LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

[Posted February 3, 2009 by jake]

DarkReading takes a look at RFID snooping and cloning of identification cards from a distance. The article is based on research by Chris Paget that will be presented at SchmooCon, which starts on February 6. "Unlike previous RFID hacks that have been conducted within inches of the targeted ID, Paget's hack can scan RFID tags from 20 feet away. 'This is a vicinity versus proximity read,' he says. 'The passport card is a real radio broadcast, so there's no real limit to the read range. It's conceivable that these things can be tracked from 100 meters -- a couple of miles.'"
(Log in to post comments)

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 4, 2009 5:49 UTC (Wed) by mgb (guest, #3226) [Link]

Is there something in terrorists' genes that somehow precludes them from operating RFID scanners, or is the e-passport the worst idea ever to come out of our abominable department of homeland insecurity?

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 4, 2009 14:22 UTC (Wed) by anselm (subscriber, #2796) [Link]

What's wrong with keeping the data on an RFID passport reasonably safe -- e.g., by encrypting it and printing the decryption key on the passport's face in OCR or bar code? That would make looking at the passport's content straightforward at an airport customs booth but keep random people on the street from getting anything useful out of it.

The way the system is set up (and I don't think the German issue is a lot different, just to add some local colour) makes one think that the RFID passports are really meant to be read clandestinely at a distance by law enforcement officials etc. (Too bad that everybody else can do it too.)

There's probably going to be a big market for Faraday-type passport cases.

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 4, 2009 15:11 UTC (Wed) by michaeljt (subscriber, #39183) [Link]

Unless you are going to scan it optically every time you read it (in which case you don't need the rfid chip at all), you are going to end up with a big database, or several, of keys in a central place. Sooner or later that will be broken into and all of the passports will be wide open.

I suspect that if it is possible for anyone at all to read a passport remotely then at some point anyone who wants to will be able to.

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 4, 2009 20:46 UTC (Wed) by anselm (subscriber, #2796) [Link]

Well, the point is that the RFID bit of the passport could contain more data, or different data, than the stuff printed on the face (basically name and birthdate/birthplace), but you still want to restrict the availability of that data to situations where the stuff printed on the face would be readable, too. So yes, make it available at the passport control desk in an airport, but no, don't make it available to drive-by »war cloners«, thank you very much. This could theoretically be done without having to keep a massive database of keys, the disadvantages of which you have outlined.

It is doubtful, IMHO, whether passports have to be able to be read remotely in the first place, unless you actually want to enable what seems to be the way of the future, namely wholesale surveillance of all passport bearers, clandestinely, at a distance. You certainly don't need the feature to speed up passport control, or to make passports less easy to forge. Oh, and if it paints a big shiny target on Americans abroad, that just means there may be so many more reasons to keep the »war on terror« going ...

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 5, 2009 8:27 UTC (Thu) by michaeljt (subscriber, #39183) [Link]

I suppose if you need more data than you can comfortably encode in a 3D bar code on the passport then yes. I'm not sure for what valid reason people would want to store that much information on my passport.

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 5, 2009 8:57 UTC (Thu) by anselm (subscriber, #2796) [Link]

I'm not sure for what valid reason people would want to store that much information on my passport.

Think »fingerprints and pictures«. (I don't know whether that counts as »valid« from your POV but that's what they would like to do, anyway. And if they must store that sort of thing at all then the passport is probably a better place than a big central database — even though chances are they'll put it on the passport and in the database while they're at it ...)

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 5, 2009 9:28 UTC (Thu) by michaeljt (subscriber, #39183) [Link]

My passport already has that information (fingerprint and photo with biometric information) printed on it and readable by an optical scanner. Perhaps I am just nitpicking at your examples, but those ones don't convince me.

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 5, 2009 10:11 UTC (Thu) by anselm (subscriber, #2796) [Link]

Hey, I'm not the one in favour of RFID passports. I'd much rather do without, too, thank you very much.

However, chances are that if they have one picture and fingerprint today, next year they will decide that to keep us all safe they need all ten finger prints, a retinal scan, and a dump of your genome on top of the rest. Whatever. Remember that this is security theatre — it doesn't have to make sense from a practical POV.

At some point all that stuff is no longer going to fit on a passport in printed form, and once we get there, I personally would like to see it stored in a way that is not accessible to everybody and their dog who can operate a $250 RFID scanner somewhere within 20 metres of where I stand.

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 8, 2009 16:19 UTC (Sun) by anton (guest, #25547) [Link]

I'm not sure for what valid reason people would want to store that much information on my passport.
My guess is that the reason for RFID passports is that various manufacturers want to sell more equipment to governments and therefore lobbied for that. Also, they want to make more revenue with passports (the price has gone up considerably).

There is obviously no technical reason to have RFID passports, as my new RFID passport came with information that said that the passport is still valid and has to be accepted everywhere as a passport if the RFID part is broken. They also gave instructions on how to break it (not overtly; they actually told me not to do these things).

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 8, 2009 19:04 UTC (Sun) by anselm (subscriber, #2796) [Link]

If they feel they must store all sorts of identifying data about me, then I say by all means do it on my passport rather than in a big government database that can be cracked into, stolen, sold, mislaid, or otherwise messed around with. If, say, my fingerprint images are on the passport rather than in a central database, there is less chance of clever crackers either replacing my fingerprints by theirs in order to pretend they are I, or else use my fingerprint data to create fake fingerprints to frame me for something I didn't actually do.

However, don't forget that this is all security theatre, anyway. RFID passports certainly aren't about making the world a safer place, so your point about the equipment manufactures sounds eminently reasonable to me.

What's it for?

Posted Feb 4, 2009 15:06 UTC (Wed) by tialaramex (subscriber, #21167) [Link]

I don't think there's been much thought about what passports are and are for for quite some time. So since everything else is going to proximity card systems, why not passports, right?

If you have a sane use case I think proximity can be a good choice. For example, in transit applications where the speed is a big win. Sure, the currently deployed examples have security flaws, but those are fixable, indeed from a technical point of view they're fixed, it's just a matter of economics as to when the fixes are deployed.

Proximity readable passports seem to be a US idea (even if they managed to get a lot of other nations to follow, some very readily) and I've said before on LWN that the Americans love gadgets. No need to think about whether you'd ever need it for anything, gadgets are cool. The EU had for many years previously been issuing OCR font passports, in which essential details (passport number, issuing country, holder's name etc.) were repeated in an OCR font so that a machine could read them reliably. For EU internal travel they swipe the passport, an OCR scanner pulls out the passport number, the machine checks a database, and you're clear to travel (and that's when there's even a control point, much of Europe doesn't have routine border controls at all). The OCR solution seems just as streamlined as any proximity based solution, and exactly as effective yet with less downsides, but it doesn't involve a cool gadget.

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 4, 2009 8:52 UTC (Wed) by muwlgr (guest, #35359) [Link]

Is that the same Chris Paget (aka Foon) who described "Shatter" attack on Win32 API/GUI in 2002 ?

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 4, 2009 23:22 UTC (Wed) by socket (guest, #43) [Link]

It's conceivable that these things can be tracked from 100 meters -- a couple of miles.

I think someone's unit conversion program is broken.

I'm not an EE, but it seems to me that as you get further away, you might just be picking up all kinds of random signals instead of the RFID tag.

I don't doubt that these an be read from 20 feet away, but it's quite a stretch to propose "a couple of miles." I've seen 802.11b stretch a few miles, but it takes a lot of effort on both ends of the signal to make that work. I doubt people will be hooking up directional antennas to their passports anytime soon.

Authorities who are checking ID will want to see the passport, not just assume that the RFID tag they're picking up is legitimate. They'll want a picture, and to hold the passport in their hand in the process of making sure it isn't counterfeit. Since this is the case, why not just save some money, use a 2D barcode, and be done with it?

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 6, 2009 0:24 UTC (Fri) by lordsutch (subscriber, #53) [Link]

The logic for the passport card at least (and the Enhanced DL's and new US border crossing card visas for Mexican citizens coming down the pike, which all use the same technology) is that the RFID tag exactly one thing: a number (not printed on the card or associated w/you outside the DHS/DoS database) that can be looked up automatically (e.g. when your vehicle gets to the booth or while it's waiting in line) in DHS's database before you hand the ID to the border control officer. So his/her screen will be displaying what DHS' database says should be there and it can be compared with the card, rather than the officer keying in your ID number or scanning the 2-D code on the back.

Even if you're talking about using a barcode scanner, that's probably 5-10 seconds per person in extra time; when you're processing thousands of vehicles (w/several occupants each) per day, like they do down here in Laredo, the time adds up quick.

Onto the attacks. If you want to clone a passport card's RFID, I have no clue what that would actually do for you in practice; you'd still need to either hack the government database to associate your fake card info with the ID number (which would blow up the first time the real cardholder shows up at the border) or copy all the human-readable and machine-readable info from the card which would require you to physically examine both sides of the card (which defeats the purpose of being able to copy the RFID, since you need physical access to the card), since the person at the border will match (a) the physical card AND (b) the RFID information to (c) the DHS/DoS database. You're not going to get across the border with someone else's RFID on your card using their info unless you find a particularly incompetent border control officer. And if you find one of those, there are dozens of easier ways (mostly involving non-RFID fake passports and fake IDs) to get past him.

The passport cards at least include a RFID shield that you put your ID in when it's not in use; I'm not sure what the states that are issuing enhanced DL's are doing. My guess is that some folks won't put theirs in the shield and they can be tracked around, but most folks are broadcasting all sorts of data about themselves already (cell phone signals, smart chip credit cards, security gate prox cards, toll tags).

Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses (DarkReading)

Posted Feb 6, 2009 10:54 UTC (Fri) by hppnq (subscriber, #14462) [Link]

When RFID was introduced to me the story was: now your washing machine will know that you have mixed white and coloured clothes. Back then I didn't really see the benefit of this.

Nowadays I keep telling myself there is no spoon! ;-)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds