Defects in e-passports allow real-time tracking
This threat brought to you by RFID
Computer scientists in Britain have uncovered weaknesses in electronic passports issued by the US, UK, and some 50 other countries that allow attackers to trace the movements of individuals as they enter or exit buildings.
The so-called traceability attack is the only exploit of an e-passport that allows attackers to remotely track a given credential in real time without first knowing the cryptographic keys that protect it, the scientists from University of Birmingham said. What's more, RFID, or radio-frequency identification, data in the passports can't be turned off, making the threat persistent unless the holder shields the government-mandated identity document in a special pouch.
"A traceability attack does not lead to the compromise of all data on the tag, but it does pose a very real threat to the privacy of anyone that carries such a device," the authors, Tom Chothia and Vitaliy Smirnov, wrote. "Assuming that the target carried their passport on them, an attacker could place a device in a doorway that would detect when the target entered or left a building."
To exploit the weakness, attackers would need to observe the targeted passport as it interacted with an authorized RFID reader at a border crossing or other official location. They could then build a special device that detects the credential each time it comes into range. The scientists estimated the device could have a reach of about 20 inches.
"This would make it easy to eavesdrop on the required message from someone as they used their passport at, for instance, a customs post," the authors wrote.
The attack works by recording the unique message sent between a particular passport and an official RFID reader and later replaying it within range of the special device. By measuring the time it takes the device to respond, attackers can determine whether the targeted passport is within range. In the case of e-passports from France, the process is even easier: electronic credentials from that country will return the error message "6A80: Incorrect parameters" if the targeted person is in range and "6300: no information given" if the person is not.
The research is only the latest to identify the risks of embedding RFID tags into passports and other identification documents. Last year, information-security expert Chris Paget demonstrated a low-cost mobile platform that surreptitiously sniffs the unique digital identifiers in US passport cards and next-generation drivers licenses. Among other things, civil liberties advocates have warned that those identifiers could be recorded at political demonstrations or other gatherings so police or private citizens could later determine whether a given individual attended.
To be sure, the practicality of traceability attacks is more limited because a targeted passport first must be observed within range of a legitimate reader. But once this hurdle is cleared - as would be relatively easy for unscrupulous government bureaucrats to do - the attack becomes a viable way to track a target.
Chothia and Smirnov of the University of Birmingham's School of Computer Science said the security hole can be closed by standardizing error messages and "padding" response times in future e-passports. But that will do nothing to protect holders of more than 30 million passports from more than 50 countries who are vulnerable now, they said.
And that's sure to fuel criticism of RFID-enabled identification.
"This is a great example of why e-passports are a bad idea," Paget wrote in an email to The Register. "It's simply too expensive to replace vulnerable documents (especially when they have a 10-year lifespan) in response to legitimate security concerns, regardless of their severity. People will continue to poke holes in e-passports; without a mechanism to fix those problems there's a strong argument that's we're better off without the RFID."
A PDF of the paper is here. ®
Thanks to Neil Paterson for the tip-off.
Are the passports still valid if the RFID doesn't work? If so is there any way to whack these things with a sufficiently large or proper frequency pulse to fry them? I took great pleasure in building a home-made degausser for correcting the magnetic strip on my drivers license and I'd like to know what I need to make in order to fix the new one when it comes due and the passport I'm currently waiting for. Hmm... I wonder if 30 seconds in the microwave will do.
In other news
Ursine defecation spotted in forests, Pope is really Catholic.
FFS, this is and has always been bleeding obvious.
Even before these things were available in the UK I was explaining to colleagues why RFID passports and ID cards were a bad idea and how easy it is to track people using them.
All that's needed is a few readers at pedestrian entrances to shopping centres, train stations etc. and coupled with the CCTV networks out there you've got a massive tracking and surveillance system.
I might be paranoid but it doesn't mean I'm wrong.
RFID's can be read up to 70 ft away at 70 MPH
Here in NY State, the Dept of Transportation instituted it's own little privacy violation by installing long range RFID readers to pick up "Easy Pass" (Powered RFID) toll billing info even when there is no toll to pay. The readers are located under bridges and on poles, usually on the passing lane side of the highway. What they are used for is a true mystery as the state will not give a straight answer.
I am willing to bet that when your car is in the toll booth lane, the 4 ft square high power reader could certainly read your passport chip if there was clear line of sight.
When you see the people manning the toll booth, you'd know those are the last folks you would want having your personal passport details.
In fact, one of the local toll booth attendants was just arrested for stalking someone promoting the permanent removal of the toll booths.
Anyone with a little knowledge could scan your passport if they got close enough and the whole thing could fit in a countertop or briefcase.
The question is, can they actually read the data? You know there would be a compromise between how well the data is encrypted and the length of time it would take to decrypt so the TSA (Transportation Stupidity Agency) would have to wait too long for display. Their "screeners" might lose "focus" if it took too long.
Tin foil wallets for everyone please!