic Product Code (EPC) deployment in any setting where cloning or counterfeiting poses a risk,” the report ‘EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond’ concludes

“For example, with the encouragement of government regulators, the pharmaceutical industry is gradually embracing EPC for tracking and anticounterfeiting at the prompting of the United States Food and Drug Administration, foreshadowing the technology's broad industry use as a security tool. Indeed, counterfeiting of consumer goods is a risk in nearly every industry.”