Friday, December 22, 2006

RFID Passport Cloning

Schneier had this one posted, but no discussion.

This type of thing just aggravates me. The choices that governments have made to increase security have been pretty poor, and this one is just appalling in how easy it is to steal the information from a passport and clone it. If the guys in this report are accurate then the end holder of a passport should beware.
So when Lukas Grunwald and Christian Bottger realised they could clone the new ePassport they were pretty sure it would be identical to the original, and undetectable. So how did they do it?

The chip inside the ePassport is a Radio Frequency Identification (RFID) chip of the type poised to replace the barcode in supermarkets.

A new British biometric European Union passport, which is embedded with a microchip
The 'enhanced' security features of ePassports are being questioned

The good thing about RFID chips is that they emit radio signals that can be read at a short distance by an electronic reader.

But this is also the bad thing about them because, as Lukas demonstrated to me, he can easily download the data from his passport using an RFID reader he got for 200 Euros on eBay.

Lukas is less forthcoming about where he got what is called the Golden Reader Tool, it is the software used by border police and it allows him to read the chip on his ePassport, including the photo.

Now for the clever bit. Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip.

Using a standard off-the-shelf component you can just buy at a component store you can have a cloned ePassport in less than five minutes.
The only thing that I balked on in the technical section was that "Golden Reader Tool." Not sure how they got it, and the fact that they could get it should be enough to worry someone.

I wonder if they have to actually have the passport in order to do the cloning. Or do they just need to have an RFID reader. Considering that you can find information on how to make long distance RFID readers online, it strikes me that the potential for information just being sniffed in a parking lot on the way to the terminal is a concern.

There is a defense though. A Faraday Wallet. Fortunately, this defense should be fairly simple, though you'd have thought that the implementer would have thought of a way to provide some form of defense for the passport since the design is so very poor.

No comments: