RFID passport cards vulnerable to snooping

RFID tags used in two new types of border-crossing documents in the U.S. are vulnerable to snooping and copying, a researcher said on Thursday.

United States Passport Cards issued by the U.S. Department of State and EDLs (enhanced driver's licenses) from the state of Washington contain RFID (radio-frequency identification) tags that can be scanned at border crossings without being handed over to agents. Both were introduced earlier this year for border crossings by land and water only, and can't be used for air travel. New York is the only other U.S. state with an EDL, though others are in the works.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card if a U.S. Department of Homeland Security agents at the border didn't see the card itself, the researchers said. Another danger is that the tags can be read from as far as 150 feet away in some situations, so criminals could read them without being detected. Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance, they said.

Another danger is that hackers could cause EDLs to self-destruct by sending out a certain number, they said.

"It would be relatively easy for someone to read your passport card or EDL," said Tadayoshi Kohno, an assistant professor of computer science and engineering at the University of Washington.

Though there's no reason for panic, "Our hearts should start to beat a little faster," Kohno said. The risk to individual passengers is low, but the problems create systemic weaknesses in the border-crossing system, according to a summary of the report.

Retail, shipping and other businesses are increasingly using RFID tags as wireless bar codes that can contain more information than traditional printed ones. The growth of the technology is making the tools of RFID hacking more easily available, Kohno said.

In a cloning attack, a hacker could read the information off a card's RFID tag, either while the cardholder was passing by or as the official card reader was picking up the data. The attacker could then encode a generic RFID tag with that same data, Kohno said. With that newly encoded tag, someone could slip through the border by appearing to the RFID reader to have a legitimate identification card, as long as no one asked to look at the actual card.

By themselves, the RFID vulnerabilities don't mean someone will get away with cloning or other attacks, Kohno pointed out.

"In reality, the system involved in border crossings is much greater than just the technical aspect," Kohno said. For example, authorities are likely to interview drivers and passengers crossing the border and look at their identification cards, he said. They may also use other measures against card-cloning near border crossings.

However, Kohno and three fellow researchers believe there are mechanisms available for the RFID tags that the U.S. and Washington governments aren't using.