Researchers hack US RFID passports

Risk affects US Passport Cards and enhanced driver's licences

Researchers have shown that it is possible for criminals to clone RFID tags held in US border passports and enhanced driver's licences (EDLs).

In a paper co-authored with staff at the University of Washington and internet security firm RSA, the team detailed how the RFID chips can be cloned from distances of up to 50 metres. They also found that a key anti-cloning technique recommended by the Department of Homeland Security (DHS) had not been used on the tags.

Since earlier this year, Americans crossing borders by land or sea have been able to apply for the US Passport Card, also known as the PASS Card, which contains a readable RFID chip. This was intended to speed up border crossings and make them more secure.

However, the team found that the RFID tags were Class One Generation Two models, which while cheap at about ten cents each, are very insecure.

“Gen-2 tags are essentially wireless barcodes, with no specific provisions to meet security and privacy needs,” the researchers noted.

“Just as their optical counterparts are subject to photocopying, Gen-2 EPC tags are vulnerable to cloning attacks in which their publicly visible data are scanned ('skimmed') by an adversary and then transferred to a clone device, be it another tag or a more sophisticated emulator.”

Furthermore, the RFID chips did not use unique tag identifier codes, as recommended by the DHS, but generic manufacturer’s codes, making cloning much easier.

Both the PASS cards and EDLs were also worryingly easy to read from a distance, under ideal conditions from up to 50 metres away. This would make cloning them much less risky for criminals.

“The lessons we have gleaned on cloning and anti-cloning extend well beyond the setting of EDLs and Passport Cards to Electronic Product Code (EPC) deployment in any setting where cloning or counterfeiting poses a risk,” the report concluded.

“For example, with the encouragement of government regulators, the pharmaceutical industry is gradually embracing EPC for tracking and anti-counterfeiting at the prompting of the US Food and Drug Administration, foreshadowing the technology's broad industry use as a security tool. Indeed, counterfeiting of consumer goods is a risk in nearly every industry.”