Feeds

Passport RFIDs cloned wholesale by $250 eBay auction spree

Video demo shows you how

Reducing security risks from open source software

Using inexpensive off-the-shelf components, an information security expert has built a mobile platform that can clone large numbers of the unique electronic identifiers used in US passport cards and next generation drivers licenses.

The $250 proof-of-concept device - which researcher Chris Paget built in his spare time - operates out of his vehicle and contains everything needed to sniff and then clone RFID, or radio frequency identification, tags. During a recent 20-minute drive in downtown San Francisco, it successfully copied the RFID tags of two passport cards without the knowledge of their owners.

Paget's contraption builds off the work of researchers at RSA and the University of Washington, which last year found weaknesses in US passport cards and so-called EDLs, or enhanced drivers' licenses. So far, about 750,000 people have applied for the passport cards, which are credit card-sized alternatives to passports for travel between the US and Mexico, Canada, the Caribbean, and Bermuda. EDLs are currently offered by Washington and New York states.

"It's one thing to say that something can be done, it's another thing completely to actually do it," Paget said in explaining why he built the device. "It's mainly to defeat the argument that you can't do it in the real world, that there's no real-world attack here, that it's all theoretical."

Use of the cards is expected to rise as US officials continue to encourage their adoption. Civil liberties groups have criticized the cards and a travel industry association has called on the federal government to suspend their use until the risks can be better understood.

The cards make use of the RFID equivalent of optical barcodes known as electronic product code tags, which are widely used to track cattle and merchandise as it's shipped and then stored in warehouses. Because the technology employs no encryption and can be read from distances of more than a mile, the tags are highly susceptible (PDF) to cloning and tracking, researchers have concluded.

Paget's device consists of a Symbol XR400 RFID reader (now manufactured by Motorola), a Motorola AN400 patch antenna mounted to the side of his Volvo XC90, and a Dell 710m that's connected to the RFID reader by ethernet cable. The laptop runs a Windows application Paget developed that continuously prompts the RFID reader to look for tags and logs the serial number each time one is detected. He bought most of the gear via auctions listed on eBay.

And if you read on, we'll show you video proof that the thing actually works.

Mobile application security vulnerability report

Next page: Caught on Video

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
L33t haxxors compete to p0wn popular home routers
EFF-endorsed SOHOpelessly Broken challenge will air routers' dirty zero day laundry
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.