For example, each tag has two specialized numbers: an access PIN (personal identification number) and a kill PIN. (These are larger than bank-card PINs and aren't chosen by the cardholders.) The access PIN can be used to verify that a tag is legitimate and the kill PIN can be used to render the tag unreadable.
The access PINs are used on both the passport cards and the EDLs, but there are additional security measures that the researchers don't think authorities are using. For example, they could test the access PIN using information from a database, Kohno said. In addition, the kill PIN is not set up on the Washington EDLs, which could make them vulnerable to an attack that would make all such cards at a certain site unreadable, he said. Such an attack could cause a nuisance or undermine travelers' confidence, the summary said.
The researchers have given recommendations to both U.S. and Washington authorities, Kohno said.
Full-size U.S. passports, which are booklets instead of cards, aren't affected by these vulnerabilities because their RFID tags have cryptographic protections and the booklets have metallic covers that protect against snooping, the researchers said.
For self-protection, the researchers suggest consumers use the protective sleeves that come with both cards, which can help to prevent clandestine scanning. Travelers can also use the safer full-size U.S. passports instead.